c_meyer/KasperskyLab-TinyCheck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correcting typo on the not resolved host heuristic

Browse Source
This commit is contained in:
Félix Aime 2021-01-20 20:34:53 +01:00
parent 0cedade4b8
commit 8845b68333
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
analysis/classes/zeekengine.py
View File

@ -135,7 +135,7 @@ class ZeekEngine(object):
"level": "Moderate", "level": "Moderate",
"id": "PROTO-04"}) "id": "PROTO-04"})
# Check for non-resolved IP address. # Check for non-resolved IP address.
if c["service"] == c["resolution"]: if c["ip_dst"] == c["resolution"]:
c["alert_tiggered"] = True c["alert_tiggered"] = True
self.alerts.append({"title": "The server {} hasn't been resolved by any DNS query during the session".format(c["ip_dst"]), self.alerts.append({"title": "The server {} hasn't been resolved by any DNS query during the session".format(c["ip_dst"]),
"description": "It means that the server {} is likely not resolved by any domain name or the resolution has already been cached by ".format(c["ip_dst"]) "description": "It means that the server {} is likely not resolved by any domain name or the resolution has already been cached by ".format(c["ip_dst"])