]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f337ab0)
ftp: improves check for alert app-layer data
authorPhilippe Antoine <pantoine@oisf.net>
Thu, 11 May 2023 09:21:11 +0000 (11:21 +0200)
committerVictor Julien <victor@inliniac.net>
Tue, 21 Nov 2023 05:47:35 +0000 (06:47 +0100)
tests/ftp/ftp-too-long-command/test.yaml patch | blob | blame | history

diff --git a/tests/ftp/ftp-too-long-command/test.yaml b/tests/ftp/ftp-too-long-command/test.yaml
index 3336d888345fe5145342a0b1d42da32c45177bda..4ce3111b018cc17072ded31b3132463d0306ee22 100644 (file)
--- a/tests/ftp/ftp-too-long-command/test.yaml
+++ b/tests/ftp/ftp-too-long-command/test.yaml
@@ -34,3 +34,11 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 2232000
+  # Alert has app-layer details.
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2232000
+        ftp.command: "RETR"
Mirror of https://github.com/OISF/suricata-verify.git