Just added a new OutputHandler to allow output into the Bro Intel Framework format, as I have been making use of this to scrape APTNotes straight into Bro "signatures" and have found it pretty useful (with some aggressive whitelisting!).
Have tested this commit on the last 2 years worth of APTNotes PDF reports without issue. Debatable whether or not to add the Bro Intel file header, or to require the end-user to do so, as adding it using "print_header" would produce an invalid Intel file when parsing more than 1 input, due to recurring headers.
Just added a new OutputHandler to allow output into the Bro Intel Framework format, as I have been making use of this to scrape APTNotes straight into Bro "signatures" and have found it pretty useful (with some aggressive whitelisting!).
Have tested this commit on the last 2 years worth of APTNotes PDF reports without issue. Debatable whether or not to add the Bro Intel file header, or to require the end-user to do so, as adding it using "print_header" would produce an invalid Intel file when parsing more than 1 input, due to recurring headers.