Release Details
|
Fields |
Details |
|---|---|
|
Name |
Protective DNS |
|
Version |
5.0.0 |
|
Supported On |
LogPoint v6.7.4 and later |
|
Release Date |
2021-05-31 |
| Document Date | 2021-05-31 |
| Download | ProtectiveDNS_5.0.0.pak |
| SHA256 | 6e027295760c4fa965be5050f608d61e04f58ab77ad22681a3877d18ad4fd0c4 |
Package Detail
The application consists of the following components:
- Compiled Normalizer
- ProtectiveDNSCompiledNormalizer
- Search Template
- LP_Protective DNS Search
- Dashboard Package
- LP_ProtectiveDNS
General Description
The Protective DNS application normalizes Protective DNS events and enables you to analyze the data using pre-set dashboard views. You can further customize the searches to perform an in-depth analysis.
Installation
Follow these steps to install the Protective DNS v5.0.0 application:
- Download the Protective DNS package from the Download section above.
- Add Protective DNS as a required device in LogPoint.
- Create a collection policy with the Syslog Collector and an appropriate processing policy.
- Assign the policy to the device.
- Add the dashboards.
Supported Device
The device supported by Protective DNS with LogPoint in this configuration is:
- Protective DNS
Screenshot - Sample Dashboard
Log Format
Protective DNS
Expected Log Format
JSON-based STIX2 format
Log Sample
{created":"2020-12-31T08:18:00Z","guid":"xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","event_type":"data.pdns.blocked","publisher":"logpoint.pdns","integrity": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","privacy":[],"history":[],"payload":{"spec_version":"2.0","id":"bundle--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","type":"bundle","objects":[{"type":"indicator","id":"indicator--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-31T08:17:44.410Z","modified":"2020-12-31T08:17:44.410Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","labels":["malicious-activity"],"pattern":"[ domain-name:value \u003d \abc.com\u0027 ]","valid_from":"2020-03-06T00:43:26.538Z"},{"type":"sighting","id":"sighting--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","sighting_of_ref":"indicator--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","observed_data_refs":["observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]},{"type":"observed-data","id":"observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","first_observed":"2020-12-30T16:10:47.000Z","last_observed":"2020-12-30T16:10:47.000Z","number_observed":1,"objects":{"0":{"type":"x-nominet-block","qname":"abc.com","qtype":"A","qclass":"IN","src_ip_network_type":"ipv4", "src_ip":"1.1.1.16","src_port":"12345","rpz_range":"domain-name","abc_range_matched":"abc.com","rpz_zone":"delta30"},"1":{"type":"x-nominet-threat-feed-source","name":"MALWARE_REPOSITORY","meta_data":[{"key":"threat_type","value":"malware"},{"key":"threat","value":"malware"},{"key":"names","value":"[\"HTML Generic-A\"]"},{"key":"tags","value":"[]"},{"key":"raw_feed_meta_data","value":"{\"names\":[\"Mal/HTMLGen-A\"]}"}]}}},{"type":"sighting","id":"sighting--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","sighting_of_ref":"indicator--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","observed_data_refs":["observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]},{"type":"observed-data","id":"observed-data--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-30T16:10:47.000Z","modified":"2020-12-30T16:10:47.000Z","created_by_ref":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxc","first_observed":"2020-12-30T16:10:47.000Z","last_observed":"2020-12-30T16:10:47.000Z","number_observed":1,"objects":{"0":{"type":"x-nominet-block","qname":"abc.com","qtype":"TYPE65","qclass":"IN","src_ip_network_type":"ipv4", "src_ip":"1.1.1.1","src_port":"18439","rpz_range":"domain-name","rpz_range_matched":"abc.com","rpz_zone":"delta30"},"1":{"type":"x-nominet-threat-feed-source","name":"MALWARE_REPOSITORY","meta_data":[{"key":"threat_type","value":"malware"},{"key":"threat","value":"malware"},{"key":"names","value":"[\"HTML Generic-A\"]"},{"key":"tags","value":"[]"},{"key":"raw_feed_meta_data","value":"{\"names\":[\"Mal/HTMLGen-A\"]}"}]}}},{"type":"identity","id":"identity--xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx","created":"2020-12-31T08:18:00.660Z","modified":"2020-12-31T08:18:00.660Z","name":"Nominet","identity_class":"organization"}]}}'''
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Article is closed for comments.