TravisFSmith
commented
6 years ago First step would be to verify that Bro is actually logging the files to the intel.log or notice.log files.
Open TheBlindHacker opened 6 years ago
TravisFSmith
commented
6 years ago First step would be to verify that Bro is actually logging the files to the intel.log or notice.log files.
TheBlindHacker
commented
6 years ago looks like it intel.log
Both logs are below, none of the notices are logging.
critical-stack 11:08:36 [DEBUG] Downloading file:
Filename: critical-stack-intel-8-Cyber-Crime-Tracker.bro.dat Checksum: 6d4698c56e9934b1cb2b61045eff77c5
critical-stack 11:08:36 [DEBUG] Downloading file:
Filename: critical-stack-intel-7-Known-Tor-Exit-Nodes.bro.dat Checksum: d006bb56888d575f1e0f33b983fb636f
critical-stack 11:08:36 [DEBUG] Downloading file:
Filename: critical-stack-intel-2-bambenekconsulting.com-C-C-IPs.bro.dat Checksum: 328f39db0af433b7dcf9f73a487f5f61
critical-stack 11:08:36 [INFO] Creating master file: master-public.bro.dat. Please wait. critical-stack 11:08:53 [INFO] Master file created successfully. critical-stack 11:08:53 [INFO] Intel files located at: /opt/critical-stack/frameworks/intel critical-stack 11:08:53 [INFO] API Requests Remaining: 959 of 1000/minute
from notice
cloudstrifeedge
commented
6 years ago critical-stack-intel's server is down(2018-08-10). actually the .dat file will not be downloaded. I posted here:
https://github.com/TravisFSmith/SweetSecurity/issues/48
under "NOTICE"
use oxt Alien Vault instead.
Default install on Ubuntu 16.04.3 Working great for baseliner but I am not getting any bro alerts or any alerts from critical stack when i am sending triggers to the know test sites.
Any suggestions?