22 lines
309 B
YAML
22 lines
309 B
YAML
|
id: ptr-fingerprint
|
||
|
|
||
|
info:
|
||
|
name: PTR Fingerprint
|
||
|
author: pdteam
|
||
|
severity: info
|
||
|
tags: dns,ptr
|
||
|
|
||
|
dns:
|
||
|
- name: "{{FQDN}}"
|
||
|
type: PTR
|
||
|
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- "IN\tPTR"
|
||
|
|
||
|
extractors:
|
||
|
- type: regex
|
||
|
group: 1
|
||
|
regex:
|
||
|
- "IN\tPTR\t(.+)"
|