-
Notifications
You must be signed in to change notification settings - Fork 523
DomainStats
We're currently working on integrating DomainStats, (a dockerized version of Mark Baggett's domain_stats.py, found at https://github.com/MarkBaggett/domain_stats) into Security Onion with our move to the Elastic stack.
Thanks to Justin Henderson for all his work with the DomainStats docker image!
From https://github.com/SMAPPER/docker_domain_stats:
This docker image runs domain_stats.py. This is a python service that is designed to perform mass domain analysis. It can do things such as find the creation_date of a domain and identify if a domain is a member of the Alexa/Cisco Umbrella top 1 million sites.
It was developed to be used in conjunction with a SIEM and is in production environments. Specifically, it has been used in conjunction with the Elastic Stack, such as queried by Logstash, with large success.
For information how to modify configuration for DomainStats, consult the following:
https://github.com/SMAPPER/docker_domain_stats
DomainStats logs can be found in /var/log/domain_stats/.
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs