tests: datajson uses context_key

author Eric Leblond <el@stamus-networks.com>

Sun, 8 Jun 2025 07:02:09 +0000 (09:02 +0200)

committer Eric Leblond <el@stamus-networks.com>

Wed, 11 Jun 2025 12:01:45 +0000 (14:01 +0200)
author Eric Leblond <el@stamus-networks.com>
Sun, 8 Jun 2025 07:02:09 +0000 (09:02 +0200)
committer Eric Leblond <el@stamus-networks.com>
Wed, 11 Jun 2025 12:01:45 +0000 (14:01 +0200)
diff --git a/tests/datajson/datajson-01-ip/test.rules b/tests/datajson/datajson-01-ip/test.rules

index ce880a2ff7379981e4cb7bb1147699cd33e1163c..bcbdc2e11d8b342415709f255a2aa5f8e4ad2a88 100644 (file)
--- a/tests/datajson/datajson-01-ip/test.rules
+++ b/tests/datajson/datajson-01-ip/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; content:"testmyids.com"; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json, enrichment_key src_ip, value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content:"testmyids.com"; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json, context_key src_ip, value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-02-multiple/test.rules b/tests/datajson/datajson-02-multiple/test.rules

index 592636c0c3a0449a70caa73c3f9adf6bffd8ccc6..ad3b154e4d7d3ba54c47f1f50d7ce1ae3c5870c1 100644 (file)
--- a/tests/datajson/datajson-02-multiple/test.rules
+++ b/tests/datajson/datajson-02-multiple/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,context_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,context_key src_ip,value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-03-jsonline/test.rules b/tests/datajson/datajson-03-jsonline/test.rules

index 106d2c8845ad9b8f0587e3cfbaf9d6c6e2966db6..4bf8a7eceb905818a3d8cd4c5e9e9a29beb4e508 100644 (file)
--- a/tests/datajson/datajson-03-jsonline/test.rules
+++ b/tests/datajson/datajson-03-jsonline/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,context_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,context_key src_ip,value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-04-hashes/test.rules b/tests/datajson/datajson-04-hashes/test.rules

index 900bdbba3983c2b5cc107018f184805b0735c0dd..d81b5b493e3600525428e9dee974d93ee703abb0 100644 (file)
--- a/tests/datajson/datajson-04-hashes/test.rules
+++ b/tests/datajson/datajson-04-hashes/test.rules
@@ -1,2 +1,2 @@
-alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; dataset:isset,badcat,type sha256,load badsha.lst,format json,enrichment_key bad_sha,value_key hash; sid:1; rev:1;)
-alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; dataset:isset,badmd5,type md5,load badmd5.lst,format json,enrichment_key bad_md5,value_key hash; sid:2; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_sha256; dataset:isset,badcat,type sha256,load badsha.lst,format json,context_key bad_sha,value_key hash; sid:1; rev:1;)
+alert http any any -> any any (flow:established,to_server; http.host; content: "testmyids"; to_md5; dataset:isset,badmd5,type md5,load badmd5.lst,format json,context_key bad_md5,value_key hash; sid:2; rev:1;)
diff --git a/tests/datajson/datajson-05-duplicate/test.rules b/tests/datajson/datajson-05-duplicate/test.rules

index 592636c0c3a0449a70caa73c3f9adf6bffd8ccc6..ad3b154e4d7d3ba54c47f1f50d7ce1ae3c5870c1 100644 (file)
--- a/tests/datajson/datajson-05-duplicate/test.rules
+++ b/tests/datajson/datajson-05-duplicate/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,enrichment_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format json,context_key bad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format json,context_key src_ip,value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-06-remove-key/test.rules b/tests/datajson/datajson-06-remove-key/test.rules

index 329e7ccd328174fa7f57ae0b7bf58755b021772e..545ffc769127b4f6154781af8634010a98bc4b27 100644 (file)
--- a/tests/datajson/datajson-06-remove-key/test.rules
+++ b/tests/datajson/datajson-06-remove-key/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,enrichment_key bad_host,remove_key, value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,enrichment_key src_ip,value_key ip, remove_key; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,context_key bad_host,remove_key, value_key host; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,context_key src_ip,value_key ip, remove_key; sid:1;)
diff --git a/tests/datajson/datajson-07-dataset/test.rules b/tests/datajson/datajson-07-dataset/test.rules

