pdnssoc 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/{td-agent.conf → td-agent.conf.template} +23 -2
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bad54bf458c8c4f03ff489c471dd139d85809834a7497fe3171b12b54d64ff8a
|
4
|
+
data.tar.gz: 6b289fd1ed6026bb595b6db9d4caa06ab55256285eaa9571f807c3c25b6df260
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ce039adfb59406c2274c6ace3fed372a5da3287bf6de9e400283f25d78a2f1f39f71e1162d27d947327e62595763ef1c8f0dbc80b09ca097b1e4573bef165d44
|
7
|
+
data.tar.gz: c254a4ac9355c03f9bd1c0076d7143e27cba19790fe5a262fe0dd3bcd72628f7801f0105baec1951d451ec65e4bf40f84bcf69488171ac2e4420701d340e696d
|
@@ -72,6 +72,17 @@
|
|
72
72
|
</parse>
|
73
73
|
</source>
|
74
74
|
|
75
|
+
## OpenSearch
|
76
|
+
# Getting logs from pdnssoc to send to OpenSearch
|
77
|
+
# <source>
|
78
|
+
# @type tail
|
79
|
+
# path /var/log/td-agent/alerts.log
|
80
|
+
# tag pdnssoc_alerts
|
81
|
+
# read_from_head true
|
82
|
+
# <parse>
|
83
|
+
# @type json
|
84
|
+
# </parse>
|
85
|
+
# </source>
|
75
86
|
|
76
87
|
## DATA ROUTING
|
77
88
|
# Copying our pdnssocdata into multiple streams
|
@@ -130,7 +141,7 @@
|
|
130
141
|
@type filter_list
|
131
142
|
filter AC
|
132
143
|
key_to_filter query
|
133
|
-
pattern_file_paths ["/etc/
|
144
|
+
pattern_file_paths ["/etc/pdnssoc/misp_domains.txt"]
|
134
145
|
filter_empty true
|
135
146
|
action whitelist
|
136
147
|
</filter>
|
@@ -146,7 +157,7 @@
|
|
146
157
|
@type filter_list
|
147
158
|
filter AC
|
148
159
|
key_to_filter answer
|
149
|
-
pattern_file_paths ["/etc/
|
160
|
+
pattern_file_paths ["/etc/pdnssoc/misp_domains.txt", "/etc/pdnssoc/misp_ips.txt"]
|
150
161
|
filter_empty true
|
151
162
|
action whitelist
|
152
163
|
</filter>
|
@@ -171,3 +182,13 @@
|
|
171
182
|
</buffer>
|
172
183
|
</match>
|
173
184
|
</label>
|
185
|
+
|
186
|
+
# Forward logs to OpenSearch
|
187
|
+
# <match pdnssoc_alerts>
|
188
|
+
# @type opensearch
|
189
|
+
# hosts https://opensearch.domain.org
|
190
|
+
# logstash_format true
|
191
|
+
# logstash_prefix pdnssoc
|
192
|
+
# user %{USER}
|
193
|
+
# password %{PASSWORD}
|
194
|
+
# </match>
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pdnssoc
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Pau Cutrina
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2023-08-
|
13
|
+
date: 2023-08-10 00:00:00.000000000 Z
|
14
14
|
dependencies: []
|
15
15
|
description: pDNS correlation with MISP
|
16
16
|
email:
|
@@ -21,7 +21,7 @@ extra_rdoc_files: []
|
|
21
21
|
files:
|
22
22
|
- config/notification_email.html
|
23
23
|
- config/pdnssoc.conf
|
24
|
-
- config/td-agent.conf
|
24
|
+
- config/td-agent.conf.template
|
25
25
|
- lib/alerts.rb
|
26
26
|
- lib/configalerts.rb
|
27
27
|
- lib/constants.rb
|