Correcting typo on the not resolved host heuristic

2021-01-20 20:34:53 +01:00 · 2021-01-20 20:34:53 +01:00 · 8845b68333
commit 8845b68333
parent 0cedade4b8
1 changed files with 1 additions and 1 deletions
--- a/analysis/classes/zeekengine.py
+++ b/analysis/classes/zeekengine.py
@ -135,7 +135,7 @@ class ZeekEngine(object):
                                        "level": "Moderate",
                                        "id": "PROTO-04"})
                # Check for non-resolved IP address.
-                if c["service"] == c["resolution"]:
+                if c["ip_dst"] == c["resolution"]:
                    c["alert_tiggered"] = True
                    self.alerts.append({"title": "The server {} hasn't been resolved by any DNS query during the session".format(c["ip_dst"]),
                                        "description": "It means that the server {} is likely not resolved by any domain name or the resolution has already been cached by ".format(c["ip_dst"])