Skip to content

Commit

Permalink
Handle parsing of SRV records
Browse files Browse the repository at this point in the history
  • Loading branch information
@cccs-rs
cccs-rs committed Aug 27, 2024
1 parent 0b555d5 commit a470cd8
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions suricata_/helper.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,13 @@ def attach_network_connection(data: dict):
# Populate reverse lookup map
for record in event_types["dns"]:
domain = record["dns"]["rrname"]
for lookup_type, resolved_ips in record["dns"].get("grouped", {}).items():
[reverse_lookup.update({ip: domain}) for ip in resolved_ips]
if record["dns"].get("rrtype") == "SRV":
# These kinds of records have to be parsed differently
for answer in record["dns"].get("additionals", []):
reverse_lookup[answer["rdata"]] = answer["rrname"]
else:
for lookup_type, resolved_ips in record["dns"].get("grouped", {}).items():
reverse_lookup.update({ip: domain for ip in resolved_ips})

for record in ordered_records:
timestamp = dateparser.parse(record["timestamp"]).isoformat(" ")
Expand Down

0 comments on commit a470cd8

Please sign in to comment.