Graylog OTX every domain is a threat

MartinCo · October 16, 2019, 6:51am

Hi, i have installed a plugin for graylog otx threat Intel and made an OTX domain threat indicator. Every time there is a field that has a domain name it will check the domain if its a threat. But for some reason every domain…EVEN google.com is a threat. I got the code from the graylog site Integrating Threat Intelligence into Graylog 3+, all i did was change it from src to domain.

So the threat intelligence shows no threat on domain google.com but OTX threat intelligence shows a threat.
So True and False.
Thank you!

system · October 30, 2019, 6:51am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Greylog Threat Intel Plugin Missing fields Graylog Central (peer support)	5	1291	April 2, 2018
OTX domain lookup requested but OTX is not enabled in configuration. Please enable it first Graylog Central (peer support)	3	1411	June 26, 2017
Graylog Threat Intel Plugin Results - Stuck in Tail cave Graylog Central (peer support) pipeline-rules	6	1736	June 29, 2020
Setting up Threat Intelligence To Use OTX in 2.4.x Graylog Add-ons	5	3811	January 25, 2018
Alternatives to Graylogs Threat Intel Plugin Graylog Add-ons	1	74	September 6, 2024

Graylog OTX every domain is a threat

Related topics