]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 621053e)
tests: smb add smb.share test
authorVictor Julien <victor@inliniac.net>
Wed, 20 Jan 2021 14:57:38 +0000 (15:57 +0100)
committerVictor Julien <victor@inliniac.net>
Wed, 20 Jan 2021 14:57:38 +0000 (15:57 +0100)
tests/smb2-03-rule/filedata.rules patch | blob | blame | history
tests/smb2-03-rule/test.yaml patch | blob | blame | history

diff --git a/tests/smb2-03-rule/filedata.rules b/tests/smb2-03-rule/filedata.rules
index e90903c35e99b5ba0511ba903e48c1e361f8d694..a5253ce1c60476fa524267a0f4979f29b4c57e7c 100644 (file)
--- a/tests/smb2-03-rule/filedata.rules
+++ b/tests/smb2-03-rule/filedata.rules
@@ -1 +1,2 @@
 alert smb any any -> any any (file_data; content:"%PDF-1.5"; startswith; sid:1;)
+alert smb any any -> any any (smb.share; content:"|5C 5C|10.0.0.12|5C|smb2"; sid:2;)
diff --git a/tests/smb2-03-rule/test.yaml b/tests/smb2-03-rule/test.yaml
index 0910c932cc3cc1e919bfef430c2f1e03f597c99c..b3bdddbaea5b3799cc31200f8186be8efca1bfb3 100644 (file)
--- a/tests/smb2-03-rule/test.yaml
+++ b/tests/smb2-03-rule/test.yaml
@@ -13,6 +13,11 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
   - filter:
       count: 20
       match:
Mirror of https://github.com/OISF/suricata-verify.git