Skip to content

Releases: CERN-CERT/pdnssoc-cli

v0.0.4

28 May 14:06
@4quarks 4quarks
v0.0.4
5625379
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.4 Latest
Latest

This version standardizes all time references to UTC to ensure consistency with go-dnscollector, introduces optional configuration settings for enabling debug mode and SSL verification, and updates the list of project authors. The time normalization prevents mismatches, and the new configuration options enhance flexibility in debugging and SSL handling. The authors' list has been revised to reflect current contributors. All changes have been tested for accuracy and functionality.

Assets 2

v0.0.2

13 Oct 20:13
@arvchristos arvchristos
v0.0.2
170e9ff
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.2

🚨 New Features

  • Different querying periods per MISP tag can be now configured from the main config file:

    misp_servers:
- domain: "https://MISP_INSTANCE"
  api_key: "API_KEY"
  args:
    enforce_warninglist: True
  periods:
    generic:
      delta:
        days: 30 # Get only attributes created in the past 30 days
    tags:
    - names:
        - "cert-ist:threat_targeted_sector=\"Academic and Research\""
        - "APT"
        - "tlp:red"
      delta: False # Get all attributes in MISP
    - names:
        - "tlp:amber"
      delta: 
        days: 60

  • Daemon mode to run sub-commands on defined periods

    schedules:
  fetch_iocs:
    interval: 10 # minutes
  correlation:
    interval: 1 # minutes
  retro:
    interval: 5 # minutes
  alerting:
    interval: 60 # minutes

  • Email alerts - alert subcommand

    alerting:
  last_alerting_pointer_file: /alert.last
  email:
    from: "alerts@pdnssoc.com"
    subject: "[pDNSSOC] Suspicious activity alert"
    # Send aggregated alerts for all clients to a specific address
    summary_to: "security@pdnssoc.com"
    server: "smtp_server_address"
    port: 1025
    # example can be found in https://github.com/CERN-CERT/pdnssoc-cli/blob/main/src/resources/alert_email_template.html
    template: /src/resources/alert_email_template.html         
    mappings:
    # Use client id to send alerts to different teams
      client_1: 
        contact: client_1_sec_team@domain.tld
      client_2:
        contact: client_2_sec_team@domain.tld

Full Changelog: v0.0.1...v0.0.2

Assets 2