Actions
Feature #4515
closedAdd DNS logging of Z flag
Effort:
Difficulty:
Label:
Protocol, Rust
Description
The this Z field is logged by Zeek: https://docs.zeek.org/en/master/logs/dns.html
And has shown good value to have in investigations, and there has been created a sigma rule that is based on this flag:
https://github.com/SigmaHQ/sigma/blob/master/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml
I think this should be pretty strightforward, so I will great a PR
Updated by Odin Jenseg over 3 years ago
Updated by Jason Ish almost 3 years ago
- Related to Bug #4924: dns: transaction not created when z-bit set added
Updated by Jason Ish almost 3 years ago
- Status changed from New to In Review
Updated by Jason Ish almost 3 years ago
- Status changed from In Review to Closed
- Target version set to 7.0.0-beta1
PR merged.
Actions