From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 1 Nov 2024 15:46:11 +0000 (-0600)
Subject: rules/ike: fix ike event names that have changed
X-Git-Tag: suricata-8.0.0-beta1~738
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b44ba3224f774344ae4307ed82d98b8d92d6e7db;p=thirdparty%2Fsuricata.git

rules/ike: fix ike event names that have changed

- weak_crypto_nodh -> weak_crypto_no_dh
- weak_crypto_noauth -> weak_crypto_no_auth

Ticket: #7361
---

diff --git a/rules/ipsec-events.rules b/rules/ipsec-events.rules
index ccfd65145c..2e5eee4ba6 100644
--- a/rules/ipsec-events.rules
+++ b/rules/ipsec-events.rules
@@ -10,8 +10,8 @@ alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (E
 alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (PRF)"; flow:to_client; app-layer-event:ike.weak_crypto_prf; classtype:protocol-command-decode; sid:2224003; rev:2;)
 alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (Auth)"; flow:to_client; app-layer-event:ike.weak_crypto_auth; classtype:protocol-command-decode; sid:2224004; rev:3;)
 alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ike.weak_crypto_dh; classtype:protocol-command-decode; sid:2224005; rev:3;)
-alert ike any any -> any any (msg:"SURICATA IKE no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ike.weak_crypto_nodh; classtype:protocol-command-decode; sid:2224006; rev:2;)
-alert ike any any -> any any (msg:"SURICATA IKE no authentication"; flow:to_client; app-layer-event:ike.weak_crypto_noauth; classtype:protocol-command-decode; sid:2224007; rev:2;)
+alert ike any any -> any any (msg:"SURICATA IKE no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ike.weak_crypto_no_dh; classtype:protocol-command-decode; sid:2224006; rev:3;)
+alert ike any any -> any any (msg:"SURICATA IKE no authentication"; flow:to_client; app-layer-event:ike.weak_crypto_no_auth; classtype:protocol-command-decode; sid:2224007; rev:3;)
 alert ike any any -> any any (msg:"SURICATA IKE no encryption (AH)"; flow:to_client; app-layer-event:ike.no_encryption; classtype:protocol-command-decode; sid:2224008; rev:2;)
 alert ike any any -> any any (msg:"SURICATA IKE invalid proposal"; flow:to_server; app-layer-event:ike.invalid_proposal; classtype:protocol-command-decode; sid:2224009; rev:2;)
 alert ike any any -> any any (msg:"SURICATA IKE invalid proposal selected"; flow:to_client; app-layer-event:ike.invalid_proposal; classtype:protocol-command-decode; sid:2224010; rev:2;)