From 871f9651096847923ff0762163d43dbd8c19ea27 Mon Sep 17 00:00:00 2001
From: yugoslavskiy <daniil@yugoslavskiy.com>
Date: Sun, 29 Nov 2020 21:31:54 +0100
Subject: [PATCH] Update lnx_susp_named.yml

---
 rules/linux/lnx_susp_named.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/linux/lnx_susp_named.yml b/rules/linux/lnx_susp_named.yml
index 6e6709240..128300cc2 100644
--- a/rules/linux/lnx_susp_named.yml
+++ b/rules/linux/lnx_susp_named.yml
@@ -10,10 +10,10 @@ logsource:
     product: linux
     service: syslog
 detection:
-    keywords|contains:
-        - ' dropping source port zero packet from '
-        - ' denied AXFR from '
-        - ' exiting (due to fatal error)'
+    keywords:
+        - '* dropping source port zero packet from *'
+        - '* denied AXFR from *'
+        - '* exiting (due to fatal error)*'
     condition: keywords
 falsepositives:
     - Unknown