zeek intel feed not work

[salimadnan]

i am Installed Zeek : 4.2.1-0 add intel feed but my zeek intel .log now show i am using ubuntu 20.4 i am install zeek below way: 1 apt update 2 apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python3 python3-dev swig zlib1g-dev 3 echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/security:zeek.list 4 curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null 5 apt install curl 6 curl -fsSL https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/security_zeek.gpg > /dev/null 7 apt update 8 apt install zeek 9 apt-cache policy zeek 10 export PATH=/opt/zeek/bin:$PATH 11 set PATH=/opt/zeek/bin:$PATH 12 zeekctl deploy

my local.zeek

@load policy/tuning/json-logs.zeek # @load Zeek-Intelligence-Feeds @load integration/collective-intel @load frameworks/intel/seen @load frameworks/intel/do_notice

redef Intel::read_files += { "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-ipblocklist.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-malware.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-urlhaus.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-threatfox-ip.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/alienvault.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/Amnesty_NSO_Domains.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/binarydefense.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/compromised-ips.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps_cobaltstrike_domain.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps_cobaltstrike_ip.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps-collected-iocs.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/Cyber_Threat_Coalition_Domain_Blacklist.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/dom-bl.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/filetransferportals.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/illuminate.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/log4j_ip.intel", "/opt/zeek/test.zeek", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/openphish.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/predict_intel.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/rutgers.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/sans.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/stalkerware.intel", "/opt/zeek/share/zeek/site/Zeek-Intelligence-Feeds/tor-exit.intel", };

[Patrick-Kelley]

If you are installing on Ubuntu, why are you pulling packages from OpenSUSE?

[Patrick-Kelley]

No user response after 9 days. Please open a new ticket and I will respond as quickly as possible.