🚨 New Features
* Different querying periods per MISP tag can be now configured from the main config file:
yaml
misp_servers:
- domain: "https://MISP_INSTANCE"
api_key: "API_KEY"
args:
enforce_warninglist: True
periods:
generic:
delta:
days: 30 Get only attributes created in the past 30 days
tags:
- names:
- "cert-ist:threat_targeted_sector=\"Academic and Research\""
- "APT"
- "tlp:red"
delta: False Get all attributes in MISP
- names:
- "tlp:amber"
delta:
days: 60
* Daemon mode to run sub-commands on defined periods
yaml
schedules:
fetch_iocs:
interval: 10 minutes
correlation:
interval: 1 minutes
retro:
interval: 5 minutes
alerting:
interval: 60 minutes
* Email alerts - `alert` subcommand
yaml
alerting:
last_alerting_pointer_file: /alert.last
email:
from: "alertspdnssoc.com"
subject: "[pDNSSOC] Suspicious activity alert"
Send aggregated alerts for all clients to a specific address
summary_to: "securitypdnssoc.com"
server: "smtp_server_address"
port: 1025
example can be found in https://github.com/CERN-CERT/pdnssoc-cli/blob/main/src/resources/alert_email_template.html
template: /src/resources/alert_email_template.html
mappings:
Use client id to send alerts to different teams
client_1:
contact: client_1_sec_teamdomain.tld
client_2:
contact: client_2_sec_teamdomain.tld
**Full Changelog**: https://github.com/CERN-CERT/pdnssoc-cli/compare/v0.0.1...v0.0.2