Hello,

im using dovehawk and it seems, that its working when i use TI service offenders in MISP, so that i see 12k Indicators+
but when i try to create my own ioc, it will just put the ip in the signatures.sig file and is saying "syntax error there".

Question 1: Is signatures.sig just for my own ioc's or also for the automatically created ones?

Question 2: How to fix that syntax problem? i saw your testsignature file in git, do i need to create it manually with that syntax and not from MISP ?

Thanks for any soon help!

Best regards