Pdnssoc-cli

The latest update to our software, version v0.0.5, which includes several bug fixes that enhance both performance and user experience.

This version standardizes all time references to UTC to ensure consistency with go-dnscollector, introduces optional configuration settings for enabling debug mode and SSL verification, and updates the list of project authors. The time normalization prevents mismatches, and the new configuration options enhance flexibility in debugging and SSL handling. The authors' list has been revised to reflect current contributors. All changes have been tested for accuracy and functionality.

🚨 New Features
* Different querying periods per MISP tag can be now configured from the main config file:
yaml
misp_servers:
- domain: "https://MISP_INSTANCE"
api_key: "API_KEY"
args:
enforce_warninglist: True
periods:
generic:
delta:
days: 30 Get only attributes created in the past 30 days
tags:
- names:
- "cert-ist:threat_targeted_sector=\"Academic and Research\""
- "APT"
- "tlp:red"
delta: False Get all attributes in MISP
- names:
- "tlp:amber"
delta:
days: 60

* Daemon mode to run sub-commands on defined periods
yaml
schedules:
fetch_iocs:
interval: 10 minutes
correlation:
interval: 1 minutes
retro:
interval: 5 minutes
alerting:
interval: 60 minutes


* Email alerts - `alert` subcommand
yaml
alerting:
last_alerting_pointer_file: /alert.last
email:
from: "alertspdnssoc.com"
subject: "[pDNSSOC] Suspicious activity alert"
Send aggregated alerts for all clients to a specific address
summary_to: "securitypdnssoc.com"
server: "smtp_server_address"
port: 1025
example can be found in https://github.com/CERN-CERT/pdnssoc-cli/blob/main/src/resources/alert_email_template.html
template: /src/resources/alert_email_template.html
mappings:
Use client id to send alerts to different teams
client_1:
contact: client_1_sec_teamdomain.tld
client_2:
contact: client_2_sec_teamdomain.tld


**Full Changelog**: https://github.com/CERN-CERT/pdnssoc-cli/compare/v0.0.1...v0.0.2