Empty feeds

Showing 1-2 of 2 messages
Empty feeds Benny K 9/14/12 12:16 AM
Hi guys,

my CIF has been running for a few weeks now and I thought it was about time to put it to active work by pulling out some feeds and using them. I initially tested the setup by using cif -q 1.1.1.1 (with a known malware IP) and things seemed fine. But pulling the feeds shows nothing!

cif@V0011:~$ cif -q infrastructure/network -c 85
cif@V0011:~$ cif -q infrastructure -c 85
cif@V0011:~$ cif -q malware -c 85
cif@V0011:~$ cif -q domain -c 85

Here is an excerpt from my feeds.log

(first rules)
[role_everyone_feed] infrastructure medium severity 95% confidence private feed: 6712374 created -- 31290059-3836-561b-b6a0-3525b56a8a32
removing feed: 8067 -- a141c144-e909-5996-b373-0141f93e07d0
[role_everyone_feed] network infrastructure medium severity 95% confidence private feed: 6712376 created -- 3e441287-4e98-5b11-87e1-e6543bede15d
removing feed: 8068 -- 09c8d975-b944-5fff-8ee4-929f6b8431ec
[role_everyone_feed] malware infrastructure medium severity 95% confidence private feed: 6712384 created -- 3e8ed834-31db-5980-8bdb-43ab15369ef0
removing feed: 8069 -- 26551fd0-b5d8-5445-b86e-f6693c6b613e
[role_everyone_feed] spam infrastructure medium severity 95% confidence private feed: 6712385 created -- 54893865-9cd1-50a7-83a9-34dd6aff776e
removing feed: 8070 -- 27e85003-e9a0-5b51-b1b7-553ae94615f4
[role_everyone_feed] infrastructure medium severity 85% confidence private feed: 6712468 created -- 7e4c95a4-e588-54bd-90a8-1c2a13f1c940
removing feed: 8071 -- 29009023-6adb-5013-b30c-d2f62f17cc62
[role_everyone_feed] network infrastructure medium severity 85% confidence private feed: 6712476 created -- 84f9f8cb-b677-5ff2-8854-6a478ed086b5
removing feed: 8072 -- abc9ba0d-ad22-56b0-8a5e-f38190995031
[role_everyone_feed] malware infrastructure medium severity 85% confidence private feed: 6712480 created -- f4c7a742-221d-5bcf-81b8-3b1208c7e650
removing feed: 8073 -- ec2c1e4a-db8a-520c-ba8b-0b21102a729c
[role_everyone_feed] spam infrastructure medium severity 85% confidence private feed: 6712485 created -- 7855f68f-5a29-57a5-ab1d-9e65f8c73ebd
removing feed: 8074 -- 5f761ae9-5f63-52d1-8b0d-bb1aa2045f80
[role_everyone_feed] scan infrastructure medium severity 85% confidence private feed: 6712487 created -- 8ade2f4a-4775-5b7a-a91a-25f433dd0030
removing feed: 8075 -- 8fd0ae5f-6391-5e81-82ac-bedfe3e7f8e4

.......
......
(last rules)
[role_everyone_feed] infrastructure medium severity 95% confidence private feed: 6712374 created -- 31290059-3836-561b-b6a0-3525b56a8a32
removing feed: 8067 -- a141c144-e909-5996-b373-0141f93e07d0
[role_everyone_feed] network infrastructure medium severity 95% confidence private feed: 6712376 created -- 3e441287-4e98-5b11-87e1-e6543bede15d
removing feed: 8068 -- 09c8d975-b944-5fff-8ee4-929f6b8431ec
[role_everyone_feed] malware infrastructure medium severity 95% confidence private feed: 6712384 created -- 3e8ed834-31db-5980-8bdb-43ab15369ef0
removing feed: 8069 -- 26551fd0-b5d8-5445-b86e-f6693c6b613e
[role_everyone_feed] spam infrastructure medium severity 95% confidence private feed: 6712385 created -- 54893865-9cd1-50a7-83a9-34dd6aff776e
removing feed: 8070 -- 27e85003-e9a0-5b51-b1b7-553ae94615f4
[role_everyone_feed] infrastructure medium severity 85% confidence private feed: 6712468 created -- 7e4c95a4-e588-54bd-90a8-1c2a13f1c940
removing feed: 8071 -- 29009023-6adb-5013-b30c-d2f62f17cc62
[role_everyone_feed] network infrastructure medium severity 85% confidence private feed: 6712476 created -- 84f9f8cb-b677-5ff2-8854-6a478ed086b5
removing feed: 8072 -- abc9ba0d-ad22-56b0-8a5e-f38190995031
[role_everyone_feed] malware infrastructure medium severity 85% confidence private feed: 6712480 created -- f4c7a742-221d-5bcf-81b8-3b1208c7e650
removing feed: 8073 -- ec2c1e4a-db8a-520c-ba8b-0b21102a729c
[role_everyone_feed] spam infrastructure medium severity 85% confidence private feed: 6712485 created -- 7855f68f-5a29-57a5-ab1d-9e65f8c73ebd
removing feed: 8074 -- 5f761ae9-5f63-52d1-8b0d-bb1aa2045f80
[role_everyone_feed] scan infrastructure medium severity 85% confidence private feed: 6712487 created -- 8ade2f4a-4775-5b7a-a91a-25f433dd0030
removing feed: 8075 -- 8fd0ae5f-6391-5e81-82ac-bedfe3e7f8e4
.

What can be the cause?
Re: [ci-framework] Empty feeds Gabriel Iovino 9/14/12 4:26 AM
On Fri, Sep 14, 2012 at 3:16 AM, Benny K <maili...@security4all.be> wrote:
> Hi guys,

> What can be the cause?

Missing the severity flag? See a few examples here:

http://code.google.com/p/collective-intelligence-framework/wiki/Feeds_v0

Gabe