Skip to content
/ pDNSSOC Public

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

License

MIT license
43 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CERN-CERT/pDNSSOC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
files
files
 
 
timers
timers
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
FAQ.md
FAQ.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
pdnssoc.spec
pdnssoc.spec
 
 

Repository files navigation

GitHub contributors GitHub release (with filter)GitHub Discussions


For CIRTs with deadlines

pDNSSOC

pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.

Basically:

  • A collector runs on the DNS servers
  • A dedicated pDNSSOC instance collects, correlates and generates alerts.

The goal is to identify signs of infection on the clients making the DNS requests.

A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).

Getting started

Acknowledgments

pDNSSOC would not exist without:

License

Distributed under the MIT License. See LICENSE.md for more information.

About

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

Topics

dns security misp security-tools threat-intelligence dnstap

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

43 stars

Watchers

6 watching

Forks

5 forks
Report repository

Releases 2

v0.0.3 Latest
Oct 15, 2023
+ 1 release

Packages 1

 

Contributors 5

Languages