Skip to content
This repository has been archived by the owner on Sep 11, 2020. It is now read-only.

mixmodeai/bro_intel_linter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
tests
tests
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
intel_linter.py
intel_linter.py
 
 

Repository files navigation

Zeek (Bro) Intel Feed Linter

The nsm_intel_linter was built to verify all the appropriate header delineation and mandatory field verification, tab separation, correlation of indicator and indicator_type.

Currently supports Zeek (Bro) intelligence feeds.

Usage

intel_linter.py -f <file.intel>

Example

Example File

Test File:

#fields	indicator	indicator_type	meta.source	meta.desc	meta.url	meta.do_notice	meta.if_in	meta.whitelist	meta.severity
192.168.1.1	Intel::ADDR	my imagination	ADDR	-	F	-	-	6
192.168.1.2	Intel::ADDR	my imagination	ADDR	-	F	-	-	6
192.168.1.300	Intel::ADDR	my imagination	ADDR	-	F	-	-	6

Result:

WARNING: Line 4 - Indicator type "Intel::ADDR" does not correlate with indicator: "192.168.1.300"

A clean execution means the intelligence file supplied passed all lint testing.

About

Bro Intel Feed Linter

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

26 stars

Watchers

11 watching

Forks

8 forks
Report repository

Releases 1

v1.0 Latest
Sep 1, 2015

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages