Greylog Threat Intel Plugin Missing fields

Hi folks,

I have enabled threat intel plugin and setup OTX API key.

I have created rule for Global/combined threat feed lookup however, i only see threat_indicate field and no other fields like whois info etc.

Will those fields show up if threat_indicated is true?
Here is my rule
rule “OTX Lookup”
when
has_field(“EventID”) AND (to_string($message.EventID) == “4625”)
then
let src_addr_intel = threat_intel_lookup_ip(to_string($message.IpAddress), “IpAddress”);
set_fields(src_addr_intel);
end

https://github.com/Graylog2/graylog-plugin-threatintel/pull/99

So i replace the threat intel plugin with the latest build. correct?

No, you’ll have to wait for Graylog 2.4.4 or 3.0.0 which will include the fix.

Thanks for clarification.