Browsed by
Tag: SIEM

Checking DNS requests against a domain blacklist in Python

Checking DNS requests against a domain blacklist in Python

A while ago I wrote a post about using Python to parse tcpdump output for domains and URLs. Recently, I started to wonder if I could take that a step further. What if the DNS requests I saw could be checked against a blacklist in real time? And what if the output was presented in a more useful format? Here’s how I got these new features working.