If we can process the Bro dns.log format (by reading the file from the local filesystem) we can deploy NFR onto Bro IDS sensors and Corelight appliances to submit data to our API for scoring. The schema is described here and we just need to pick up the ts, id.orig_h, query, and qtype_name values for each query.
krhubert
commented
6 years ago
If we can process the Bro
dns.logformat (by reading the file from the local filesystem) we can deploy NFR onto Bro IDS sensors and Corelight appliances to submit data to our API for scoring. The schema is described here and we just need to pick up thets,id.orig_h,query, andqtype_namevalues for each query.