I love the tool for its effectiveness and simplicity to be implemented. I would really like to take its advantage in our Production Environment. Let me describe you a little on the production setup:
I am trying to place the tool in my Elastic Stack Server, and my DNS logs are being forwarded to the ELK stack using beats. While doing live capture, the traffic should not be sniffed at port 53, but on 5044 port. I have changed that in the python code.
But still no DGA are being detected, when i try looking up for the domains from testing_txt.
Do you know how this tool could work in a similar setup. A response is much appreciated. Thanks
Hi,
I love the tool for its effectiveness and simplicity to be implemented. I would really like to take its advantage in our Production Environment. Let me describe you a little on the production setup: I am trying to place the tool in my Elastic Stack Server, and my DNS logs are being forwarded to the ELK stack using beats. While doing live capture, the traffic should not be sniffed at port 53, but on 5044 port. I have changed that in the python code.
But still no DGA are being detected, when i try looking up for the domains from testing_txt. Do you know how this tool could work in a similar setup. A response is much appreciated. Thanks
Prashant