This script allows Cisco Umbrella users to better understand their DNS traffic. The script retrieves the Top Destinations reported by your Umbrella account over the past week (up to 1000 domains), filters for domains only (no IP addresses), and compares it to Umbrella's Top 1 Million Domains. The result is a CSV containing "uncommon domains" in your network, aka, DNS requests in your network that are not part of Umbrella's Top 1 Million.
Umbrella customers have a vested interest in DNS visibility and security. While most companies could use assistance filtering the massive amounts of internet traffic going in and out of their network, this particular use case was inspired by the aftermath of the 2021 colonial pipeline attack in the U.S.
Afterward, the TSA issued (and has since re-issued) a Security Directive for oil and natural gas pipeline cybersecurity that challenged utility companies to better understand their DNS traffic.
Umbrella customers using this script can quickly and easily discover uncommon DNS requests to proactively investigate without the overwhelm.
https://code.visualstudio.com/download
.https://www.python.org/downloads/
. Then, follow the installation instructions here based on your OS: https://kinsta.com/knowledgebase/install-python/#how-to-install-python
.https://login.umbrella.com/
https://devnetsandbox.cisco.com/DevNet/catalog/umbrella-secure-internet-gateway
git clone https://github.com/erdietri/UmbrellaUncommonDomains.git
cd umbrellauncommondomains
pip install -r requirements.txt
python3 umbrella_uncommon_domains.py
This script has been tested on Windows 11 and Sanoma 14.3 (Mac) but should work on any OS. This repository contains an example of the resulting output after running this script called example_uncommon_domains.csv.
Erika Dietrick
Copyright 2024 Erika Dietrick
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community