Adds check with http.stat_msg keyword and HTTP2 traffic

author Philippe Antoine <contact@catenacyber.fr>

Thu, 17 Dec 2020 15:03:30 +0000 (16:03 +0100)

committer Jason Ish <jason.ish@oisf.net>

Wed, 10 Mar 2021 15:41:50 +0000 (09:41 -0600)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 17 Dec 2020 15:03:30 +0000 (16:03 +0100)
committer Jason Ish <jason.ish@oisf.net>
Wed, 10 Mar 2021 15:41:50 +0000 (09:41 -0600)
diff --git a/tests/http2-upgrade/test.rules b/tests/http2-upgrade/test.rules

index 5428b264d93e20dc3b179a6d4f738fcd2e6650ab..c2cef492ad2b7407e595fb6530471dc6fc3afc7e 100644 (file)
--- a/tests/http2-upgrade/test.rules
+++ b/tests/http2-upgrade/test.rules
@@ -3,3 +3,4 @@ alert http2 any any -> any any (http.uri; content:"/robots.txt"; sid:11;)
  alert http any any -> any any (http.uri; content:"/robots.txt"; sid:12;)
  
  alert http2 any any -> any any (http.user_agent; content:"curl"; sid:20;)
+alert http2 any any -> any any (http.stat_msg; content:"404"; sid:21;)
diff --git a/tests/http2-upgrade/test.yaml b/tests/http2-upgrade/test.yaml

index 0fc69717377b9d667ca9cfdf8179ecdac18a2523..82be0b058d5417bb3604000725472b7a36e31207 100644 (file)
--- a/tests/http2-upgrade/test.yaml
+++ b/tests/http2-upgrade/test.yaml
@@ -71,3 +71,8 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 20
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 21
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 17 Dec 2020 15:03:30 +0000 (16:03 +0100)
committer	Jason Ish <jason.ish@oisf.net>
	Wed, 10 Mar 2021 15:41:50 +0000 (09:41 -0600)
tests/http2-upgrade/test.rules		patch \| blob \| blame \| history
tests/http2-upgrade/test.yaml		patch \| blob \| blame \| history