Skip to content
/ pDNSSOC Public

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

License

MIT license
56 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CERN-CERT/pDNSSOC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

123 Commits
.github/workflows
.github/workflows
 
 
config
config
 
 
docs
docs
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
FAQ.md
FAQ.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 

Repository files navigation

GitHub contributors GitHub release (with filter)GitHub Discussions


For CIRTs with deadlines

pDNSSOC

pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.

Basically:

  • A collector runs on the DNS servers
  • A dedicated pDNSSOC instance collects, correlates and generates alerts.

The goal is to identify signs of infection on the clients making the DNS requests.

A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).

Getting started

Acknowledgments

pDNSSOC would not exist without:

License

Distributed under the MIT License. See LICENSE.md for more information.

About

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

Topics

dns security misp security-tools threat-intelligence dnstap

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

56 stars

Watchers

6 watching

Forks

5 forks
Report repository

Releases 2

v0.0.3 Latest
Oct 15, 2023
+ 1 release

Packages

 
 
 

Contributors 6

Languages