Transformers can be used to add some metadata to your traffic or some modifications on it (drop). This subprocessing can be applied on inputs with collectors or on outputs with loggers.
Transformers processing is currently in this order :
- Normalize
- Traffic Filtering
- Traffic Reducer
- Finally all other transformations to do.
Transformers | Descriptions |
---|---|
Normalize | Quiet Text Qname to lowercase Add TLD and TLD+1 |
Traffic Filtering | Downsampling Dropping per Qname, QueryIP or Rcode |
Suspicious Traffic Detector | Malformed and large packet Uncommon Qtypes used< br/>Unallowed chars in Qname Excessive number of labels Long Qname |
Traffic Reducer | Detect repetitive queries/replies and log it only once |
User Privacy | Anonymize QueryIP Minimaze Qname Hash Query and Response IP with SHA1 |
Latency Computing | Compute latency between replies and queries Detect and count unanswered queries |
GeoIP metadata | Country and City |
Data Extractor | Add base64 encoded dns payload |
Traffic Prediction | Features to train machine learning models |
Additionnal Tags | Add additionnal tags |
JSON relabeling | JSON relabeling to rename or remove keys |
DNS message rewrite | Rewrite value for DNS messages structure |
Newly Observed Domains | Detect Newly Observed Domains |
Reordering | Reordering DNS messages based on timestamps |