Bro and Critical Stack Intel

I’ve spent the last several hours trying to get Critical Stack Intel intel feeds to work with RockNSM. So far here’s what I get:

I get the CSI client installed and working

Connect the CSI using the API key to the collection to pull in the feeds

I use the config variables to point CSI to the Bro root directory, and the include.bro file and it successfully includes the threat intel indicators into the Bro config. However, once I do this, both Bro and Kafka stop functioning and I can’t get them to start back up, and I’m at a loss as to why.

Which Rock release? I’ll try to duplicate it.

I downloaded and deployed RockNSM 2.4.2-1905