From 183277a771f53f32704767cd4a0e6b0b1eb561bd Mon Sep 17 00:00:00 2001
From: Rishi <hakrishi@pm.me>
Date: Sat, 24 Feb 2024 14:28:56 +0000
Subject: [PATCH] spf record detection template

---
 dns/spf-record-detect.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 dns/spf-record-detect.yaml

diff --git a/dns/spf-record-detect.yaml b/dns/spf-record-detect.yaml
new file mode 100644
index 0000000000..3dca6d7520
--- /dev/null
+++ b/dns/spf-record-detect.yaml
@@ -0,0 +1,23 @@
+id: spf-record
+
+info:
+  name: SPF Record Detected
+  author: rxerium
+  severity: info
+  description: An SPF TXT record was detected
+  reference:
+    - https://www.mimecast.com/content/how-to-create-an-spf-txt-record
+  tags: dns,spf
+
+dns:
+  - name: "{{FQDN}}"
+    type: TXT
+    matchers:
+      - type: word
+        words:
+          - "v=spf1"
+
+    extractors:
+      - type: regex
+        regex:
+          - "v=spf1(.+)"
\ No newline at end of file