DNS-RPZ
DNS-RPZ
Author: Michael Hornung; Expeditors International of Washington, Inc.
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Add a dynamic DNS entry to a Response Policy Zone, blackholing or redirecting a FQDN.
Configuration
| bind_server |
IP or FQDN of RPZ master BIND server |
| Default value if not configured |
127.0.0.1 |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| tsig_keyname |
Name of TSIG key to access BIND server |
| Default value if not configured |
cortex. |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| tsig_keyval |
TSIG key value to access BIND server |
| Default value if not configured |
updateme |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| tsig_hashalg |
TSIG hash algorithm to use |
| Default value if not configured |
HMAC-SHA512 |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| rpz_zonename |
Fully qualified RPZ zone name (don't forget the trailing dot) |
| Default value if not configured |
rpz. |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| remediation_ip |
IP to resolve RPZ names to |
| Default value if not configured |
127.0.0.1 |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |