Similar to https://github.com/alphasoc/nfr/issues/48, we need to support local pickup and processing of DNS events from Suricata eve.json. The schema is described here and we should look for "type": "query" events and then pull timestamp, source (IP), rrname, and rrtype values to send to the API for scoring.
Similar to https://github.com/alphasoc/nfr/issues/48, we need to support local pickup and processing of DNS events from Suricata
eve.json. The schema is described here and we should look for"type": "query"events and then pulltimestamp,source(IP),rrname, andrrtypevalues to send to the API for scoring.