Releases: CERN-CERT/pdnssoc-cli
Releases · CERN-CERT/pdnssoc-cli
v0.0.4
This version standardizes all time references to UTC to ensure consistency with go-dnscollector, introduces optional configuration settings for enabling debug mode and SSL verification, and updates the list of project authors. The time normalization prevents mismatches, and the new configuration options enhance flexibility in debugging and SSL handling. The authors' list has been revised to reflect current contributors. All changes have been tested for accuracy and functionality.
v0.0.2
🚨 New Features
-
Different querying periods per MISP tag can be now configured from the main config file:
misp_servers: - domain: "https://MISP_INSTANCE" api_key: "API_KEY" args: enforce_warninglist: True periods: generic: delta: days: 30 # Get only attributes created in the past 30 days tags: - names: - "cert-ist:threat_targeted_sector=\"Academic and Research\"" - "APT" - "tlp:red" delta: False # Get all attributes in MISP - names: - "tlp:amber" delta: days: 60
-
Daemon mode to run sub-commands on defined periods
schedules: fetch_iocs: interval: 10 # minutes correlation: interval: 1 # minutes retro: interval: 5 # minutes alerting: interval: 60 # minutes
-
Email alerts -
alert
subcommandalerting: last_alerting_pointer_file: /alert.last email: from: "alerts@pdnssoc.com" subject: "[pDNSSOC] Suspicious activity alert" # Send aggregated alerts for all clients to a specific address summary_to: "security@pdnssoc.com" server: "smtp_server_address" port: 1025 # example can be found in https://github.com/CERN-CERT/pdnssoc-cli/blob/main/src/resources/alert_email_template.html template: /src/resources/alert_email_template.html mappings: # Use client id to send alerts to different teams client_1: contact: client_1_sec_team@domain.tld client_2: contact: client_2_sec_team@domain.tld
Full Changelog: v0.0.1...v0.0.2