AnsweredAssumed Answered

Implement Frequency Score meta to Domain names

Question asked by Jeremy Kerwin on Jan 3, 2019
Latest reply on Jan 4, 2019 by Christopher Ahearn

I recently discovered an interesting way to add some intelligence surrounding the randomness of domain names and I'm curious about how to implement it in NetWitness.

 

I'm looking at the following tool.

FreqServer · Security-Onion-Solutions/security-onion Wiki · GitHub 

 

I have an idea about how to implement within NetWitness, that would include an external script querying the API for a list of domain names, run it against the freq_server tool, then generate a feed of domain names and randomness scores that could populate a new meta key

 

If there is another way to do this, I'd be interested to hear about it.

Cheers.

Outcomes