Bro Intel Framework Signature Generator

Generate a Bro Intelligence Framework signature from an indicator.

Documentation

Triggers

  • UserAction

Variables Declared in the Playbook

The following variables are declared in this playbook:

  • bro.sig: #App:18829:merged.indicator!String #App:18829:merged.bif_type!String ThreatConnect #App:18834:tc.indicator.description!String #Trigger:1887:trg.action.weblink!String
  • bro.sig: #App:18829:merged.indicator!String #App:18829:merged.bif_type!String ThreatConnect No Description #Trigger:1887:trg.action.weblink!String
  • bif_type: Intel::ADDR
  • indicator: #Trigger:1887:trg.action.item!String
  • bif_type: Intel::DOMAIN
  • indicator: #Trigger:1887:trg.action.item!String
  • bif_type: Intel::EMAIL
  • indicator: #Trigger:1887:trg.action.item!String
  • bif_type: Intel::URL
  • bif_type: Intel::SUBNET
  • indicator: #Trigger:1887:trg.action.item!String
  • bif_type: Intel::FILE_HASH
  • indicator: #App:18843:tc.file.sha256!String
  • indicator: #App:18843:tc.file.sha1!String
  • indicator: #App:18843:tc.file.md5!String
  • raw_data: BIF: #App:18829:merged.indicator!String