test/entropy: Validate entropy values

author Jeff Lucovsky <jlucovsky@oisf.net>

Sat, 31 May 2025 14:37:53 +0000 (10:37 -0400)

committer Victor Julien <victor@inliniac.net>

Fri, 6 Jun 2025 18:08:46 +0000 (20:08 +0200)
author Jeff Lucovsky <jlucovsky@oisf.net>
Sat, 31 May 2025 14:37:53 +0000 (10:37 -0400)
committer Victor Julien <victor@inliniac.net>
Fri, 6 Jun 2025 18:08:46 +0000 (20:08 +0200)
diff --git a/tests/entropy/entropy-01/test.yaml b/tests/entropy/entropy-01/test.yaml

index 5fcc51ca57faf29ced9bde5ec6b3854dfd33fadb..507b0f4094ad721916cc2b8693114c5e4816708b 100644 (file)
--- a/tests/entropy/entropy-01/test.yaml
+++ b/tests/entropy/entropy-01/test.yaml
@@ -7,11 +7,13 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 1
+        metadata.entropy.file_data: 4.150007324019584
    - filter:
        count: 1
        match:
          event_type: alert
          alert.signature_id: 2
+        metadata.entropy.file_data: 4.150007324019584
    - filter:
        count: 0
        match:
@@ -22,6 +24,7 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 4
+        metadata.entropy.file_data: 4.150007324019584
    - filter:
        count: 0
        match:
@@ -37,6 +40,7 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 7
+        metadata.entropy.file_data: 4.150007324019584
    - filter:
        count: 0
        match:
@@ -47,3 +51,13 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 10
+        metadata.entropy.file_data: 4.150007324019584
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        src_ip: 10.92.95.2
+        dest_ip: 10.92.67.138
+        flow.pkts_toserver: 5
+        flow.pkts_toclient: 5
+        metadata.entropy.file_data: 4.150007324019584
author	Jeff Lucovsky <jlucovsky@oisf.net>
	Sat, 31 May 2025 14:37:53 +0000 (10:37 -0400)
committer	Victor Julien <victor@inliniac.net>
	Fri, 6 Jun 2025 18:08:46 +0000 (20:08 +0200)