jayswan/hn.bro

## hn.bro
type Idx: record {
        hostname: string;
};


export {
        redef enum Notice::Type += {
                DNS_ENTRY::Tracked_Hostname
        };
}

global hostnames: set[string];

event bro_init() {
	Input::add_table([$source="/opt/bro/share/bro/site/hostnames.txt",$name="hostnames",$idx=Idx,$destination=hostnames]);
}

event dns_request(c:connection, msg:dns_msg, query:string, qtype:count, qclass:count) {
    if (qtype == 6) {
        if (query in hostnames) {
            when ( local hn = lookup_hostname(query)) {
                NOTICE([$note=DNS_ENTRY::Tracked_Hostname,
			$conn=c,
			$msg=fmt("saw tracked hostname %s at %s",query,hn)]);
            }
        }
    }
}

event bro_done() {
        Input::remove("hostnames");
}
	type Idx: record {
	hostname: string;
	};


	export {
	redef enum Notice::Type += {
	DNS_ENTRY::Tracked_Hostname
	};
	}

	global hostnames: set[string];

	event bro_init() {
	Input::add_table([$source="/opt/bro/share/bro/site/hostnames.txt",$name="hostnames",$idx=Idx,$destination=hostnames]);
	}

	event dns_request(c:connection, msg:dns_msg, query:string, qtype:count, qclass:count) {
	if (qtype == 6) {
	if (query in hostnames) {
	when ( local hn = lookup_hostname(query)) {
	NOTICE([$note=DNS_ENTRY::Tracked_Hostname,
	$conn=c,
	$msg=fmt("saw tracked hostname %s at %s",query,hn)]);
	}
	}
	}
	}

	event bro_done() {
	Input::remove("hostnames");
	}