This commit adds test cases that verify the community id string is
included in dhcp, rdp, smb and tftp records when configured.
13 files changed:
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: true
+ filename: eve.json
+ types:
+ - dhcp:
+ extended: true
+ community-id: true
--- /dev/null
+requires:
+ features:
+ - RUST
+checks:
+- filter:
+ count: 2
+ match:
+ event_type: dhcp
+ has-key: community_id
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular
+ filename: eve.json
+ types:
+ - rdp
+ community-id: true
+
+app-layer:
+ protocols:
+ rdp:
+ enabled: yes
--- /dev/null
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ files:
+ - rust/src/rdp/parser.rs
+
+checks:
+
+ - filter:
+ count: 4
+ match:
+ event_type: rdp
+ has-key: community_id
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular
+ filename: eve.json
+ types:
+ - smb
+ community-id: true
--- /dev/null
+alert smb any any -> any any (msg:"Ascii named_pipe"; flow:established; smb_named_pipe; content:"IPC$"; sid:1; rev:1;)
--- /dev/null
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ - RUST
+
+# disables checksum verification
+args:
+- -k none
+
+checks:
+ - filter:
+ count: 5
+ match:
+ event_type: smb
+ has-key: community_id
--- /dev/null
+%YAML 1.1
+---
+
+outputs:
+ - eve-log:
+ enabled: true
+ filename: eve.json
+ types:
+ - tftp:
+ community-id: true
--- /dev/null
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ - RUST
+
+args:
+ - -k none
+
+checks:
+- filter:
+ count: 1
+ match:
+ has-key: community_id
projects / thirdparty / suricata-verify.git / commitdiff
