We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Currently, the Suricata DNS parser renames dns.rcode to dns.response.code: https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/elasticsearch/files/ingest/suricata.dns#L15
dns.rcode
dns.response.code
However, we actually need that to be dns.response.code_name to match what we do with Zeek DNS logs: https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/elasticsearch/files/ingest/zeek.dns#L16
dns.response.code_name
And to align with our Hunt DNS Response query: https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/soc/files/soc/hunt.queries.json#L25
The text was updated successfully, but these errors were encountered:
FIX: Suricata dns.response.code needs to be renamed to dns.response.c…
e6f9592
…ode_name #4770
Merge pull request #4775 from Security-Onion-Solutions/fix/suricata-d…
2ea3989
…ns-response-code FIX: Suricata dns.response.code needs to be renamed to dns.response.code_name #4770
Tested a fresh dev installation in local VM and confirmed working properly:
Sorry, something went wrong.
3d3593a
dougburks
No branches or pull requests
Currently, the Suricata DNS parser renames
dns.rcode
todns.response.code
:https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/elasticsearch/files/ingest/suricata.dns#L15
However, we actually need that to be
dns.response.code_name
to match what we do with Zeek DNS logs:https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/elasticsearch/files/ingest/zeek.dns#L16
And to align with our Hunt DNS Response query:
https://github.com/Security-Onion-Solutions/securityonion/blob/master/salt/soc/files/soc/hunt.queries.json#L25
The text was updated successfully, but these errors were encountered: