This module colects DNS requested names and multiple answers across an entire Cluster or Standalone Zeek instance. The requestor is not tracked and SUMSTATS is used to aggregate multiple requests over a specified time period anonymizing the requests.
Local hostnames are stripped to further anonymize the data for external sharing.
Zeek > 3.0
Curl command line version used by ActiveHTTP
See dovehawk_lambda for an AWS Lambda serverless function to store reporting in RDS Aurora.
Tyler McLellan @tylabs