This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Implement Frequency Score meta to Domain names

Anonymous
Not applicable

‎2019-01-03 06:58 PM

I recently discovered an interesting way to add some intelligence surrounding the randomness of domain names and I'm curious about how to implement it in NetWitness.

 

I'm looking at the following tool.

FreqServer · Security-Onion-Solutions/security-onion Wiki · GitHub 

 

I have an idea about how to implement within NetWitness, that would include an external script querying the API for a list of domain names, run it against the freq_server tool, then generate a feed of domain names and randomness scores that could populate a new meta key

 

If there is another way to do this, I'd be interested to hear about it.

Cheers.

0 Likes
4 REPLIES 4

MatthewTharp1
Employee
Employee

‎2019-01-03 07:20 PM

Hey Jeremy, this isn't the same technique but it might be useful to you and is already built.

 

https://community.rsa.com/thread/191520 

Anonymous
Not applicable
In response to MatthewTharp1

‎2019-01-03 09:34 PM

Thanks, it looks interesting. I might implement both 🙂

0 Likes

Anonymous
Not applicable

‎2019-01-04 07:13 AM

I was also thinking of that DNS Tunneling article as well.  I think a feed and a report could work, though it might be slightly behind depending on the feed update interval. 

0 Likes

Anonymous
Not applicable
In response to MatthewTharp1

‎2019-01-16 03:59 PM

Thanks, after looking at your technique, it looks very similar to what I'm looking for so I'll go with that. 

Cheers.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.