Skip to content

Latest commit

 

History

History
32 lines (26 loc) · 2.49 KB

transformers.md

File metadata and controls

32 lines (26 loc) · 2.49 KB

DNS-collector - Transformers

Transformers can be used to add some metadata to your traffic or some modifications on it (drop). This subprocessing can be applied on inputs with collectors or on outputs with loggers.

Processing order

Transformers processing is currently in this order :

  1. Normalize
  2. Traffic Filtering
  3. Traffic Reducer
  4. Finally all other transformations to do.

Supported transformers

Transformers Descriptions
Normalize Quiet Text
Qname to lowercase
Add TLD and TLD+1
Traffic Filtering Downsampling
Dropping per Qname, QueryIP or Rcode
Suspicious Traffic Detector Malformed and large packet
Uncommon Qtypes used< br/>Unallowed chars in Qname
Excessive number of labels
Long Qname
Traffic Reducer Detect repetitive queries/replies and log it only once
User Privacy Anonymize QueryIP
Minimaze Qname
Hash Query and Response IP with SHA1
Latency Computing Compute latency between replies and queries
Detect and count unanswered queries
GeoIP metadata Country and City
Data Extractor Add base64 encoded dns payload
Traffic Prediction Features to train machine learning models
Additionnal Tags Add additionnal tags
JSON relabeling JSON relabeling to rename or remove keys
DNS message rewrite Rewrite value for DNS messages structure
Newly Observed Domains Detect Newly Observed Domains
Reordering Reordering DNS messages based on timestamps