Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/CERN-CERT/pDNSSOC

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.
https://github.com/CERN-CERT/pDNSSOC

dns dnstap misp security security-tools threat-intelligence

Last synced: 9 months ago
JSON representation

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

Awesome Lists containing this project

README 

          
GitHub contributors GitHub release (with filter)GitHub Discussions









  

  
For CIRTs with deadlines






# pDNSSOC



pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.



Basically:

- A collector runs on the DNS servers

- A dedicated pDNSSOC instance collects, correlates and generates alerts.



The goal is to identify signs of infection on the clients making the DNS requests.



A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).



## Getting started

* [:bookmark_tabs: Installation guide](../../wiki)

* [:beetle: Issue tracker](../../issues)

* [:loudspeaker: Community discussions](../../discussions)

* [:question: Frequently asked questions](./FAQ.md)

* [:bar_chart: Presentations](./docs/presentations.md)



## Acknowledgments

pDNSSOC would not exist without:

* Its contributors and the support from their funding agencies

* [go-dnscollector](https://github.com/dmachard/go-dnscollector)

* [MISP](https://github.com/MISP/MISP/)



## License

Distributed under the MIT License. See [LICENSE.md](./LICENSE.md) for more information.