From b44ba3224f774344ae4307ed82d98b8d92d6e7db Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 1 Nov 2024 09:46:11 -0600
Subject: [PATCH] rules/ike: fix ike event names that have changed

- weak_crypto_nodh -> weak_crypto_no_dh
- weak_crypto_noauth -> weak_crypto_no_auth

Ticket: #7361
---
 rules/ipsec-events.rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/ipsec-events.rules b/rules/ipsec-events.rules
index ccfd65145c..2e5eee4ba6 100644
--- a/rules/ipsec-events.rules
+++ b/rules/ipsec-events.rules
@@ -10,8 +10,8 @@ alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (E
 alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (PRF)"; flow:to_client; app-layer-event:ike.weak_crypto_prf; classtype:protocol-command-decode; sid:2224003; rev:2;)
 alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (Auth)"; flow:to_client; app-layer-event:ike.weak_crypto_auth; classtype:protocol-command-decode; sid:2224004; rev:3;)
 alert ike any any -> any any (msg:"SURICATA IKE weak cryptographic parameters (Diffie-Hellman)"; flow:to_client; app-layer-event:ike.weak_crypto_dh; classtype:protocol-command-decode; sid:2224005; rev:3;)
-alert ike any any -> any any (msg:"SURICATA IKE no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ike.weak_crypto_nodh; classtype:protocol-command-decode; sid:2224006; rev:2;)
-alert ike any any -> any any (msg:"SURICATA IKE no authentication"; flow:to_client; app-layer-event:ike.weak_crypto_noauth; classtype:protocol-command-decode; sid:2224007; rev:2;)
+alert ike any any -> any any (msg:"SURICATA IKE no Diffie-Hellman exchange parameters"; flow:to_client; app-layer-event:ike.weak_crypto_no_dh; classtype:protocol-command-decode; sid:2224006; rev:3;)
+alert ike any any -> any any (msg:"SURICATA IKE no authentication"; flow:to_client; app-layer-event:ike.weak_crypto_no_auth; classtype:protocol-command-decode; sid:2224007; rev:3;)
 alert ike any any -> any any (msg:"SURICATA IKE no encryption (AH)"; flow:to_client; app-layer-event:ike.no_encryption; classtype:protocol-command-decode; sid:2224008; rev:2;)
 alert ike any any -> any any (msg:"SURICATA IKE invalid proposal"; flow:to_server; app-layer-event:ike.invalid_proposal; classtype:protocol-command-decode; sid:2224009; rev:2;)
 alert ike any any -> any any (msg:"SURICATA IKE invalid proposal selected"; flow:to_client; app-layer-event:ike.invalid_proposal; classtype:protocol-command-decode; sid:2224010; rev:2;)
-- 
2.47.2