pDNSSOC is a minimalistic toolset allowing DNS data to be centrally collected, and correlated with malicious domains / IPs from a MISP instance.
Basically:
- A collector runs on the DNS servers
- A dedicated pDNSSOC instance collects, correlates and generates alerts.
The goal is to identify signs of infection on the clients making the DNS requests.
A typical use case would be universities deploying a pDNSSOC client on their DNS server, and sending DNS data to a pDNSSOC server operated by a central CSIRT (NREN, campus, etc.).
- 📑 Project documentation
- 🪲 Issue tracker
- 📢 Community discussions
- ❓ Frequently asked questions
- 📊 Presentations
pDNSSOC would not exist without:
Distributed under the MIT License. See LICENSE.md for more information.