Is it feasible to enrich events with say, DNS CAA record details as it flows through stream?
Question
Is it feasible to enrich events with say, DNS CAA record details as it flows through stream?
Are you saying you want to use the DNS lookup function to enrich?
Or something else?
Looks like we need to add the CAA resource type to the DNS Lookup function, but you should be able to get the result with the `ANY` type and then use an eval.
Yah, CAA and a few recent bits of DNS seem to get skipped a lot
Maybe make record type a free text field?
Yeah, I tried to hack the JSON and insert CAA, but it is too strict and doesn't accept the value :slightly_smiling_face:
would the DNS Lookup function returned information be dependent on host OS?
I strongly doubt that
Even Windows usually manages to resolve DNS 
Using the function via Edge that's collecting from a Windows 10 device. But I'm not seeing any CAA information
Do you have access to the box?
I just learned that neither nslookup nor Powershell can handle CAA records oO
yah
yah, hence my question 
like if javascript is reliant on the host OS or if it's implementing and not relying on host os
I can't believe this. Found a bug report for PHP from 2018 where someone ran into the same issue. Seems the Windows API just lacks this function. What a mess...
Gotta love Windows.
Maybe will see it in Windows 12
eventually this will shift to a Linux box, maybe I'll just speed that up heh
Ha, I asked ChatGPT and exactly as expected it lied to me and told me it works with nslookup. That mofo.
hahaha
I keep working on teaching lies to ChatGPT
Sign up
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.