im using dovehawk and it seems, that its working when i use TI service offenders in MISP, so that i see 12k Indicators+
but when i try to create my own ioc, it will just put the ip in the signatures.sig file and is saying "syntax error there".
Question 1: Is signatures.sig just for my own ioc's or also for the automatically created ones?
Question 2: How to fix that syntax problem? i saw your testsignature file in git, do i need to create it manually with that syntax and not from MISP ?
Hello,
im using dovehawk and it seems, that its working when i use TI service offenders in MISP, so that i see 12k Indicators+ but when i try to create my own ioc, it will just put the ip in the signatures.sig file and is saying "syntax error there".
Question 1: Is signatures.sig just for my own ioc's or also for the automatically created ones?
Question 2: How to fix that syntax problem? i saw your testsignature file in git, do i need to create it manually with that syntax and not from MISP ?
Thanks for any soon help!
Best regards