files: add checks about hashes

author Philippe Antoine <pantoine@oisf.net>

Wed, 19 Nov 2025 12:35:34 +0000 (13:35 +0100)

committer Victor Julien <vjulien@oisf.net>

Sat, 22 Nov 2025 13:51:23 +0000 (13:51 +0000)
author Philippe Antoine <pantoine@oisf.net>
Wed, 19 Nov 2025 12:35:34 +0000 (13:35 +0100)
committer Victor Julien <vjulien@oisf.net>
Sat, 22 Nov 2025 13:51:23 +0000 (13:51 +0000)
diff --git a/tests/file-match-crossed/suricata.yaml b/tests/file-match-crossed/suricata.yaml

new file mode 100644 (file)

index 0000000..4a1c832
--- /dev/null
+++ b/tests/file-match-crossed/suricata.yaml
@@ -0,0 +1,12 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - files:
+            force-hash: [sha256]
+        - alert
+\ No newline at end of file
diff --git a/tests/file-match-crossed/test.yaml b/tests/file-match-crossed/test.yaml

index 073e724f0ff903e4b48f80061ccbcc0fc23267b9..9804a570f1c86826720e998cec772f5bd088ba92 100644 (file)
--- a/tests/file-match-crossed/test.yaml
+++ b/tests/file-match-crossed/test.yaml
@@ -45,3 +45,16 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 8
+
+  - filter:
+      min-version: 9
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.sha256: c345c434702129224a0a3e89810a7ed2556718221c0d36fdb7e52b93fa732b00
+  - filter:
+      min-version: 9
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.sha256: 0605686b5f3a54d2fe07b3b6ed039779911f43ff079d7ff6fecbf4f75bf5ee10
author	Philippe Antoine <pantoine@oisf.net>
	Wed, 19 Nov 2025 12:35:34 +0000 (13:35 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Sat, 22 Nov 2025 13:51:23 +0000 (13:51 +0000)
tests/file-match-crossed/suricata.yaml	[new file with mode: 0644]	patch \| blob
tests/file-match-crossed/test.yaml		patch \| blob \| blame \| history