]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 242310b)
dhcp: adds check about rebinding_time keyword
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 25 Aug 2022 15:11:26 +0000 (17:11 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 13 Sep 2022 09:45:40 +0000 (11:45 +0200)
tests/dhcp-eve-extended/min7.rules patch | blob | blame | history
tests/dhcp-eve-extended/test.yaml patch | blob | blame | history

diff --git a/tests/dhcp-eve-extended/min7.rules b/tests/dhcp-eve-extended/min7.rules
index 841a842fecc622d8a793bca5c7371365bcd8b1b9..ee9e9902d2163c6f6455b437fe232e496b4eda59 100644 (file)
--- a/tests/dhcp-eve-extended/min7.rules
+++ b/tests/dhcp-eve-extended/min7.rules
@@ -1 +1,2 @@
 alert dhcp any any -> any any (msg:"small DHCP lease time (<2hours)"; dhcp.leasetime:<7200; sid:1; rev:1;)
+alert dhcp any any -> any any (msg:"big DHCP rebinding time (>3000seconds)"; dhcp.rebinding_time:>3000; sid:2; rev:1;)
diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml
index 58782b34eb770bd755bf527b76629b3a6934932f..ca0ae29cc0caeb6adc12c6d8e8a0e81a7e42352f 100644 (file)
--- a/tests/dhcp-eve-extended/test.yaml
+++ b/tests/dhcp-eve-extended/test.yaml
@@ -72,3 +72,9 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 1
+- filter:
+    min-version: 7
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
Mirror of https://github.com/OISF/suricata-verify.git