Import DNS #2350
Replies: 5 comments
-
|
Along the same vein - I'd be thrilled if there was a button on Hunt/Alerts for "Resolve Hostname" or something like that. Click it and have all the IP values in src/dst/etc show hostnames. |
Beta Was this translation helpful? Give feedback.
-
Have you considered something like the DNS filter plugin for Logstash? We typically recommend Ingest parsing, but you might be able to break out a portion of the pipeline for Logstash and the rest for Ingest. https://www.elastic.co/guide/en/logstash/7.x/plugins-filters-dns.html |
Beta Was this translation helpful? Give feedback.
-
|
+1 for me! I was just about to ask the same question. I'd love to be able to point Security Onion to my local DNS resolver so that is would do reverse lookups on the ip addresses and fill in the DNS names! Wes, would your DNS filter plugin for Logstash suggestion make this possible? Would this replace IP addresses in the Hunt view and everywhere else the source.ip and destination.ip fields are used? |
Beta Was this translation helpful? Give feedback.
-
|
This seems like an obvious one. It would be very useful for my setup. Anyone with advice? |
Beta Was this translation helpful? Give feedback.
-
|
One option might be the Elasticsearch enrich processor: |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Is there a way to import DNS data - so that the data shows the dns name and not the ip?
Beta Was this translation helpful? Give feedback.
All reactions