diff --git a/hp-labrea/labrea-idea.py b/hp-labrea/labrea-idea.py
index a3b7866bf3a7612c1ea230e066da85a24d9a248b..a5316e10678dd6cef987d6768e9e7fe5869b6762 100755
--- a/hp-labrea/labrea-idea.py
+++ b/hp-labrea/labrea-idea.py
@@ -259,13 +259,15 @@ class IdeaGen(object):
"category": ["Recon.Scanning"],
"description": "TCP connections/scan",
"template": "labrea-001",
- "note": "Connections from remote host to never assigned IP"
+ "note": "Connections from remote host to never assigned IP",
+ "proto": ["tcp"]
},
"ping": {
"category": ["Recon.Scanning"],
"description": "Ping scan",
"template": "labrea-002",
- "note": "Ping requests from remote host to never assigned IP"
+ "note": "Ping requests from remote host to never assigned IP",
+ "proto": ["icmp"]
},
"synack": {
"category": ["Availability.DoS"],
@@ -273,7 +275,8 @@ class IdeaGen(object):
"template": "labrea-003",
"note": "Unsolicited SYN/ACK packet received from remote host to never assigned IP",
"source_type": ["Backscatter"],
- "source_to_target": True
+ "source_to_target": True,
+ "proto": ["tcp"]
}
}
@@ -284,7 +287,7 @@ class IdeaGen(object):
tmpl = self.template[template]
isource = {
"IP6" if ":" in src else "IP4": [src],
- "Proto": ["tcp"]
+ "Proto": tmpl["proto"]
}
if "source_type" in tmpl:
isource["Type"] = tmpl["source_type"]
@@ -296,7 +299,7 @@ class IdeaGen(object):
folded_tgt.setdefault(frozenset(ports), []).append(tgt)
itargets = []
for ports, tgt in folded_tgt.items():
- itarget = {"Proto": ["tcp"]}
+ itarget = {"Proto": tmpl["proto"]}
tgts4 = [ip for ip in tgt if ":" not in ip]
tgts6 = [ip for ip in tgt if ":" in ip]
if tgts4: