diff --git a/CHANGES b/CHANGES
index b5c94e93c3..6c7a6a3c98 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,10 @@
+
+3.3.0-dev.350 | 2020-09-25 14:37:58 -0700
+
+  * Add dce_rpc_request_stub and dce_rpc_response_stub events (Yacin Nadji, Corelight)
+
+  * Fix namespace warning in fuzzer code (Tim Wojtulewicz, Corelight)
+
 3.3.0-dev.346 | 2020-09-24 16:03:28 -0700
 
   * Fix a Sphinx warning about misformatted packet analyzer comment (Jon Siwek, Corelight)
diff --git a/NEWS b/NEWS
index 1a89a2ed9c..c3961b2d21 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,9 @@ New Functionality
   writing plugins to parse the various parts of a packet header separately,
   chaining down into other plugins as needed.
 
+- Add ``dce_rpc_request_stub`` and ``dce_rpc_response_stub`` events for
+  accessing the contents of DCE-RPC request/response stub data.
+
 Changed Functionality
 ---------------------
 
diff --git a/VERSION b/VERSION
index 831c1faba8..5dc45fe664 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-3.3.0-dev.346
+3.3.0-dev.350
diff --git a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
index 4abbbdf009..ab349037e7 100644
--- a/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
+++ b/src/analyzer/protocol/dce-rpc/dce_rpc-analyzer.pac
@@ -123,6 +123,14 @@ refine connection DCE_RPC_Conn += {
 			                                  ${req.stub}.length());
 			}
 
+		if ( dce_rpc_request_stub )
+			zeek::BifEvent::enqueue_dce_rpc_request_stub(zeek_analyzer(),
+			                                  zeek_analyzer()->Conn(),
+			                                  fid,
+			                                  ${req.context_id},
+			                                  ${req.opnum},
+			                                  binpac::to_stringval(${req.stub}));
+
 		set_cont_id_opnum_map(${req.context_id},
 		                      ${req.opnum});
 		return true;
@@ -140,6 +148,14 @@ refine connection DCE_RPC_Conn += {
 			                                   ${resp.stub}.length());
 			}
 
+		if ( dce_rpc_response_stub )
+			zeek::BifEvent::enqueue_dce_rpc_response_stub(zeek_analyzer(),
+			                                   zeek_analyzer()->Conn(),
+			                                   fid,
+			                                   ${resp.context_id},
+			                                   get_cont_id_opnum_map(${resp.context_id}),
+			                                   binpac::to_stringval(${resp.stub}));
+
 		return true;
 		%}
 
diff --git a/src/analyzer/protocol/dce-rpc/events.bif b/src/analyzer/protocol/dce-rpc/events.bif
index 1f2b61255c..bc9f252054 100644
--- a/src/analyzer/protocol/dce-rpc/events.bif
+++ b/src/analyzer/protocol/dce-rpc/events.bif
@@ -95,7 +95,7 @@ event dce_rpc_alter_context_resp%(c: connection, fid: count%);
 ##
 ## stub_len: Length of the data for the request.
 ##
-## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response
+## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response dce_rpc_request_stub
 event dce_rpc_request%(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count%);
 
 ## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message.
@@ -112,5 +112,39 @@ event dce_rpc_request%(c: connection, fid: count, ctx_id: count, opnum: count, s
 ##
 ## stub_len: Length of the data for the response.
 ##
-## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request
+## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request dce_rpc_response_stub
 event dce_rpc_response%(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count%);
+
+## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` request message.
+##
+## c: The connection.
+##
+## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
+##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
+##      not transported over a pipe.
+##
+## ctx_id: The context identifier of the data representation.
+##
+## opnum: Number of the RPC operation.
+##
+## stub: The data for the request.
+##
+## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_response_stub dce_rpc_request
+event dce_rpc_request_stub%(c: connection, fid: count, ctx_id: count, opnum: count, stub: string%);
+
+## Generated for every :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` response message.
+##
+## c: The connection.
+##
+## fid: File ID of the PIPE that carried the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)`
+##      message. Zero will be used if the :abbr:`DCE-RPC (Distributed Computing Environment/Remote Procedure Calls)` was
+##      not transported over a pipe.
+##
+## ctx_id: The context identifier of the data representation.
+###
+## opnum: Number of the RPC operation.
+##
+## stub: The data for the response.
+##
+## .. zeek:see:: dce_rpc_message dce_rpc_bind dce_rpc_bind_ack dce_rpc_request_stub dce_rpc_response
+event dce_rpc_response_stub%(c: connection, fid: count, ctx_id: count, opnum: count, stub: string%);
diff --git a/testing/btest/Baseline/scripts.base.protocols.dce-rpc.request-response-stub-events/out b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.request-response-stub-events/out
new file mode 100644
index 0000000000..30c7b34864
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dce-rpc.request-response-stub-events/out
@@ -0,0 +1,6 @@
+dce_rpc_request     , [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 144
+dce_rpc_request_stub, [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 144
+6b1ae0dd480552c8ea776ff61470f020fe55ccc3a3a8b4a9f09a7a03fe8ac77342df9323aadfce176f1b02143fa727496c8ae9308775f70a264ea627d2f1f1f514fb471650b2c2a69caa96fc2f885c31800820ea55852822d536ac0a71902aafd854d023cc6394a4d0861b991fd8a9e5e451c471a497eaf67e8652b8d107e8b80ba21a07763e67afcda009b18db916ab
+dce_rpc_response     , [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 64
+dce_rpc_response_stub, [orig_h=192.168.122.145, orig_p=55614/tcp, resp_h=192.168.122.3, resp_p=1024/tcp], 0, 0, 0, 64
+f79c0c2680ad63c2c48a2f2244450025ee5df82a8674cc448d085ac51a5c83950b8bc9d2fca2fc616fd88d28c12fd201c715d33d504d67b27179c7b145979ba2
diff --git a/testing/btest/scripts/base/protocols/dce-rpc/request-response-stub-events.zeek b/testing/btest/scripts/base/protocols/dce-rpc/request-response-stub-events.zeek
new file mode 100644
index 0000000000..ad351b646f
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dce-rpc/request-response-stub-events.zeek
@@ -0,0 +1,28 @@
+# @TEST-EXEC: zeek -b -C -r $TRACES/dce-rpc/cs_window7-join_stream092.pcap %INPUT > out
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/dce-rpc
+
+event dce_rpc_request(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
+	{
+	print "dce_rpc_request     ", c$id, fid, ctx_id, opnum, stub_len;
+	}
+
+event dce_rpc_request_stub(c: connection, fid: count, ctx_id: count, opnum: count, stub: string)
+	{
+	print "dce_rpc_request_stub", c$id, fid, ctx_id, opnum, |stub|;
+	print bytestring_to_hexstr(stub);
+	}
+
+event dce_rpc_response(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
+	{
+	print "dce_rpc_response     ", c$id, fid, ctx_id, opnum, stub_len;
+	}
+
+event dce_rpc_response_stub(c: connection, fid: count, ctx_id: count, opnum: count, stub: string)
+	{
+	print "dce_rpc_response_stub", c$id, fid, ctx_id, opnum, |stub|;
+	print bytestring_to_hexstr(stub);
+	terminate();
+	}
+