File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change @@ -4644,7 +4644,7 @@ as not usable for IDS.
46444644**`event_separator`
46454645
46464646(optional, string) : If set to a field name from IntelMQ event, the bot will work in parallel on a few
4647- events instead of saving all incomming messages to a one. Each unique value from the field will
4647+ events instead of saving all incoming messages to a one. Each unique value from the field will
46484648use its own MISP Event. This is useful if your feed provides data about multiple entities you would
46494649like to group, for example IPs of C2 servers from different botnets. For a given value, the bot will
46504650use the same MISP Event as long as it's allowed by the `interval_event`.
@@ -4657,7 +4657,7 @@ depends of datetimes saved there). If you use `event_separator`, you may want to
46574657placeholder which will be then replaced with the value of the separator.
46584658
46594659For example, the following configuration can be used to create MISP Feed with IPs of C2 servers
4660- of different botnets, having each botnet in a separated MISP Events with an appropiate description.
4660+ of different botnets, having each botnet in a separated MISP Events with an appropriate description.
46614661Each MISP Event will contain objects with the `source.ip` field only, and the events' info will look
46624662like *C2 Servers for botnet-1. IntelMQ event 2024-07-09T14:51:10.825123 - 2024-07-10T14:51:10.825123*
46634663
You can’t perform that action at this time.
0 commit comments