Graylog OTX every domain is a threat

Hi, i have installed a plugin for graylog otx threat Intel and made an OTX domain threat indicator. Every time there is a field that has a domain name it will check the domain if its a threat. But for some reason every domain…EVEN is a threat. I got the code from the graylog site Integrating Threat Intelligence into Graylog 3+, all i did was change it from src to domain.

So the threat intelligence shows no threat on domain but OTX threat intelligence shows a threat.
So True and False.
Thank you!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.