krb5: improves check for alert app-layer data

author Philippe Antoine <pantoine@oisf.net>

Fri, 12 May 2023 10:28:05 +0000 (12:28 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 21 Nov 2023 05:47:35 +0000 (06:47 +0100)
author Philippe Antoine <pantoine@oisf.net>
Fri, 12 May 2023 10:28:05 +0000 (12:28 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 21 Nov 2023 05:47:35 +0000 (06:47 +0100)
diff --git a/tests/krb5-kerberoasting/test.yaml b/tests/krb5-kerberoasting/test.yaml

index bd5ba8a3f056976eb4f985a6dfb2b0834c03e8df..b7f1284a7fe658218242cac11d622e3f814787ee 100644 (file)
--- a/tests/krb5-kerberoasting/test.yaml
+++ b/tests/krb5-kerberoasting/test.yaml
@@ -21,6 +21,13 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        krb5.msg_type: KRB_TGS_REP
    - filter:
        count: 1
        match:
author	Philippe Antoine <pantoine@oisf.net>
	Fri, 12 May 2023 10:28:05 +0000 (12:28 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 21 Nov 2023 05:47:35 +0000 (06:47 +0100)