[Bro] Passive DNS IOC hunting script
obdnanr at gmail.com
Sat Feb 18 04:57:33 PST 2017
I've created a script that uses Justin Azoff's bro-pdns-go-rewrite script
to search the passive DNS database for IOC hits from a text file hosted on
a webserver; we're using CRITS. You can cron both scripts, but I can't
figure out how to get it to send one email alert per run of the script, so
don't set it to every 5 minutes. You may need to touch some of the csvs if
it complains they aren't there. You'll need to enter the full path name on
the sortuniqe.sh script also.
I can't find Justin's Github for the go-rewrite, so maybe he can chime in
with those details.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro