Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace

ProtectiveDNS

Avatar Manjul Bhattarai
May 08, 2024 05:37
Follow

Release Details

Fields

Details

Name

Protective DNS

Version

5.0.0

Supported On

LogPoint v6.7.4 and later

Release Date

2021-05-31
Document Date 2021-05-31
Download ProtectiveDNS_5.0.0.pak
SHA256 6e027295760c4fa965be5050f608d61e04f58ab77ad22681a3877d18ad4fd0c4

 

Package Detail

The application consists of the following components:

  1. Compiled Normalizer
    • ProtectiveDNSCompiledNormalizer
  2. Search Template
    • LP_Protective DNS Search 
  3. Dashboard Package
    • LP_ProtectiveDNS 

General Description

The Protective DNS application normalizes Protective DNS events and enables you to analyze the data using pre-set dashboard views. You can further customize the searches to perform an in-depth analysis.

Installation

Follow these steps to install the Protective DNS v5.0.0 application:

  1. Download the Protective DNS package from the Download section above.
  2. Add Protective DNS as a required device in LogPoint.
  3. Create a collection policy with the Syslog Collector and an appropriate processing policy.  
  4. Assign the policy to the device.
  5. Add the dashboards.

Supported Device

The device supported by Protective DNS with LogPoint in this configuration is:

  • Protective DNS 

Screenshot - Sample Dashboard

Screen_Shot_2021-03-18_at_12.07.28__2_.png

Log Format

Protective DNS

Expected Log Format

JSON-based STIX2  format

Log Sample

{created":"2020-12-31T08:18:00Z","guid":"xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","event_type":"data.pdns.blocked","publisher":"logpoint.pdns","integrity": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","privacy":[],"history":[],"payload":{"spec_version":"2.0","id":"bundle--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","type":"bundle","objects":[{"type":"indicator","id":"indicator--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-31T08:17:44.410Z","modified":"2020-12-31T08:17:44.410Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","labels":["malicious-activity"],"pattern":"[ domain-name:value \u003d \abc.com\u0027 ]","valid_from":"2020-03-06T00:43:26.538Z"},{"type":"sighting","id":"sighting--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","sighting_of_ref":"indicator--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","observed_data_refs":["observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]},{"type":"observed-data","id":"observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","first_observed":"2020-12-30T16:10:47.000Z","last_observed":"2020-12-30T16:10:47.000Z","number_observed":1,"objects":{"0":{"type":"x-nominet-block","qname":"abc.com","qtype":"A","qclass":"IN","src_ip_network_type":"ipv4", "src_ip":"1.1.1.16","src_port":"12345","rpz_range":"domain-name","abc_range_matched":"abc.com","rpz_zone":"delta30"},"1":{"type":"x-nominet-threat-feed-source","name":"MALWARE_REPOSITORY","meta_data":[{"key":"threat_type","value":"malware"},{"key":"threat","value":"malware"},{"key":"names","value":"[\"HTML Generic-A\"]"},{"key":"tags","value":"[]"},{"key":"raw_feed_meta_data","value":"{\"names\":[\"Mal/HTMLGen-A\"]}"}]}}},{"type":"sighting","id":"sighting--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","sighting_of_ref":"indicator--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","observed_data_refs":["observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]},{"type":"observed-data","id":"observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxc","first_observed":"2020-12-30T16:10:47.000Z","last_observed":"2020-12-30T16:10:47.000Z","number_observed":1,"objects":{"0":{"type":"x-nominet-block","qname":"abc.com","qtype":"TYPE65","qclass":"IN","src_ip_network_type":"ipv4", "src_ip":"1.1.1.1","src_port":"18439","rpz_range":"domain-name","rpz_range_matched":"abc.com","rpz_zone":"delta30"},"1":{"type":"x-nominet-threat-feed-source","name":"MALWARE_REPOSITORY","meta_data":[{"key":"threat_type","value":"malware"},{"key":"threat","value":"malware"},{"key":"names","value":"[\"HTML Generic-A\"]"},{"key":"tags","value":"[]"},{"key":"raw_feed_meta_data","value":"{\"names\":[\"Mal/HTMLGen-A\"]}"}]}}},{"type":"identity","id":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-31T08:18:00.660Z","modified":"2020-12-31T08:18:00.660Z","name":"Nominet","identity_class":"organization"}]}}'''

Support

If you have any queries or require assistance, please feel free to contact our support team:

Email:             servicedesk@logpoint.com

Phone:           +45 7060 6100

Best regards,

Comments

Article is closed for comments.

Related articles

  • Tables Plugin
  • PRTG Network Monitor
  • Sophos
  • Mod Security
  • Carbon Black
Was this article helpful?
0 out of 0 found this helpful
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.