This workshop focuses on the different means DNS logging information can be used to help protect the Research & Education (R&E) sector as a whole.
It covers architecture aspects (DNS, pDNS, logs vs aggregation, etc.), tooling (dnstap, pDNSSOC, MISP, etc.) and deployment strategies. It also explores cooperation avenues with initiatives like SIE Europe.
The overall intent of the workshop is to improve daily security operations and cooperation between R&E organisations, ranging from mature security teams to smaller, understaffed organisations.
pDNSSOC: "Correlating DNS logs with threat intel from MISP as a poor man’s SOC."