Hi, i have installed a plugin for graylog otx threat Intel and made an OTX domain threat indicator. Every time there is a field that has a domain name it will check the domain if its a threat. But for some reason every domain…EVEN google.com is a threat. I got the code from the graylog site Integrating Threat Intelligence into Graylog 3+, all i did was change it from src to domain.
So the threat intelligence shows no threat on domain google.com but OTX threat intelligence shows a threat.
So True and False.