wesyoung
commented
8 years ago lol, you mean you actually wanted it written out as text?
6 is TCP, 1 is ICMP, 17 is UDP, http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
but prob should write that back out in the client, i forget why we normalized it down to protocol, but you're right, should be more "user friendly".
Hello i have CSV file and try to parse it. IP, portlist parsed fine but protocol is not parsed as tcp, udp, icmp. after parse process protocol vaules are seen as digits 1,6,17 etc.
How can i correct this problem?
My CSV file seems like
186.45.72.152,0,icmp 141.8.143.50,443,tcp 188.138.9.51,5672,tcp 113.138.152.80,0,icmp
and my yml file is as follows:
parser: csv defaults: provider: TEST altid_tlp: amber tlp: amber confidence: 75 values:
then i enter command to add csv file
sudo su - cif -c "/opt/cif/bin/cif-smrt --testmode -c -d -r /etc/cif/rules/default/test.yml"
everthing is fine except protocol output.
cif --provider=test --fields observable,portlist,protocol
212.156.221.220|38940 |17
141.8.143.50 | 443 | 6
193.68.190.197 | 0 | 1
186.45.72.152 | 0 | 1
188.138.9.51 | 5672 | 6