From a85acdfd029833cc750edaa3fa6258042e2392e3 Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Sun, 21 Apr 2019 08:54:56 +0200
Subject: [PATCH] Changed title and description

---
 rules/network/net_dns_c2_detection.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/network/net_dns_c2_detection.yml b/rules/network/net_dns_c2_detection.yml
index bed84c6db..90a889dc2 100644
--- a/rules/network/net_dns_c2_detection.yml
+++ b/rules/network/net_dns_c2_detection.yml
@@ -1,6 +1,6 @@
-title: DNS C2 Detection
+title: Possible DNS Tunneling
 status: experimental
-description: Normally, there exists a limited amount of different dns queries for a single domain. If a huge number of dns queries were performed for a single domain, this can be an indicator that DNS is used for transferring data. 
+description: Normally, DNS logs contain a limited amount of different dns queries for a single domain. This rule detects a high amount of queries for a single domain, which can be an indicator that DNS is used to transfer data. 
 references:
     - https://zeltser.com/c2-dns-tunneling/
     - https://patrick-bareiss.com/detect-c2-traffic-over-dns-using-sigma/