Skip to content

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

License

Notifications You must be signed in to change notification settings

CERN-CERT/pDNSSOC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub contributors GitHub release (with filter)GitHub Discussions


For CIRTs with deadlines

pDNSSOC

pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.

Basically:

  • A collector runs on the DNS servers
  • A dedicated pDNSSOC instance collects, correlates and generates alerts.

The goal is to identify signs of infection on the clients making the DNS requests.

A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).

Getting started

Acknowledgments

pDNSSOC would not exist without:

License

Distributed under the MIT License. See LICENSE.md for more information.