Add opensearch output support on pDNSSOC

CERN-CERT / pDNSSOC

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

MIT License

49 stars 5 forks source link

Add opensearch output support on pDNSSOC #8

Closed guillaume-philippon closed 1 year ago

guillaume-philippon commented 1 year ago

Hi,

I begun to look at pDNSSOC and I would like to push alert directly to OpenSearch instance. I done a PoC of how it can be done.

This is a very quick test not finished (and my first time in ruby world), it currently miss

possibility to disable opensearch alert
possibility to disable email alert

Regards,

arvchristos commented 1 year ago

Welcome!

We have already implemented but never thoroughly tested OpenSearch compatibility. I will keep this MR open to track progress till we end up merging your contribution.

Huge thanks for your contribution so far!

guillaume-philippon commented 1 year ago

Hi,

It's useless to have multiple way to put data on opensearch. I close this PR