From 7dc0facf0579d243d23266fe512e7ace3e5035ea Mon Sep 17 00:00:00 2001
From: Nate Guagenti <neu5ron@users.noreply.github.com>
Date: Thu, 24 Feb 2022 20:03:56 -0500
Subject: [PATCH] Update zeek_dns_suspicious_zbit_flag.yml

---
 rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml b/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml
index 3d8736fe9..306a153b0 100644
--- a/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml
+++ b/rules/network/zeek/zeek_dns_suspicious_zbit_flag.yml
@@ -38,7 +38,7 @@ detection:
       - 'NS'
       - 'ns'
       - 'MX'
-      - 'MX'
+      - 'mx'
   exclude_responses:
     answers|endswith: '\\x00'
   exclude_netbios: