File tree Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Expand file tree Collapse file tree 1 file changed +2
-2
lines changed Original file line number Diff line number Diff line change @@ -4630,7 +4630,7 @@ as not usable for IDS.
46304630**`event_separator`
46314631
46324632(optional, string) : If set to a field name from IntelMQ event, the bot will work in parallel on a few
4633- events instead of saving all incomming messages to a one. Each unique value from the field will
4633+ events instead of saving all incoming messages to a one. Each unique value from the field will
46344634use its own MISP Event. This is useful if your feed provides data about multiple entities you would
46354635like to group, for example IPs of C2 servers from different botnets. For a given value, the bot will
46364636use the same MISP Event as long as it's allowed by the `interval_event`.
@@ -4643,7 +4643,7 @@ depends of datetimes saved there). If you use `event_separator`, you may want to
46434643placeholder which will be then replaced with the value of the separator.
46444644
46454645For example, the following configuration can be used to create MISP Feed with IPs of C2 servers
4646- of different botnets, having each botnet in a separated MISP Events with an appropiate description.
4646+ of different botnets, having each botnet in a separated MISP Events with an appropriate description.
46474647Each MISP Event will contain objects with the `source.ip` field only, and the events' info will look
46484648like *C2 Servers for botnet-1. IntelMQ event 2024-07-09T14:51:10.825123 - 2024-07-10T14:51:10.825123*
46494649
You can’t perform that action at this time.
0 commit comments