Open TheBlindHacker opened 6 years ago
First step would be to verify that Bro is actually logging the files to the intel.log or notice.log files.
looks like it intel.log
Both logs are below, none of the notices are logging.
critical-stack 11:08:36 [DEBUG] Downloading file:
Filename: critical-stack-intel-8-Cyber-Crime-Tracker.bro.dat Checksum: 6d4698c56e9934b1cb2b61045eff77c5
critical-stack 11:08:36 [DEBUG] Downloading file:
Filename: critical-stack-intel-7-Known-Tor-Exit-Nodes.bro.dat Checksum: d006bb56888d575f1e0f33b983fb636f
critical-stack 11:08:36 [DEBUG] Downloading file:
Filename: critical-stack-intel-2-bambenekconsulting.com-C-C-IPs.bro.dat Checksum: 328f39db0af433b7dcf9f73a487f5f61
critical-stack 11:08:36 [INFO] Creating master file: master-public.bro.dat. Please wait. critical-stack 11:08:53 [INFO] Master file created successfully. critical-stack 11:08:53 [INFO] Intel files located at: /opt/critical-stack/frameworks/intel critical-stack 11:08:53 [INFO] API Requests Remaining: 959 of 1000/minute
from notice
critical-stack-intel's server is down(2018-08-10). actually the .dat file will not be downloaded. I posted here:
https://github.com/TravisFSmith/SweetSecurity/issues/48
under "NOTICE"
use oxt Alien Vault instead.
Default install on Ubuntu 16.04.3 Working great for baseliner but I am not getting any bro alerts or any alerts from critical stack when i am sending triggers to the know test sites.
Any suggestions?