search

alphasoc / nfr

A lightweight tool to score network traffic and flag anomalies
https://alphasoc.com
Other
122 stars 19 forks source link

Use variables from config when running in read mode #61

Closed chrisforce1 closed 6 years ago

chrisforce1 commented 6 years ago

In read mode, NFR only processes DNS traffic by default, even if this is set in config.yml

  # Use the following section to enable or disable analysis modules
  analyze:
    # Enable (true) or disable (false) DNS event processing
    # Default: true
    dns: true
    # Enable (true) or disable (false) IP event processing
    # Default: true
    ip: true

Please have read mode use the variables from the config file by default, and allow the user to set --type ip or --type dns to force processing of a particular protocol. Thanks!