tests: various dcerpc updates

author Victor Julien <victor@inliniac.net>

Tue, 14 Jun 2022 09:49:36 +0000 (11:49 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 14 Jun 2022 09:49:36 +0000 (11:49 +0200)
author Victor Julien <victor@inliniac.net>
Tue, 14 Jun 2022 09:49:36 +0000 (11:49 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 14 Jun 2022 09:49:36 +0000 (11:49 +0200)
diff --git a/tests/bug-5162/test.yaml b/tests/bug-5162/test.yaml

index 0e9396bc3fa5595ec5a57f9be08326a627d1e5f2..169cd41019075ae8267c270403b8573fd728eed3 100644 (file)
--- a/tests/bug-5162/test.yaml
+++ b/tests/bug-5162/test.yaml
@@ -3,6 +3,7 @@ args:
  
  checks:
  - filter:
+    min-version: 6
      count: 1445
      match:
        event_type: dcerpc
diff --git a/tests/dcerpc-smb-fail/test.yaml b/tests/dcerpc-smb-fail/test.yaml

index ef1c9171b9ba99224bb13782dfdef7c0f0fd4d80..005930835b5560d98f001e571b21742fd4a8b837 100644 (file)
--- a/tests/dcerpc-smb-fail/test.yaml
+++ b/tests/dcerpc-smb-fail/test.yaml
@@ -3,6 +3,7 @@ args:
  
  checks:
  - filter:
+    min-version: 6
      count: 1445
      match:
        event_type: dcerpc
diff --git a/tests/dcerpc/dcerpc-dce-iface-01/test.yaml b/tests/dcerpc/dcerpc-dce-iface-01/test.yaml

index 81d280773cb08775aafe778a5579ae27b3ee6d1d..8b8c969edf37c02e165c4c91cfeed050ef76bd7e 100644 (file)
--- a/tests/dcerpc/dcerpc-dce-iface-01/test.yaml
+++ b/tests/dcerpc/dcerpc-dce-iface-01/test.yaml
@@ -1,5 +1,5 @@
  requires:
-  min-version: 7
+  min-version: 6
    features:
      - HAVE_LIBJANSSON
  
diff --git a/tests/dcerpc/dcerpc-dce-stub-data/test.rules b/tests/dcerpc/dcerpc-dce-stub-data/test.rules

index ba960945052ecc2392ad21904d410a3103a61a28..fbc992984bbd0d80ac6f7cac41a679471d3c3bc2 100644 (file)
--- a/tests/dcerpc/dcerpc-dce-stub-data/test.rules
+++ b/tests/dcerpc/dcerpc-dce-stub-data/test.rules
@@ -1,3 +1,7 @@
  alert tcp any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00 00 00 00 01 00 00|"; sid:1;)
  alert tcp any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00|"; sid:2;)
  alert tcp any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|01 09 00|"; sid:3;)
+
+alert dcerpc any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00 00 00 00 01 00 00|"; sid:11;)
+alert dcerpc any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00|"; sid:12;)
+alert dcerpc any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|01 09 00|"; sid:13;)
diff --git a/tests/dcerpc/dcerpc-dce-stub-data/test.yaml b/tests/dcerpc/dcerpc-dce-stub-data/test.yaml

index 389fbe9b34fbae988787c22fbfcff3ce0649d404..92160925b99a330f851407d2145051781e76f899 100644 (file)
--- a/tests/dcerpc/dcerpc-dce-stub-data/test.yaml
+++ b/tests/dcerpc/dcerpc-dce-stub-data/test.yaml
@@ -28,6 +28,23 @@ checks:
      match:
        event_type: alert
        alert.signature_id: 3
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 11
+      pcap_cnt: 10
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 12
+      pcap_cnt: 10
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 13
  - filter:
      count: 1
      match:
author	Victor Julien <victor@inliniac.net>
	Tue, 14 Jun 2022 09:49:36 +0000 (11:49 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 14 Jun 2022 09:49:36 +0000 (11:49 +0200)
tests/bug-5162/test.yaml		patch \| blob \| blame \| history
tests/dcerpc-smb-fail/test.yaml		patch \| blob \| blame \| history
tests/dcerpc/dcerpc-dce-iface-01/test.yaml		patch \| blob \| blame \| history
tests/dcerpc/dcerpc-dce-stub-data/test.rules		patch \| blob \| blame \| history
tests/dcerpc/dcerpc-dce-stub-data/test.yaml		patch \| blob \| blame \| history