index 95a8258957d99a64854acc9c10217829acbe5e58..127664adb0283617f8435e368e269d1967da6e42 100644 (file)
--- a/tests/datajson/datajson-07-dataset/test.rules
+++ b/tests/datajson/datajson-07-dataset/test.rules
@@ -1,2 +1,2 @@
  alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,key ip; sid:1;)
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,enrichment_key bad_host; sid:2;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,context_key bad_host; sid:2;)
diff --git a/tests/datajson/datajson-08-invalid-json/test.rules b/tests/datajson/datajson-08-invalid-json/test.rules

index 71aa789ba5ffd5e788c98ec95234fe38ed73f940..660f8dfa63286511204343ab3c4b1e72f6930111 100644 (file)
--- a/tests/datajson/datajson-08-invalid-json/test.rules
+++ b/tests/datajson/datajson-08-invalid-json/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,format json, enrichment_key ip, value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; ip.src; dataset:isset,bip,type ipv6,load ip.lst,format json, context_key ip, value_key ip; sid:1;)
diff --git a/tests/datajson/datajson-09-jsonformat/test.rules b/tests/datajson/datajson-09-jsonformat/test.rules

index a55f95554d20a8d434fe2961ea53f7826c095289..d229c5a5c191587363b3b9c82fc5ca260062d70c 100644 (file)
--- a/tests/datajson/datajson-09-jsonformat/test.rules
+++ b/tests/datajson/datajson-09-jsonformat/test.rules
@@ -1,7 +1,7 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load hosts.json,format json, enrichment_key bad_host,value_key host, array_key threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load hosts.json,format json, context_key bad_host,value_key host, array_key threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:1;)
  
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,dbadhost,type string,load hosts-direct.json,format json,enrichment_key dbad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:2;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,dbadhost,type string,load hosts-direct.json,format json,context_key dbad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:2;)
  
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nbadhost,type string,load hosts-nested.json,format json, enrichment_key nbad_host,value_key host, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:3;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nbadhost,type string,load hosts-nested.json,format json, context_key nbad_host,value_key host, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:3;)
  
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nkbadhost,type string,load hosts-nested-key.json,format json, enrichment_key nkbad_host,value_key host.fqdn, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:4;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nkbadhost,type string,load hosts-nested-key.json,format json, context_key nkbad_host,value_key host.fqdn, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, context_key src_ip,value_key ip; sid:4;)
diff --git a/tests/datajson/datajson-10-remove-nested-key/test.rules b/tests/datajson/datajson-10-remove-nested-key/test.rules

index 3810aa448f2611c7b79ebce95f1dd44cb94303b1..f5ce1bf37b372d1834433a9e71e98b2b7b614a2c 100644 (file)
--- a/tests/datajson/datajson-10-remove-nested-key/test.rules
+++ b/tests/datajson/datajson-10-remove-nested-key/test.rules
@@ -1 +1 @@
-alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,enrichment_key bad_host,value_key ioc.host,remove_key; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,enrichment_key src_ip,value_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load host.lst,format ndjson,context_key bad_host,value_key ioc.host,remove_key; ip.src; dataset:isset,src_ip,type ip,load src.lst,format ndjson,context_key src_ip,value_key ip; sid:1;)
author	Eric Leblond <el@stamus-networks.com>
	Sun, 8 Jun 2025 07:02:09 +0000 (09:02 +0200)
committer	Eric Leblond <el@stamus-networks.com>
	Wed, 11 Jun 2025 12:01:45 +0000 (14:01 +0200)
tests/datajson/datajson-01-ip/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-02-multiple/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-03-jsonline/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-04-hashes/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-05-duplicate/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-06-remove-key/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-07-dataset/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-08-invalid-json/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-09-jsonformat/test.rules		patch \| blob \| blame \| history
tests/datajson/datajson-10-remove-nested-key/test.rules		patch \| blob \| blame \| history