I’m running Graylog 2.40 (which should come with the threat intel plugin) and I have confirmed that the graylog-plugin-threatintel-2.4.3.jar exists in my plugins folder.
I tried testing it by going to a known malware URL (from https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt ), which is www.maniffatoretraiteur.com , but in the logs I get:
DestinationHostname_threat_indicated
DestinationIp
What am I doing wrong?
jan
March 26, 2018, 7:48am
2
What Version of Graylog did you run with what version of the Threat Intel Plugin?
Both need to be compatible. In addition your Graylog need to be able to connect to the outside world to make the lookups - did you checked that?
What did you see in your Graylog server.log?
system
April 9, 2018, 7:48am
3
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
