In our initial post we demonstrate how the dns-logger from NoSpaceships can be used to capture and feed real-time DNS activity into an Elasticsearch based SIEM.