Correlation of events with various datasets

[arvchristos]

Hello!

This is an amazing project and already helpful for us, especially when wearing the Incident Response hat.

We plan to use go-dnscollector to ingest data from DNS servers and correlate it with threat intelligence. We already have a semi-working solution that uses MISP to enrich DNS messages with threat intelligence context. This means that if a match with MISP malicious attributes is found, we are adding a new correlation.misp key with the information.

MISP is just one source which we heavily rely on for R&E institutions. However, our plans are to be flexible enough and introduce different sources in the future.

Is this something of interest for the community of this tool? I could easily contribute my work to the tool and would be glad to offer it to other users.

[dmachard]

Again, thanks for interest in dns-collector :)
One of the purposes of the dns-collector is to send dns messages to security tools in various and efficient way.
Any support of threat intelligence tools will be really appreciated.