For CIRTs with deadlines

pDNSSOC

pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.

Basically:

• A collector runs on the DNS servers
• A dedicated pDNSSOC instance collects, correlates and generates alerts.

The goal is to identify signs of infection on the clients making the DNS requests.

A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).

Getting started

• :bookmark_tabs: Project documentation
• :beetle: Issue tracker
• :loudspeaker: Community discussions
• :question: Frequently asked questions
• :bar_chart: Presentations

Acknowledgments

pDNSSOC would not exist without:

• go-dnscollector
• MISP

License

Distributed under the MIT License. See LICENSE.md for more information.