rfb: adds a check for community_id field in a rfb event

author Philippe Antoine <contact@catenacyber.fr>

Wed, 30 Nov 2022 15:28:14 +0000 (16:28 +0100)

committer Victor Julien <victor@inliniac.net>

Sat, 3 Dec 2022 08:05:41 +0000 (09:05 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 30 Nov 2022 15:28:14 +0000 (16:28 +0100)
committer Victor Julien <victor@inliniac.net>
Sat, 3 Dec 2022 08:05:41 +0000 (09:05 +0100)
diff --git a/tests/rfb-protocol-3.3/suricata.yaml b/tests/rfb-protocol-3.3/suricata.yaml

index 4aea57de33b3acfcfd57171cc5d5deed02e699b3..c630bad84e7ef5312298e228daf4b404800e3ac8 100644 (file)
--- a/tests/rfb-protocol-3.3/suricata.yaml
+++ b/tests/rfb-protocol-3.3/suricata.yaml
@@ -6,6 +6,7 @@ outputs:
        enabled: yes
        filetype: regular
        filename: eve.json
+      community-id: true
        types:
          - rfb
          - flow
diff --git a/tests/rfb-protocol-3.3/test.yaml b/tests/rfb-protocol-3.3/test.yaml

index 5f23763d105ab46934c7196108b881cb94c26a7c..beff2819b03a06239b27e232fa73ac2332d5a912 100644 (file)
--- a/tests/rfb-protocol-3.3/test.yaml
+++ b/tests/rfb-protocol-3.3/test.yaml
@@ -12,6 +12,12 @@ checks:
          event_type: flow
          app_proto: rfb
  
+  - filter:
+      count: 1
+      match:
+        event_type: rfb
+        community_id: 1:d6qHVLyvWEl4kfHAZiDmEtDyb2I=
+
    - filter:
        count: 1
        match:
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 30 Nov 2022 15:28:14 +0000 (16:28 +0100)
committer	Victor Julien <victor@inliniac.net>
	Sat, 3 Dec 2022 08:05:41 +0000 (09:05 +0100)
tests/rfb-protocol-3.3/suricata.yaml		patch \| blob \| blame \| history
tests/rfb-protocol-3.3/test.yaml		patch \| blob \| blame \| history