tag:blogger.com,1999:blog-9222823941653971224.post4035678425506764106..comments2024-03-28T04:24:14.785-07:00Comments on Technicalinfo.net Blog: Persistent Threat Detection (on a Budget)Gunter Ollmannhttp://www.blogger.com/profile/00872922499284887206noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9222823941653971224.post-88809408116513784742012-11-27T07:06:37.278-08:002012-11-27T07:06:37.278-08:00I do totally agree with you, however you seem to g...I do totally agree with you, however you seem to gloss a bit quickly over some of the details of implementation of this for medium to big environments.<br /><br />For example:<br />- multiple layers of DNS resolvers, <br />- heterogeneity of DNS servers (and thus of log formats),<br />- data management for years of logs,<br />- rapid search of the logs for long periods.<br /><br />A project/tool that seem to ease a lot of those pain points is PDNSQDB (http://goo.gl/68iHw and http://goo.gl/AdNVV), but it is not yet released.Elhoimhttps://www.blogger.com/profile/16796667000011991859noreply@blogger.com