## About
- This App is written for use within Splunk v8.x, 9.x
- This App is intended to be used with the DNS privacy and security tool [NextDNS](https://nextdns.io/)
- Beta release: this is far from perfect but as a colleague used to tell me, 'Don't let perfect be the enemy of good'.
- Further development will take place to ensure CIM compliance, Datamodel support etc.
- I publish this as an individual within the cyber security community, it is not an official release from the vendor.

## Splunkbase:
- Listed as of 2023-09-27, see: https://splunkbase.splunk.com/apps?keyword=NextDNS

## Setup
- This is the 'App' which should be installed on your Search Head(s).
- There is a TA which should be deployed to your UF/HF that takes care of the header fields on ingest
- Ensure that you set your index within 'macros.conf' Or I guess you can use the UI as an alternative.

## Manual CURL pull from NextDNS
- The intention is that this step is automated on your UF, but here is the manual pull:
- Log into your NextDNS account
- Obtain your ID
- Navigate to your account page: https://my.nextdns.io/account
- Obtain your API key
- Replace the <value> placeholders with the Key and ID values 

<pre>
   curl -X GET -H "X-Api-Key: <API key>" -s -L https://api.nextdns.io/profiles/<ID>/logs/download > nextdns.log
</pre>

## Git:
- See [Github](https://github.com/jameswintermute/NextDNS_APP)
- feedback to 'jameswintermute 0x40 protonmail.ch' OR Mastodon: jameswintermute@infosec.exchange