Threat Plugin output issues


(xorloader41) #1

Hi,

I started testing threat plugin and using OTX to get the feeds. But when I checked the output, I am only seeing one field, wherein in pipeline I am processing three fields.

Pipeline rule is here:

rule "OTXTestLookup"
when
    has_field("src_ip")
then
let intel = otx_lookup_ip(to_string($message.src_ip));

set_field("threat_indicated", intel.otx_threat_indicated);
set_field("threat_ids", intel.otx_threat_ids);
set_field("threat_names", intel.otx_threat_names);
end

In which I am able to see “threat_indicated: false or true”. I am not seeing “threat_ids” and threat_names". Is there anything I am missing here. Please let me know. Thanks


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.