Releases: D4-project/analyzer-d4-passivedns
Releases · D4-project/analyzer-d4-passivedns
analyzer-d4-passivedns version 0.5 released as standalone passive DNS server with new COF stream collector
analyzer-d4-passivedns version 0.5 released as standalone passive DNS server with new COF stream collector
Latest
analyzer-d4-passivedns is an analyzer for a D4 network sensor including a complete Passive DNS server. The analyser can process data produced by D4 sensors (in passivedns CSV format (more to come)) or independently from D4 using COF websocket streams.
A new version of analyzer-d4-passivedns has been released which includes:
- Feeding from COF websocket stream (independently of D4 collection). A sample COF stream (newly seen IPv6 addresses and DNS records) is included in the documentation and kindly provided by CIRCL.
- Add new back-end for large Passive DNS server kvrocks instead of redis
v0.2 of the analyzer-d4-passivedns released
Main changes
New
~~~
- [launcher] scripts that launch all components in screens -t. [Jean-
Louis Huynen]
Fix
~~~
- [launcher] Removed hardcoded paths. [airkeyp]
- [launcher] cd in subshell. [Jean-Louis Huynen]
Other
~~~~~
- Merge pull request #7 from axtux/master. [Alexandre Dulaunoy]
Fix IP/domain stripping and database directory
- Create db directory and correct path. [Axtux]
- Only remove extrema dots. [Axtux]
- Merge pull request #3 from trolldbois/master. [Alexandre Dulaunoy]
Use Environmental variables for redis
- Back to INFO. [ljaqueme]
- Let be simple. [ljaqueme]
- Superseed config with ENV if available. [ljaqueme]
- Support env for docker. [ljaqueme]
First version of the D4 passive DNS analyzer
Features of the analyzer-d4-passivedns version 0.1
- A dedicated Passive DNS analyzer for D4 client (passive dns client type 8) to ingest passive DNS records into a Passive DNS COF server
- analyzer can filter out records coming from D4 sensors (such as specific types or records)
- analyzer can set an expiration time for specific DNS record type (to expire common data that should be removed from the Passive DNS after a specific time)
- A Passive DNS server supporting a REST API has been added to allow query and output of the Passive DNS records in COF format.
- A simple PDNS injector to reinject Passive DNS records in COF format (from other Passive DNS server) into the Passive DNS server.