search

CriticalPathSecurity / Zeek-Intelligence-Feeds

Zeek-Formatted Threat Intelligence Feeds
MIT License
345 stars 46 forks source link

Typo in main.zeek #4

Closed Cyb3r4rch3r closed 3 years ago

Cyb3r4rch3r commented 3 years ago

Typo causing one script to fail to pull. Missing the s in Zeek-Intelligence-Feeds the last line with vulnerable-exchange-servers.

{"ts":1616326392.484023,"level":"Reporter::WARNING","message":"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feed/vulnerable-exchange-servers.intel/Input::READER_ASCII: Init: cannot open /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feed/vulnerable-exchange-servers.intel","location":""}

zeek@COV-ZEE002:/opt/zeek$ cat /usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/main.zeek
##! Load Intel Framework
@load policy/integration/collective-intel
@load policy/frameworks/intel/seen
@load policy/frameworks/intel/do_notice
redef Intel::read_files += {
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-ipblocklist.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-malware.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/abuse-ch-urlhaus.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/alienvault.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/binarydefense.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/compromised-ips.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/dom-bl.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/filetransferportals.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/illuminate.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/openphish.intel",
#       "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/predict_intel.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/cps-collected-iocs.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/rutgers.intel",
        "/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feeds/tor-exit.intel",
        **"/usr/local/zeek/share/zeek/site/Zeek-Intelligence-Feed/vulnerable-exchange-servers.intel"**
};
Patrick-Kelley commented 3 years ago

Working on it, now!

Patrick-Kelley commented 3 years ago

I removed the Exchange Feed for the moment and update main.zeek. Once I get a more up-to-date manifest of the Exchange Servers, I will get it reinstated.

I'm also building in some additional linting and error-checking into our automation.

Thank you, Sir. The current repo should load with issue.