Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store the dns client ips for each queried hostname #436

Merged
merged 80 commits into from Apr 9, 2019
Merged

Store the dns client ips for each queried hostname #436

merged 80 commits into from Apr 9, 2019

Conversation

Zalgo2462
Copy link
Contributor

Addresses issue #434.

I created an Input structure for hostnames which contains the IP addresses the matching hostname resolved to as well as the IP addresses that queried the hostname. I filled these structures out in the fsimporter and updated the analysis code to store the new data.

lisaSW and others added 30 commits January 7, 2019 11:55
@lisaSW
inital uconns import creation
0171897
@lisaSW
added check in analysis for uconn being created at import
c7d028d
@meljbruno
Add additional uconn fields
af8a68b
@meljbruno
Add uconn.go parsetype
f992a5c
@lisaSW
uconn pair declaration fix
127ec5d
@meljbruno
Bug fixes
8106556
@meljbruno
Fixes and improvements
052c86d
@meljbruno
Only add unique timestamps
fd23c30
@lisaSW
added all uconns-based fields to hosts table on import
ec9bdc1
@meljbruno
Merge pull request #344 from activecm/338-create-hosts-at-import
f68bdd3 
added all uconns-based fields to hosts table on import
@meljbruno
Initial refactoring
62737a9
@meljbruno
Add passing uconn insert integration test
e90cf5d
@meljbruno
Add more tests
c0f9999
@meljbruno
Use database.DB for session handling
1ce2d35
@meljbruno
Finish repository code and tests
649b831
@meljbruno
Rewrite fsimporter.go to use repositories
77d93e6
@meljbruno
Add uconn CreateIndexes and Upsert functions
fa80b28
@meljbruno
Gofmt fixes
94efbc7
@meljbruno
Golint fixes
3d70e7a
@lisaSW
Merge pull request #340 from activecm/313-add-uconns-check-in-analysis
c0a44d0 
added check in analysis for uconn being created at import
@lisaSW
Merge pull request #347 from activecm/313-generate-uconn-at-import
a6c4ae0 
Generate uconns and hosts at import
@meljbruno
Add explodedDNS to importer
40fd82c
@meljbruno
Performance fix
b401766
@meljbruno
Add hostnames at import
ca306c6
@meljbruno
Remove dns package
a6107d0
@meljbruno
Gofmt fixes
70d5c52
@meljbruno
Golint fixes
7d301a6
@meljbruno
Collection name fix
9c135bb
@lisaSW
Merge pull request #354 from activecm/349-create-hostnames-at-import
3e3cfdd 
Create hostnames collection at import
@lisaSW
exploded dns analysis, beacon analysis, uconns analysis, hostnames an…
412d017 
…alysis to importer (#359)
lisaSW and others added 22 commits February 24, 2019 19:18
@lisaSW
updated longconn reporting (#403)
9f04d58
@lisaSW
added conn count metric to replace duration in beacon analysis (#404)
b6ec799
@lisaSW
fixed error, beacon analysis is all better now (#405)
0044ff7
@lisaSW
Invalid cert scoring (#407)
2b6aab1 
* Adding an invalid cert field to uconn pair type, and we also parse invalid certs and set in the uconn map in fsimporter

* added scoring to hosts for unique invalid certs if they are also beacons
@lisaSW
minor index fix
1a48b38
@lisaSW
minor index fix2
c2e2ae1
@ethack
Merge branch 'master' into v3
b72acf6
@lisaSW
updated invalid certs to new module (#411)
89a5d42
@lisaSW
removed datastore, fixed breaking test files (#415)
fddafcc
@lisaSW
added check for invalid db name characters because ethan tried to put…
fc38e3d 
… periods in the db names :p (#416)
@Zalgo2462 @lisaSW
Fix invalid cert analysis output text (#418)
21d6acd
@lisaSW
finished final deletion step and fixed an error in beacons (#424)
1bd13d5
@Zalgo2462 @lisaSW
417 fix v3 db delete (#419)
645d363 
* Remove old logic that directed imported files towards different databases based on subdirectories

* Change help message for import to remove notes on subdirectories

* Change DBRoot to DBName

* Stop rita from recursively finding files
@Zalgo2462 @lisaSW
422 fix beacon headers in v3 (#423)
a7d877d 
* Remove unused header from show-beacons -H

* Ensure both human readable and csv output have the same headers for show-beacons
@lisaSW
updated upps count to unique for src-dst pair (#426)
02539ea
@lisaSW
Filter fix non conns (#427)
9e12416 
* updated upps count to unique for src-dst pair

* fixed error where updating uconns/host/cert entries from log parsing other than conns caused issues because those entries were being filtered in conns
@lisaSW
fixed off by 1 error in exploded dns analysisj (#428)
616e17a
@lisaSW
updated show bl hostnames and bl hostnames html reporting queries (#429)
021ee93
@ethack
Merge branch 'master' into v3
dadcd7b
@ethack
Switching installer version to v3.0.0-beta1
56b205a
@ethack
added invalid cert entry check and subsequent tuple update to conns s…
917cb36 
…witch portion (#435)
Store the dns client ips for each queried hostname
3ba6782
@lisaSW lisaSW self-requested a review March 22, 2019 16:55
@ethack ethack changed the base branch from v3 to master April 9, 2019 17:22
@ethack ethack merged commit 5cd3b74 into master Apr 9, 2019
@ethack ethack deleted the 434-hostname-sources branch April 9, 2019 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ethack ethack ethack approved these changes

@lisaSW lisaSW lisaSW approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Zalgo2462 @ethack @lisaSW @meljbruno @carrohan