Threat Plugin output issues

xorloader41 · March 15, 2018, 9:10am

Hi,

I started testing threat plugin and using OTX to get the feeds. But when I checked the output, I am only seeing one field, wherein in pipeline I am processing three fields.

Pipeline rule is here:

rule "OTXTestLookup"
when
    has_field("src_ip")
then
let intel = otx_lookup_ip(to_string($message.src_ip));

set_field("threat_indicated", intel.otx_threat_indicated);
set_field("threat_ids", intel.otx_threat_ids);
set_field("threat_names", intel.otx_threat_names);
end

In which I am able to see “threat_indicated: false or true”. I am not seeing “threat_ids” and threat_names". Is there anything I am missing here. Please let me know. Thanks

system · March 29, 2018, 9:10am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
OTX threat fields empty in v2.4.4 Graylog Central (peer support)	5	547	June 8, 2018
Trying to get the Open Threat Exchange - Threat intel plugin working on a Graylog Graylog Central (peer support) pipeline-rules	10	1216	June 25, 2021
Threat Intelligence Plugin Help Graylog Central (peer support) pipeline-rules	2	756	May 27, 2021
Not able to understand Threat Intelligence plugin Graylog Central (peer support) pipeline-rules	4	2249	May 16, 2018
AlienVault OTX Pipeline Rules Graylog Central (peer support)	4	649	January 20, 2023

Threat Plugin output issues

Related Topics