You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- name: Test curl requesttype: DnsQuerycondition: header.image == "/usr/bin/curl"
- name: Test curl responsetype: DnsResponsecondition: header.image == "/usr/bin/curl"
Even if there is for DnsQuery or DnsResponse in the type field of the rule, but without any rule on the Payload, this condition will match on every type of events, not only DnsQuery or DnsResponse.
This behaviour is not wrong from validation point of view, because it's generic and only looks strictly at conditions.
We need is a way to enforce this check for our specific case, where payload type is an additional condition.
The text was updated successfully, but these errors were encountered:
Rule engine contains an unwanted behaviour.
Take for example this 2 rules:
Even if there is for
DnsQueryorDnsResponsein the type field of the rule, but without any rule on thePayload, this condition will match on every type of events, not onlyDnsQueryorDnsResponse.This behaviour is not wrong from
validationpoint of view, because it's generic and only looks strictly at conditions.We need is a way to enforce this check for our specific case, where payload type is an additional condition.
The text was updated successfully, but these errors were encountered: