Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP type for CIRCL Passive DNS and others #99

Closed
ppanero opened this issue Oct 3, 2017 · 3 comments
Closed

IP type for CIRCL Passive DNS and others #99

ppanero opened this issue Oct 3, 2017 · 3 comments
Assignees
@jeromeleonard
Labels
category:enhancement Issue is related to an existing feature to improve
Milestone
1.9.0

Comments

@ppanero
Copy link

ppanero commented Oct 3, 2017

IP type for CIRCL Passive DNS and others.

Request Type

Feature

Work Environment

Question Answer
OS version (server) CentOS
OS version (client) 7
Cortex Analyzer Name CIRCLPassiveDNS
Cortex Analyzer Version latest
Cortex Version latest
Browser type & version N/A

Description

In the CIRCL passive DNS analyzer only domain and url types are listed. However in the pypdns module IPs can also be queried. I have already made the extension for it and I could make a PR, but I also found that IPs pass the domain/url filters since they dont have '/' and http to split (therefore the query succeeds.

Possible Solutions

1- Do you want the PR
2- Do you want me to do stronger checks (url is url, domain domain and IP ip? or leave it as it is
@saadkadhi saadkadhi added the category:enhancement Issue is related to an existing feature to improve label Oct 3, 2017
@saadkadhi
Copy link
Contributor

Hi @ppanero thanks. @jeromeleonard will contact you as soon as feasible.

@saadkadhi
Copy link
Contributor

@jeromeleonard any update on this front? Thanks.

@jeromeleonard
Copy link
Contributor

Hi @ppanero,

We would be pleased to review your PR to improve the analyzer. If you do so, could you please base the PR on the develop branch ?

Thx.

J.

jeromeleonard added a commit that referenced this issue Feb 24, 2018
@jeromeleonard
#99 add dataType ip
4d8ea69
@jeromeleonard jeromeleonard added this to the 1.9.0 milestone Feb 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeromeleonard jeromeleonard

Labels
category:enhancement Issue is related to an existing feature to improve
Projects
None yet
Milestone
1.9.0
Development

No branches or pull requests
3 participants
@saadkadhi @ppanero @jeromeleonard