If you’re worried
about hosting your DMARC data (not least the Forensics reporting)
with a cloud provider, or just simply want to self-host because
You’re already running the Elastic Stack or Splunk and want to save the $$ for the provider, there’s a
tool for you called ‘Parsedmarc’ [1].
For further
information on the tool, please read the description at [1] (It would
be stupid repeating all of that here).
For the purpose of
installing Parsedmarc on the Elastic Stack, here’s a simple shell
script to do just that [2].
Prerequisites for
the script:
- Python3 Pip
- X-Pack Security - You really should use that, it's part of the Basic License now
- Run the script on the Elasticsearch node on which you want Parsedmarc to run
- I disagree with using Cloudflare for name resolution, if your local DNS resolvers aren't running faster and better than them, you should look into your DNS setup, as well as use RPZ's to protect your organization.
And please don't forget to spare a thought (or a dime) for @seanthegeek who made this possible.
No comments:
Post a Comment