For CIRTs with deadlines
pDNSSOC
pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.
Basically:
- A collector runs on the DNS servers
- A dedicated pDNSSOC instance collects, correlates and generates alerts.
The goal is to identify signs of infection on the clients making the DNS requests.
A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).
Getting started
- :bookmark_tabs: Installation guide
- :beetle: Issue tracker
- :loudspeaker: Community discussions
- :question: Frequently asked questions
- :bar_chart: Presentations
Acknowledgments
pDNSSOC would not exist without:
- Its contributors and the support from their funding agencies
- go-dnscollector
- MISP
License
Distributed under the MIT License. See LICENSE.md for more information.