Merge pull request #152 from CybercentreCanada/ontology/smtp

Support different keys for DNS queries in alerts
CybercentreCanada · Aug 7, 2024 · d944d7a · d944d7a
2 parents 6cee0cf + 3bd5b6c
commit d944d7a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/suricata_/helper.py b/suricata_/helper.py
@@ -273,7 +273,7 @@ def attach_network_connection(data: dict):
 
                         if not any(
                             query["rrname"] == network_part.dns_details.domain
-                            for query in record["dns"].get("queries", [])
+                            for query in record["dns"].get("queries", []) + record["dns"].get("query", [])
                         ):
                             # This particular record isn't relevant to the alert
                             continue