Skip to content
/ pDNSSOC Public
forked from CERN-CERT/pDNSSOC

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

License

MIT license
0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

matpanel/pDNSSOC

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
files
files
 
 
timers
timers
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
FAQ.md
FAQ.md
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
pdnssoc.spec
pdnssoc.spec
 
 

Repository files navigation

GitHub contributors GitHub release (with filter)GitHub Discussions


For CIRTs with deadlines

pDNSSOC

pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.

Basically:

  • A collector runs on the DNS servers
  • A dedicated pDNSSOC instance collects, correlates and generates alerts.

The goal is to identify signs of infection on the clients making the DNS requests.

A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).

Getting started

Acknowledgments

pDNSSOC would not exist without:

License

Distributed under the MIT License. See LICENSE.md for more information.

About

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 63.4%
  • Dockerfile 22.7%
  • Shell 13.9%