Project

General

Profile

Actions
Copy link

Feature #4515

closed
OJ OJ

Add DNS logging of Z flag

Feature #4515: Add DNS logging of Z flag

Added by Odin Jenseg almost 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Odin Jenseg
Target version:
7.0.0-beta1
Effort:
Difficulty:
Label:
Protocol, Rust

Description

The this Z field is logged by Zeek: https://docs.zeek.org/en/master/logs/dns.html
And has shown good value to have in investigations, and there has been created a sigma rule that is based on this flag:
https://github.com/SigmaHQ/sigma/blob/master/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml

I think this should be pretty strightforward, so I will great a PR

Related issues 1 (0 open1 closed)

Related to Suricata - Bug #4924: dns: transaction not created when z-bit setClosedJason IshActions

JI Updated by Jason Ish over 4 years ago Actions
Copy link
 #2

  • Related to Bug #4924: dns: transaction not created when z-bit set added

JI Updated by Jason Ish over 4 years ago Actions
Copy link
 #3

  • Status changed from New to In Review

JI Updated by Jason Ish over 4 years ago Actions
Copy link
 #4

  • Status changed from In Review to Closed
  • Target version set to 7.0.0-beta1

PR merged.

Actions
Copy link

Also available in: PDF Atom