dhcp: adds check about renewal_time keyword

author Philippe Antoine <contact@catenacyber.fr>

Thu, 25 Aug 2022 15:13:15 +0000 (17:13 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 13 Sep 2022 09:45:40 +0000 (11:45 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Thu, 25 Aug 2022 15:13:15 +0000 (17:13 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 13 Sep 2022 09:45:40 +0000 (11:45 +0200)
diff --git a/tests/dhcp-eve-extended/min7.rules b/tests/dhcp-eve-extended/min7.rules

index ee9e9902d2163c6f6455b437fe232e496b4eda59..cb3f8e63aabceb5495e637622ecc2015a812ac72 100644 (file)
--- a/tests/dhcp-eve-extended/min7.rules
+++ b/tests/dhcp-eve-extended/min7.rules
@@ -1,2 +1,3 @@
  alert dhcp any any -> any any (msg:"small DHCP lease time (<2hours)"; dhcp.leasetime:<7200; sid:1; rev:1;)
  alert dhcp any any -> any any (msg:"big DHCP rebinding time (>3000seconds)"; dhcp.rebinding_time:>3000; sid:2; rev:1;)
+alert dhcp any any -> any any (msg:"intermediate DHCP renewal time (between 1000 and 2000 seconds)"; dhcp.renewal_time:1000<>2000; sid:3; rev:1;)
diff --git a/tests/dhcp-eve-extended/test.yaml b/tests/dhcp-eve-extended/test.yaml

index ca0ae29cc0caeb6adc12c6d8e8a0e81a7e42352f..d7607d096ba02544f153bbfa1d3eecbb602c0966 100644 (file)
--- a/tests/dhcp-eve-extended/test.yaml
+++ b/tests/dhcp-eve-extended/test.yaml
@@ -78,3 +78,9 @@ checks:
      match:
        event_type: alert
        alert.signature_id: 2
+- filter:
+    min-version: 7
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 3
author	Philippe Antoine <contact@catenacyber.fr>
	Thu, 25 Aug 2022 15:13:15 +0000 (17:13 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 13 Sep 2022 09:45:40 +0000 (11:45 +0200)
tests/dhcp-eve-extended/min7.rules		patch \| blob \| blame \| history
tests/dhcp-eve-extended/test.yaml		patch \| blob \| blame \| history