Correlate dnstap files with MISP

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for arvchristos from gravatar.com arvchristos

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

Correlate dnstap files with MISP threat intelligence.

This tool parses JSON and compressed files created by go-dnscollector.

Installation

pdnssoc-cli can be fetched from the following sources:

PyPi

pip install pdnssoc-cli

Configuration

Configuration can be provided using the --config flag in yaml format:

logging_level: "INFO"

misp_servers:
    - domain: "https://example-misp-instance.com"
        api_key: "API_KEY"

correlation:
    output_dir: ./output_dir/
    malicious_domains_file: ./misp_domains.txt
    malicious_ips_file: ./misp_ips.txt

If no config flag is provided, the default file is /etc/pdnssoc-cli/config.yml.

Usage

Usage: pdnssoc-cli [OPTIONS] COMMAND [ARGS]...

Options:
    -c, --config FILE  Read option defaults from the specified yaml file
                        [default: /etc/pdnssoc-cli/config.yml]
    --help             Show this message and exit.

Commands:
    correlate  Correlate input files and output matches

Use-cases

Correlate go-dnscollector output and produce alerts:

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for arvchristos from gravatar.com arvchristos

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.0.5

0.0.4

0.0.3

0.0.2

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pdnssoc-cli-0.0.1.tar.gz (28.8 kB view details)

Uploaded Source

Built Distribution

pdnssoc_cli-0.0.1-py3-none-any.whl (9.0 kB view details)

Uploaded Python 3

File details

Details for the file pdnssoc-cli-0.0.1.tar.gz.

File metadata

  • Download URL: pdnssoc-cli-0.0.1.tar.gz
  • Upload date:
  • Size: 28.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.5

File hashes

Hashes for pdnssoc-cli-0.0.1.tar.gz
Algorithm Hash digest
SHA256 8e8b012aff91634b6ee0f7e3d6e2be2e96bf9bf3a3f82e449586d5131cbc2b60
MD5 a9c4434de775005dd6e19e519dcf54d2
BLAKE2b-256 864c7cfccaf0577b1f08d916189170c86469f53e173cc4f5027006faa1dc1f28

See more details on using hashes here.

File details

Details for the file pdnssoc_cli-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: pdnssoc_cli-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 9.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.5

File hashes

Hashes for pdnssoc_cli-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 acbdc3ae67ebf589474a23b6df785ca8a48739525a98af92ec0510bf554543c3
MD5 28c17acd95e4ea5f9a9d98936ab2bb3e
BLAKE2b-256 d467b07498600896c77adfa627124f892fdf8ca8b690e9d7f3369d623c43c4d2

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page