We have this config:
[threatlist://ransomware_ip_blocklist]
delim_regex = :
description = abuse.ch Ransomware Blocklist
disabled = false
**fields = ip:$1,description:Ransomware_ip_blocklist**
type = threatlist
url = https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
Why we wrote there $1? What it's mean? (Yes, it's mean IP, it's regular that will pars all IP?
↧