otx_lookup_domain validation #4489
Closed
Comments
@mudrunkar Thank you for the report. A fix for this will be in the upcoming 2.4.1 release. |
joschi
added a commit
to Graylog2/graylog-plugin-threatintel
that referenced
this issue
Jan 18, 2018
joschi
pushed a commit
to Graylog2/graylog-plugin-threatintel
that referenced
this issue
Jan 18, 2018
Fixes Graylog2/graylog2-server#4489 (cherry picked from commit 644a98c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
otx_lookup_domain pipeline function seems to expect an IP address, although the function is supposed to use domain name as argument.
Expected Behavior
I wouldn't expect error message
in case of otx_lookup_domain function. I feed the pipeline function with top level and second level domain string, for instance "googleapis.com", "firefox.com", "facebook.com etc".
Current Behavior
otx_lookup_domain function doesn't work as expected and results in the following error message in the log:
2018-01-17 15:46:24,327 WARN : org.graylog.plugins.threatintel.adapters.otx.OTXDataAdapter - Unable to auto-detect IP address type for key <google-analytics.com>
Possible Solution
Steps to Reproduce (for bugs)
I use the following pipeline function to query AlienVault's otx and to set the field in the log:
Context
Your Environment
The text was updated successfully, but these errors were encountered: