tftp: test loading of a tftp rule

author Jason Ish <jason.ish@oisf.net>

Wed, 2 Feb 2022 23:11:22 +0000 (17:11 -0600)

committer Jason Ish <jason.ish@oisf.net>

Fri, 29 Apr 2022 21:27:26 +0000 (15:27 -0600)
author Jason Ish <jason.ish@oisf.net>
Wed, 2 Feb 2022 23:11:22 +0000 (17:11 -0600)
committer Jason Ish <jason.ish@oisf.net>
Fri, 29 Apr 2022 21:27:26 +0000 (15:27 -0600)
diff --git a/tests/output-eve-tftp-01/suricata.yaml b/tests/output-eve-tftp-01/suricata.yaml

index cb84c785847b7eb2bc4e1f8a54c69d6621fd55ec..32f960cfc13793ead1e240a91a3789caed72e551 100644 (file)
--- a/tests/output-eve-tftp-01/suricata.yaml
+++ b/tests/output-eve-tftp-01/suricata.yaml
@@ -6,5 +6,6 @@ outputs:
        enabled: true
        filename: eve.json
        types:
+        - alert
          - tftp:
        community-id: true
diff --git a/tests/output-eve-tftp-01/test.rules b/tests/output-eve-tftp-01/test.rules

new file mode 100644 (file)

index 0000000..f3f5f40
--- /dev/null
+++ b/tests/output-eve-tftp-01/test.rules
@@ -0,0 +1 @@
+alert tftp any any -> any any (msg:"TFTP Test Rule"; pkt_data; content:"rfc1350"; sid:1; rev:1;)
diff --git a/tests/output-eve-tftp-01/test.yaml b/tests/output-eve-tftp-01/test.yaml

index 4d7c5a182ad9406c6b2a006f5d50de56080d9303..b83cefc3ebb81d464060a09fca88c44fa1689d7d 100644 (file)
--- a/tests/output-eve-tftp-01/test.yaml
+++ b/tests/output-eve-tftp-01/test.yaml
@@ -10,4 +10,8 @@ checks:
  - filter:
      count: 1
      match:
-      has-key: community_id
+      event_type: tftp
+- filter:
+    count: 1
+    match:
+      event_type: alert
author	Jason Ish <jason.ish@oisf.net>
	Wed, 2 Feb 2022 23:11:22 +0000 (17:11 -0600)
committer	Jason Ish <jason.ish@oisf.net>
	Fri, 29 Apr 2022 21:27:26 +0000 (15:27 -0600)
tests/output-eve-tftp-01/suricata.yaml		patch \| blob \| blame \| history
tests/output-eve-tftp-01/test.rules	[new file with mode: 0644]	patch \| blob
tests/output-eve-tftp-01/test.yaml		patch \| blob \| blame \| history