Skip to content

fatemabw/DOH-Zeek

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
README.md
README.md
 
 
__load__.zeek
__load__.zeek
 
 
doh-IPs-Dom.intel
doh-IPs-Dom.intel
 
 
doh-detect.zeek
doh-detect.zeek
 
 

Repository files navigation

DOH-Zeek

The indicators of DOH traffic based on the lists from https://github.com/bambenek/block-doh and couple other sources are listed in the Zeek format in the above file - doh-IPs-Dom.intel

Load the doh-IPs-Dom.intel in your zeek cluster with intel framework enabled, and it should start logging the DOH traffic to well known public DOH servers in the intel.log file.

Use:

cd <prefix>/share/zeek/site/
git clone git://github.com/fatemabw/DOH-Zeek.git doh
echo "@load doh" >> local.zeek

About

Zeek intel file indicators based on the block-doh by bambenek

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages