Hello community,
I have a problem with dns processor. I am using Suricata integration and I need DNS reverse lookup, that's why I decided to use dns processor. I also created mapping for new fields. But this processor does not work. I have only empty fields without any error in logs and I don't know why? Please help me to fix it, thx.
Here is my written processor:
- dns:
type: reverse
action: replace
transport: udp
fields:
suricata.eve.src_ip: source.hostname
suricata.eve.dest_ip: destination.hostname
source.ip: src.domain
destination.ip: dest.domain
nameservers: ['192.168.1.2']
timeout: 500ms
tag_on_failure: [_dns_reverse_lookup_failed]