BigSnarf blog

Infosec FTW

Loading PCAP DNS traffic into ElasticSearch for RESTful queries

ElasticSearch Instance populated with custom python loader

Screen Shot 2012-12-24 at 12.25.15 PM

https://github.com/bigsnarfdude/machineLearning/blob/master/esloader.py

Searchable by port or answer (potentially 24 billion records queried in less than 1 second)

Screen Shot 2012-12-24 at 1.12.39 PM

Searchable by time

Screen Shot 2012-12-24 at 1.16.06 PM

 

Wild Card Search for *google* and slice by time “12:12”

Screen Shot 2012-12-24 at 1.24.45 PM

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: