rdns Configuration

« rdns »
v0.3 by crowdsecurity
Postoverflow

Lookup the DNS associated to the source IP only for overflows

Installation

cscli postoverflows install crowdsecurity/rdns

Description

This will use reverse_dns method to enrich an event with the reverse dns of the IP if it exists.

YAML Configuration

1onsuccess: next_stage
2filter: "evt.Overflow.Alert.Remediation == true && evt.Overflow.Alert.GetScope() == 'Ip'"
3name: crowdsecurity/rdns
4description: "Lookup the DNS associated to the source IP only for overflows"
5statics:
6  - method: reverse_dns
7    expression: evt.Overflow.Alert.Source.IP
8  - meta: reverse_dns
9    expression: evt.Enriched.reverse_dns
10

Hub configuration

« rdns »v0.3 by crowdsecurityPostoverflow

« rdns »
v0.3 by crowdsecurity
Postoverflow