Hi all - is anyone using DNSFilter/s3 with insightIDR? I see a few other topics here about “I’d love this event source” but couldnt see any r7 responses. We had DNS logs via s3 with Umbrella, but have now migrated to DNSFilter and are missing DNS logging. We have only these for DNS logs:
- Umbrella
- Dnsmasq
- Trinzic
- Bind9
- MS DNS
- PowerDNS
It would be great to just have DNSFilter in there, but we could also do some rewriting into one of the other formats if we have to. Has anyone done something along these lines?