[ARGUS] Argus-clients-5.0 and Passive DNS
Carter Bullard
carter at qosient.com
Tue Feb 6 11:14:43 EST 2024
Gentle people,
I have uploaded the Gargoyle software to process DNS transactions from Argus-5.0 flow records, and started a GitHub Project to develop this key control plane capability.
What this means is that you can recover the complete DNS behavior from your argus data, which is a huge plus for hunting and forensics analysis.
This support IPv4 and IPv6 addresses, and processes, DNS as well as multicast DNS.
Because almost all Cyber Threat Intelligence is oriented around DNS names and IP addresses, this feature provides all the basic data needed to do a historical review when new CTI comes in.
Developed for one of the DHS SOCs, it has gotten through quite a bit of development and testing, and is pretty stable, but there is always more work to do ...
I invite you to get involved in the development and testing of this new capability.
https://github.com/openargus
Hope all is most excellent,
Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1385 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20240206/c420c99d/attachment.bin>
More information about the argus
mailing list