git.ipfire.org Git - thirdparty/suricata-verify.git/commit

author	Shivani Bhardwaj <shivanib134@gmail.com>
	Tue, 9 Jul 2019 17:55:35 +0000 (23:25 +0530)
committer	Jason Ish <jason.ish@oisf.net>
	Thu, 21 May 2020 17:49:16 +0000 (11:49 -0600)
commit	b1f345dff8b5beb8151766d38bd4a7c475ce6b0e
tree	31e2470f80141c0272508ea0eb933baff9a47ee0	tree
parent	43164a56eab3a107ca13efdffc2fa8446003e5e8	commit \| diff

Add createst script

createst is a script to produce a test directory with test.yaml as per
the PCAP and configuration provided.

This currently implements the functionality of creating the "checks" block
in `test.yaml` from a given `eve.json`. You can add other configuration
in the file thus created.

Usage
=====
```
usage: createst.py [-h] [--output-path <output-path>] [--eventtype-only]
                   [--allow-events [ALLOW_EVENTS]]
                   <test-name> <pcap-file>

Create tests with a given PCAP. Execute the script from a valid Suricata
source directory.

positional arguments:
  <test-name>           Name of the test folder
  <pcap-file>           Path to the PCAP file

optional arguments:
  -h, --help            show this help message and exit
  --output-path <output-path>
                        Path to the folder where generated test.yaml should be
                        put
  --eventtype-only      Create filter blocks based on event types only
  --allow-events [ALLOW_EVENTS]
                        Create filter blocks for the specified events
```

README.md		diff \| blob \| blame \| history
createst.py	[new file with mode: 0755]	blob