Correlate dnstap files with MISP

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for arvchristos from gravatar.com arvchristos

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Project description

Correlate dnstap files with MISP threat intelligence.

This tool parses JSON and compressed files created by go-dnscollector.

Installation

pdnssoc-cli can be fetched from the following sources:

PyPi

pip install pdnssoc-cli

Configuration

Configuration can be provided using the --config flag in yaml format:

logging_level: "INFO"

misp_servers:
    - domain: "https://example-misp-instance.com"
      api_key: "API_KEY"
      args:
        date_from: '2023-01-01'

correlation:
    output_dir: ./output_dir/
    malicious_domains_file: ./misp_domains.txt
    malicious_ips_file: ./misp_ips.txt

If no config flag is provided, the default file is /etc/pdnssoc-cli/config.yml.

Usage

Usage: pdnssoc-cli [OPTIONS] COMMAND [ARGS]...

Options:
    -c, --config FILE  Read option defaults from the specified yaml file
                        [default: /etc/pdnssoc-cli/config.yml]
    --help             Show this message and exit.

Commands:
    correlate  Correlate input files and output matches

Use-cases

Correlate go-dnscollector output and produce alerts:

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for arvchristos from gravatar.com arvchristos

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers

Release history Release notifications | RSS feed

0.0.5

0.0.4

0.0.3

This version

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pdnssoc-cli-0.0.2.tar.gz (50.8 kB view details)

Uploaded Source

Built Distribution

pdnssoc_cli-0.0.2-py3-none-any.whl (18.0 kB view details)

Uploaded Python 3

File details

Details for the file pdnssoc-cli-0.0.2.tar.gz.

File metadata

  • Download URL: pdnssoc-cli-0.0.2.tar.gz
  • Upload date:
  • Size: 50.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for pdnssoc-cli-0.0.2.tar.gz
Algorithm Hash digest
SHA256 ca68e3c57f8799c6370eeebedf03d66f8792e84223f7cf07a85b2e8f5ecefd1f
MD5 9471484f838a1903c08a36553d28205e
BLAKE2b-256 3952d81cec0c333bc75fde5283712cfda5bed471dcf3de2fb5d6545d1ad3dd65

See more details on using hashes here.

File details

Details for the file pdnssoc_cli-0.0.2-py3-none-any.whl.

File metadata

  • Download URL: pdnssoc_cli-0.0.2-py3-none-any.whl
  • Upload date:
  • Size: 18.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/4.0.2 CPython/3.11.6

File hashes

Hashes for pdnssoc_cli-0.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 9313c0ae9481a2dd7851d9ed25de2b465f963842b50c035d14101d20271f1fb6
MD5 f2e44160ef070f4355390cdae8d6a4f5
BLAKE2b-256 322c5777e0b161ab24e69e0de5a2bc908ae1fe25657e5b544ed6432e5a282b53

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page