oierbanos
commented
1 year ago Quick note: I can confirm that all the invalid IPs are in illuminate.intel
Closed oierbanos closed 1 year ago
oierbanos
commented
1 year ago Quick note: I can confirm that all the invalid IPs are in illuminate.intel
Patrick-Kelley
commented
1 year ago I'm removing illuminate until all issues can be resolved. @oierbanos, thank you for reporting this!
Patrick-Kelley
commented
1 year ago Being entirely transparent, it looks like the system that builds that particular feed OOM'd out and wrecked the CSVs that are used to build it.
I've removed all of the original source files and rebuilt it.
It is passing the linter without issue.
Should you have any more problems with it, let me know. I'll hop on it.
Hi!
I get this error when I try to use the feed:
1569446645.167159 warning: /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps_cobaltstrike_domain.intel/Input::READER_ASCII: Init: cannot open /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps_cobaltstrike_domain.intel 1569446645.167159 warning: /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps_cobaltstrike_ip.intel/Input::READER_ASCII: Init: cannot open /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps_cobaltstrike_ip.intel 1569446645.167159 warning: /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/dom-bl.intel/Input::READER_ASCII: Init: cannot open /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/dom-bl.intel 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and .40) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and .40) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 133.62) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 133.62) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 14.47.34174) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 14.47.34174) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 14.47.343) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 14.47.343) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 150) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 150) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 167.248.185.73.125.94) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 167.248.185.73.125.94) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 174) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 174) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 176.79.2059.196) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 176.79.2059.196) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 179.43.1144.91.83.178) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 179.43.1144.91.83.178) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 193.187.128.7.178.31) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 193.187.128.7.178.31) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 223.13.82..40) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 223.13.82..40) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 62.33.186.20172.245.75.11) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 62.33.186.20172.245.75.11) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 71.2242.227.179.21) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 71.2242.227.179.21) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 488: failed converting string to IP address (to_addr(Intel::item$indicator) and 9.187) 1569446645.167159 error in /usr/local/zeek/share/zeek/base/frameworks/intel/./main.zeek, line 422: failed converting string to IP address (to_addr(Intel::item$indicator) and 9.187)
I found that illuminate.intel has an invalid IP in the first line. Unfortunately, I didn't find the other wrong IPs, they might be all in the same file...
Apart from that, some files don't open...
Thank you!