pdnssoc 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/{td-agent.conf → td-agent.conf.template} +23 -2
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bad54bf458c8c4f03ff489c471dd139d85809834a7497fe3171b12b54d64ff8a
|
|
4
|
+
data.tar.gz: 6b289fd1ed6026bb595b6db9d4caa06ab55256285eaa9571f807c3c25b6df260
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ce039adfb59406c2274c6ace3fed372a5da3287bf6de9e400283f25d78a2f1f39f71e1162d27d947327e62595763ef1c8f0dbc80b09ca097b1e4573bef165d44
|
|
7
|
+
data.tar.gz: c254a4ac9355c03f9bd1c0076d7143e27cba19790fe5a262fe0dd3bcd72628f7801f0105baec1951d451ec65e4bf40f84bcf69488171ac2e4420701d340e696d
|
|
@@ -72,6 +72,17 @@
|
|
|
72
72
|
</parse>
|
|
73
73
|
</source>
|
|
74
74
|
|
|
75
|
+
## OpenSearch
|
|
76
|
+
# Getting logs from pdnssoc to send to OpenSearch
|
|
77
|
+
# <source>
|
|
78
|
+
# @type tail
|
|
79
|
+
# path /var/log/td-agent/alerts.log
|
|
80
|
+
# tag pdnssoc_alerts
|
|
81
|
+
# read_from_head true
|
|
82
|
+
# <parse>
|
|
83
|
+
# @type json
|
|
84
|
+
# </parse>
|
|
85
|
+
# </source>
|
|
75
86
|
|
|
76
87
|
## DATA ROUTING
|
|
77
88
|
# Copying our pdnssocdata into multiple streams
|
|
@@ -130,7 +141,7 @@
|
|
|
130
141
|
@type filter_list
|
|
131
142
|
filter AC
|
|
132
143
|
key_to_filter query
|
|
133
|
-
pattern_file_paths ["/etc/
|
|
144
|
+
pattern_file_paths ["/etc/pdnssoc/misp_domains.txt"]
|
|
134
145
|
filter_empty true
|
|
135
146
|
action whitelist
|
|
136
147
|
</filter>
|
|
@@ -146,7 +157,7 @@
|
|
|
146
157
|
@type filter_list
|
|
147
158
|
filter AC
|
|
148
159
|
key_to_filter answer
|
|
149
|
-
pattern_file_paths ["/etc/
|
|
160
|
+
pattern_file_paths ["/etc/pdnssoc/misp_domains.txt", "/etc/pdnssoc/misp_ips.txt"]
|
|
150
161
|
filter_empty true
|
|
151
162
|
action whitelist
|
|
152
163
|
</filter>
|
|
@@ -171,3 +182,13 @@
|
|
|
171
182
|
</buffer>
|
|
172
183
|
</match>
|
|
173
184
|
</label>
|
|
185
|
+
|
|
186
|
+
# Forward logs to OpenSearch
|
|
187
|
+
# <match pdnssoc_alerts>
|
|
188
|
+
# @type opensearch
|
|
189
|
+
# hosts https://opensearch.domain.org
|
|
190
|
+
# logstash_format true
|
|
191
|
+
# logstash_prefix pdnssoc
|
|
192
|
+
# user %{USER}
|
|
193
|
+
# password %{PASSWORD}
|
|
194
|
+
# </match>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pdnssoc
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Pau Cutrina
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2023-08-
|
|
13
|
+
date: 2023-08-10 00:00:00.000000000 Z
|
|
14
14
|
dependencies: []
|
|
15
15
|
description: pDNS correlation with MISP
|
|
16
16
|
email:
|
|
@@ -21,7 +21,7 @@ extra_rdoc_files: []
|
|
|
21
21
|
files:
|
|
22
22
|
- config/notification_email.html
|
|
23
23
|
- config/pdnssoc.conf
|
|
24
|
-
- config/td-agent.conf
|
|
24
|
+
- config/td-agent.conf.template
|
|
25
25
|
- lib/alerts.rb
|
|
26
26
|
- lib/configalerts.rb
|
|
27
27
|
- lib/constants.rb
|