Visualizations needed for new IoT information generated from honeypot EDL information. Depends on PaloAltoNetworks/safe-networking#27 being completed first.
We need to add to SN the ability to identify IoT C2 activity via DNS that we have learned from our Honeypots.
High level requirements include
creation of EDLs from IoT Domain files generated by honeypot team. First instance of this could be manual but long term could include Minemeld work to keep the EDL updated
identity the EDL event from the FW vs. the Threat events from DNS db or WF as these events will need special processing
Visualizations needed for new IoT information generated from honeypot EDL information. Depends on PaloAltoNetworks/safe-networking#27 being completed first.
Ticket #28: IoT Safe Networking Processing -- Domains
We need to add to SN the ability to identify IoT C2 activity via DNS that we have learned from our Honeypots.
High level requirements include