Support different keys for DNS queries in alerts

CybercentreCanada · Aug 7, 2024 · 3bd5b6c · 3bd5b6c
1 parent e9f10c7
commit 3bd5b6c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/suricata_/helper.py b/suricata_/helper.py
@@ -273,7 +273,7 @@ def attach_network_connection(data: dict):
 
                         if not any(
                             query["rrname"] == network_part.dns_details.domain
-                            for query in record["dns"].get("queries", [])
+                            for query in record["dns"].get("queries", []) + record["dns"].get("query", [])
                         ):
                             # This particular record isn't relevant to the alert
                             continue