From 833c7c64beae56e79bb1349933a9dc97b7bfe987 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Fri, 1 Nov 2024 09:45:24 -0600 Subject: [PATCH] rules/dns: fix dns event names that have changed - not_a_request to not_request - not_a_response to not_reponse Ticket: #7361 --- rules/dns-events.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/dns-events.rules b/rules/dns-events.rules index d4c02b5c2f..6f3f711f8e 100644 --- a/rules/dns-events.rules +++ b/rules/dns-events.rules @@ -2,9 +2,9 @@ alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_server; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240002; rev:2;) alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_client; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240003; rev:2;) # Response flag set on to_server packet -alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; classtype:protocol-command-decode; sid:2240004; rev:2;) +alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_request; classtype:protocol-command-decode; sid:2240004; rev:3;) # Response flag not set on to_client packet -alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; classtype:protocol-command-decode; sid:2240005; rev:2;) +alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_response; classtype:protocol-command-decode; sid:2240005; rev:3;) # Z flag (reserved) not 0 alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; classtype:protocol-command-decode; sid:2240006; rev:2;) alert dns any any -> any any (msg:"SURICATA DNS Invalid opcode"; app-layer-event:dns.invalid_opcode; classtype:protocol-command-decode; sid:2240007; rev:1;)