Threat Plugin output issues

xorloader41 · March 15, 2018, 9:10am

Hi,

I started testing threat plugin and using OTX to get the feeds. But when I checked the output, I am only seeing one field, wherein in pipeline I am processing three fields.

Pipeline rule is here:

rule "OTXTestLookup"
when
    has_field("src_ip")
then
let intel = otx_lookup_ip(to_string($message.src_ip));

set_field("threat_indicated", intel.otx_threat_indicated);
set_field("threat_ids", intel.otx_threat_ids);
set_field("threat_names", intel.otx_threat_names);
end

In which I am able to see “threat_indicated: false or true”. I am not seeing “threat_ids” and threat_names". Is there anything I am missing here. Please let me know. Thanks

system · March 29, 2018, 9:10am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
OTX threat fields empty in v2.4.4 Graylog Central (peer support)	5	615	June 8, 2018
Greylog Threat Intel Plugin Missing fields Graylog Central (peer support)	5	1282	April 2, 2018
OTX Threat Intel pegs Process Buffer Graylog Central (peer support)	2	403	June 3, 2019
Trying to get the Open Threat Exchange - Threat intel plugin working on a Graylog Graylog Central (peer support) pipeline-rules	10	1312	June 25, 2021
Graylog Threat Intel Plugin Results - Stuck in Tail cave Graylog Central (peer support) pipeline-rules	6	1718	June 29, 2020

Threat Plugin output issues

Related topics