ocsf-schema Add query tld, parent domain, and subdomain to the dns

Add query tld, parent domain, and subdomain to the dns_activity class

Open hal308 opened this issue 1 year ago • 1 comments

We would like to add the fields tld, parent domain, and subdomain to the dns query object so we can use those fields to differentiate between different parts of the domain. This is useful when looking for tunneling activity.

query.tld query.parent query.subdomain

May 23 '24 23:05 hal308

ocsf-schema ocsf-schema copied to clipboard

Add query tld, parent domain, and subdomain to the dns_activity class

ocsf-schema
ocsf-schema copied to clipboard