DMARC Reporting Locally
If you’re worried about hosting your DMARC data (not least the Forensics reporting) with a cloud provider, or just simply want to self-host because You’re already running the Elastic Stack or Splunk and want to save the $$ for the provider, there’s a tool for you called ParseDMARC [1].
For further information on the tool, please read the description on the projects Github (It would be stupid repeating all of that here).
For the purpose of installing Parsedmarc on the Elastic Stack, here’s a simple shell script to do just that [2].
Prerequisites for the script:
1. Python3 Pip
2. X-Pack Security - You really should use that, it’s part of the Basic License now
3. Run the script on the Elasticsearch node on which you want Parsedmarc to run
4. I disagree with using Cloudflare for name resolution, if your local DNS resolvers aren’t running faster and better than them, you should look into your DNS setup, as well as use RPZ’s to protect your organization.
And please don’t forget to spare a thought (or a dime) for @seanthegeek who made this possible.
