mirror of https://github.com/MISP/MISP
Fixes issue #6379
The NIDS export creates two rules for attributes with type 'email' (a src and dst rule). However, the same SID was used for both rules. Since SIDs must be unique for a ruleset, this will be logged as an error by Suricata and the rule is not loaded (see issue #6379). This fixes the issue by incrementing the SID before creating the second email rule.pull/8433/head
parent
40e52a5b6b
commit
27e6c60b89
|
@ -159,7 +159,7 @@ class NidsExport
|
|||
$this->ipSrcRule($ruleFormat, $item['Attribute'], $sid);
|
||||
break;
|
||||
case 'email':
|
||||
$this->emailSrcRule($ruleFormat, $item['Attribute'], $sid);
|
||||
$this->emailSrcRule($ruleFormat, $item['Attribute'], $sid++);
|
||||
$this->emailDstRule($ruleFormat, $item['Attribute'], $sid);
|
||||
break;
|
||||
case 'email-src':
|
||||
|
|
Loading…
Reference in New Issue