feeds/bambenek_dga_feed-domain_reputation.feed
provider "bambenek"
name "dga_feed"
fetch_http('http://osint.bambenekconsulting.com/feeds/dga-feed.txt')
event_types [:c2]
filter do |record|
record.data[:domain].start_with?("#")
end
parse_csv(:headers => [:domain, :description, :moreinfo]) do |event_generator, record|
event_generator.call do |event|
event.type = :c2
event.add_fqdn(record.data[:domain]) do |fqdn_event|
end
end
end