Intel Framework Question

Damon_Rouse · January 13, 2015, 9:34pm

I’ve just started playing with the intel framework and have a question for everyone. How are people automating the conversion of their intel data (threat feeds, etc.) into the format the BRO intel files require.

Are their any solutions out there to automate this?

Thanks
Damon

anthony_kasza1 · January 13, 2015, 9:59pm

Python is nice. I think Jon Schipp has a script or two that assists in converting indicators too.

-AK

Jon_Schipp · January 13, 2015, 10:19pm

$ wget https://raw.githubusercontent.com/jonschipp/mal-dnssearch/master/tools/mal-dns2bro.sh

Jon_Schipp · January 13, 2015, 10:22pm

Also, CIF has an Bro output plugin. The following article on the Bro
Blog covers using both of the aforementioned tools
http://blog.bro.org/2014/01/intelligence-data-and-bro_4980.html

Topic		Replies	Views
Intel Framework Usage Zeek	2	57	May 6, 2022
Converting my own feeds to bro intel Zeek	3	73	May 6, 2022
Bro Intel framework - filter out Zeek	7	116	May 6, 2022
question about emailing hits from the intel framework Zeek	1	43	May 6, 2022
threat intel questions Zeek	5	77	May 6, 2022

Intel Framework Question

Related Topics