[Bro] Passive DNS IOC hunting script
Obndnar smith
obdnanr at gmail.com
Sat Feb 18 04:57:33 PST 2017
I've created a script that uses Justin Azoff's bro-pdns-go-rewrite script
to search the passive DNS database for IOC hits from a text file hosted on
a webserver; we're using CRITS. You can cron both scripts, but I can't
figure out how to get it to send one email alert per run of the script, so
don't set it to every 5 minutes. You may need to touch some of the csvs if
it complains they aren't there. You'll need to enter the full path name on
the sortuniqe.sh script also.
I can't find Justin's Github for the go-rewrite, so maybe he can chime in
with those details.
https://github.com/obdnanr/bro-pdns-ioc-search-alert
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170218/e3d9e8f9/attachment.html
More information about the Bro
mailing list