Tutorial: DNS labelling

Contents

Introduction

As already described in the tutorial chapter alarm-register-and-control the plugin dnsDecode can tag flows which match a malware black list. If you do not enable the alarm mode it will produce all flows, the ones where the DNS request record matches a black list record will produce output in the dnsMalType column.