Go to file
Jean-Louis Huynen 0547cd33e0
chg: [repo] archiving repository
2020-01-13 14:44:03 +01:00
conf.sample fix: remove type 8: from sample 2019-06-05 11:37:46 +02:00
.gitignore new [dev] .gitignore + fmt 2019-06-03 16:33:24 +02:00
LICENCE new: [dev] initial commit 2019-06-03 16:31:25 +02:00
README.md chg: [repo] archiving repository 2020-01-13 14:44:03 +01:00
balboa.go fix: usage 2019-06-05 11:42:19 +02:00
go.mod fix: [dev] first working version 2019-06-05 11:22:44 +02:00
go.sum new: [dev] initial commit 2019-06-03 16:31:25 +02:00

README.md

Archiving analyzer-d4-balboa

This repository is now archived - to interface D4 with Balboa, the prefered tool is d4-core generic unix socket exporter.

analyzer-d4-balboa

Ingests Type 8 Passive DNS and writes into a linux socket for balboa https://github.com/DCSO/balboa to consume

Installation

go get https://github.com/D4-project/analyzer-d4-balboa

Configuration files

  • balboa_socket: path to the UNIX socket
  • redis: path to the d4 redis server
  • redis_queue: uuid of the analyzer's redis queue

Use

$analyzer-d4-balboa -c conf.sample

Send PassiveDNS data to d4

# passivedns -i eth0 -l /dev/stdout | d4-amd64l -c conf.d4server

Query Balboa GraphQL server

Once you launched the analyzer, pick one of the domains listed in its output and query Balboa (serving here on http://127.0.0.1:8080):

#!/bin/bash
curl \
-X POST \
-H 'Content-Type: application/json' \
--data '{"query" : "query{ entries(rrname: \"www.cnn.com\", limit: 1) { rrname rrtype rdata time_first time_last sensor_id count } } "}' http://127.0.0.1:8080/