Bro network security monitor intelligence framework scripts
The file intel-file.bro is used to load the intel data of your choice.
goon-ek-intel.txt - contains intel data related to goon exploit kit. Info retrieved from Snort VRT.
angler-ek-intel.txt - contains intel data related to the angler exploit kit targeting silverlight.
Info retrieved from http://www.malwaresigs.com/category/exploit-kit-signatures/
git clone https://github.com/3vi1john/bro-intel-scripts.git
cd bro-intel-scripts
mv intel-files <prefix>/share/bro/site/
echo "@load intel-files/intel-file" >> local.bro