tor_lookup does not work for IPv6

[juris]

Here's the pipeline rule

rule "Tor Lookup: c_ip"
when
  has_field("c_ip")
then
  let intel = tor_lookup(to_string($message.c_ip));
  set_field("tor_indicated", intel.threat_indicated);
end

If I try to access my resources via Tor Browser with IPv6 exit node, tor_indicated is never "true"

Graylog 4.1.3+9d79c05

[kroepke]

We use https://check.torproject.org/exit-addresses which I believe does not contain any IPv6 exit addresses.
Please note that the tor_lookup is just a thin wrapper around the more generic HTTP lookup, so if you have a list that contains both known IPv4 and IPv6 exit addresses, you can easily configure a generic lookup table to take those into account and then use lookup/lookup_value functions in your pipelines.

I'm leaving this open because I'm not 100% sure there isn't a bulk exit address URL to get this data from instead of the one quoted above.