I am working on Lab " Effectively Using Suricata" Task 2.
I have written Suricata rule below, when i executed the rule no hits found
Rule: alert dns $HOME_NET any → any any (msg:“TROJAN Activity Detected DNS Query to Known Sofacy Domain 1”; dns_query; content:“drivers-update.info”; nocase; isdataat:!1,relative; sid:1; rev:1;)
I have compared with lab solution rule and i didn’t find any difference, but still unable to find the reason. There’s no logs in fast.log.
Kindly assist about issue?