## About - This TA is written for use within Splunk v8.x, 9.x - It is intended to be used with the DNS privacy and security tool [NextDNS](https://nextdns.io/) and the App which I have also published on Splunkbase - Beta release: this is far from perfect but as a colleague used to tell me, 'Don't let perfect be the enemy of good'. - I publish this as an individual within the cyber security community, it is not an official reslease from the vendor. - There is a challenge with duplicate events, the vendor logs do not offer a means for UID tracking, I am working on this. ## Splunkbase: - Listed as of 2023-09-27, see: https://splunkbase.splunk.com/apps?keyword=NextDNS ## Setup - This is the 'TA' which should be installed on your UF, HF, IDX. - There is a APP which should be deployed to your SH that has useful dashboards and searches. ## Manual CURL pull from NextDNS - The intention is that this step is automated on your UF, but here is the manual pull: - Log into your NextDNS account - Obtain your ID - Navigate to your account page: https://my.nextdns.io/account - Obtain your API key - Replace the <value> placeholders with the Key and ID values <pre> curl -X GET -H "X-Api-Key: <API key>" -s -L https://api.nextdns.io/profiles/<ID>/logs/download > nextdns.log </pre> ## Git: - See [Github](https://github.com/jameswintermute/NextDNS_TA) - It may still be private at the time of release but will go public in due course - feedback to 'jameswintermute 0x40 protonmail.ch' OR Mastodon: jameswintermute@infosec.exchange