valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 09:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b693f38157
atomic-threat-coverage/data_needed/DN_0099_Bind_DNS_query.yml
yugoslavskiy 323fb8989e fix mp
2019-10-25 09:05:55 +02:00

27 lines
688 B
YAML
Raw Blame History

title: DN_0099_Bind_DNS_query
description: >
DNS Query from BIND Server
loggingpolicy:
- LP_0047_BIND_DNS_queries
references:
- None
category: DNS Logs
platform: Linux
type: queries log
channel: queries_log
provider: BIND
fields:
- date
- record_type
- client_ip
- src_ip # redundant
- domain_name
- query # redundant
- dns_query # redundant
- destination_ip
- dst_ip # redundant
- parent_domain # actually requires enrichment. todo
- question_length # actually requires enrichment. todo
sample: |
25-Oct-2019 01:22:19.421 queries: info: client 192.168.1.200#51364 (yahoo.com): query: yahoo.com IN TXT + (192.168.1.235)
Reference in New Issue View Git Blame Copy Permalink