Determine randomly or dynamically generated domains

File uploaded by awmorris on Aug 11, 2014
Version 1Show Document
  • View in full screen mode

The attached zipfile is one of the attachments as part of the TB-3111 presentation in HP Protect 2014.  It includes Python source code and compiled executable to allow content developers to check how entropy exists within a DNS name and return the results back to ArcSight in CEF.  By using ArcSight rule actions to call the executable file/script, it is possible to make the entire thing a closed loop cycle that requires no ongoing interaction.