Testing Theat Intel plugin not working


#1

I’m running Graylog 2.40 (which should come with the threat intel plugin) and I have confirmed that the graylog-plugin-threatintel-2.4.3.jar exists in my plugins folder.

I tried testing it by going to a known malware URL (from https://ransomwaretracker.abuse.ch/downloads/TC_C2_DOMBL.txt), which is www.maniffatoretraiteur.com, but in the logs I get:

DestinationHostname_threat_indicated
false

DestinationIp
212.129.14.111

What am I doing wrong?


(Jan Doberstein) #2

What Version of Graylog did you run with what version of the Threat Intel Plugin?

Both need to be compatible. In addition your Graylog need to be able to connect to the outside world to make the lookups - did you checked that?

What did you see in your Graylog server.log?


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.