I’ve spent the last several hours trying to get Critical Stack Intel intel feeds to work with RockNSM. So far here’s what I get:
I get the CSI client installed and working
Connect the CSI using the API key to the collection to pull in the feeds
I use the config variables to point CSI to the Bro root directory, and the include.bro file and it successfully includes the threat intel indicators into the Bro config. However, once I do this, both Bro and Kafka stop functioning and I can’t get them to start back up, and I’m at a loss as to why.