From 8845b68333f0a589c3c971c2621ed3fb51ab4fb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Aime?= Date: Wed, 20 Jan 2021 20:34:53 +0100 Subject: [PATCH] Correcting typo on the not resolved host heuristic --- analysis/classes/zeekengine.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/analysis/classes/zeekengine.py b/analysis/classes/zeekengine.py index 274e9b8..eac38ce 100644 --- a/analysis/classes/zeekengine.py +++ b/analysis/classes/zeekengine.py @@ -135,7 +135,7 @@ class ZeekEngine(object): "level": "Moderate", "id": "PROTO-04"}) # Check for non-resolved IP address. - if c["service"] == c["resolution"]: + if c["ip_dst"] == c["resolution"]: c["alert_tiggered"] = True self.alerts.append({"title": "The server {} hasn't been resolved by any DNS query during the session".format(c["ip_dst"]), "description": "It means that the server {} is likely not resolved by any domain name or the resolution has already been cached by ".format(c["ip_dst"])