From ff109b21be3c31ba7db51c9fbfd099ef42cbfa80 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Thu, 13 Mar 2025 08:29:33 +0100
Subject: [PATCH] tests: update datajson 0.9 syntax

---
 tests/datajson/datajson-09-jsonformat/test.rules | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tests/datajson/datajson-09-jsonformat/test.rules b/tests/datajson/datajson-09-jsonformat/test.rules
index 4caa80a70..a55f95554 100644
--- a/tests/datajson/datajson-09-jsonformat/test.rules
+++ b/tests/datajson/datajson-09-jsonformat/test.rules
@@ -1,7 +1,7 @@
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,badhost,type string,load hosts.json,key bad_host,json_key host, array_key threat; ip.src; datajson:isset,src_ip,type ip,load src.json,key src_ip,json_key ip; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,badhost,type string,load hosts.json,format json, enrichment_key bad_host,value_key host, array_key threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:1;)
 
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,dbadhost,type string,load hosts-direct.json,key dbad_host,json_key host; ip.src; datajson:isset,src_ip,type ip,load src.json,key src_ip,json_key ip; sid:2;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,dbadhost,type string,load hosts-direct.json,format json,enrichment_key dbad_host,value_key host; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:2;)
 
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,nbadhost,type string,load hosts-nested.json,key nbad_host,json_key host, array_key info.threat; ip.src; datajson:isset,src_ip,type ip,load src.json,key src_ip,json_key ip; sid:3;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nbadhost,type string,load hosts-nested.json,format json, enrichment_key nbad_host,value_key host, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:3;)
 
-alert http any any -> any any (flow:established,to_server; http.host; datajson:isset,nkbadhost,type string,load hosts-nested-key.json,key nkbad_host,json_key host.fqdn, array_key info.threat; ip.src; datajson:isset,src_ip,type ip,load src.json,key src_ip,json_key ip; sid:4;)
+alert http any any -> any any (flow:established,to_server; http.host; dataset:isset,nkbadhost,type string,load hosts-nested-key.json,format json, enrichment_key nkbad_host,value_key host.fqdn, array_key info.threat; ip.src; dataset:isset,src_ip,type ip,load src.json,format json, enrichment_key src_ip,value_key ip; sid:4;)
-- 
2.47.3