From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 30 Nov 2022 15:28:14 +0000 (+0100)
Subject: rfb: adds a check for community_id field in a rfb event
X-Git-Tag: suricata-6.0.10~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1030%2Fhead;p=thirdparty%2Fsuricata-verify.git

rfb: adds a check for community_id field in a rfb event
---

diff --git a/tests/rfb-protocol-3.3/suricata.yaml b/tests/rfb-protocol-3.3/suricata.yaml
index 4aea57de3..c630bad84 100644
--- a/tests/rfb-protocol-3.3/suricata.yaml
+++ b/tests/rfb-protocol-3.3/suricata.yaml
@@ -6,6 +6,7 @@ outputs:
       enabled: yes
       filetype: regular
       filename: eve.json
+      community-id: true
       types:
         - rfb
         - flow
diff --git a/tests/rfb-protocol-3.3/test.yaml b/tests/rfb-protocol-3.3/test.yaml
index 5f23763d1..beff2819b 100644
--- a/tests/rfb-protocol-3.3/test.yaml
+++ b/tests/rfb-protocol-3.3/test.yaml
@@ -12,6 +12,12 @@ checks:
         event_type: flow
         app_proto: rfb
 
+  - filter:
+      count: 1
+      match:
+        event_type: rfb
+        community_id: 1:d6qHVLyvWEl4kfHAZiDmEtDyb2I=
+
   - filter:
       count: 1
       match: