detect-engine-enip: add unittest

author Modupe Falodun <falodunmodupeola@gmail.com>

Tue, 1 Feb 2022 21:56:43 +0000 (22:56 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 2 Feb 2022 07:36:00 +0000 (08:36 +0100)
author Modupe Falodun <falodunmodupeola@gmail.com>
Tue, 1 Feb 2022 21:56:43 +0000 (22:56 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 2 Feb 2022 07:36:00 +0000 (08:36 +0100)
diff --git a/tests/enip-keywords/test.rules b/tests/enip-keywords/test.rules

index 8892e1caeb124ba0545fb4f343ece07dda9ae79d..c30752950f9e89f40785735d0f1cea5713e87642 100644 (file)
--- a/tests/enip-keywords/test.rules
+++ b/tests/enip-keywords/test.rules
@@ -1,2 +1,3 @@
  alert ip any any -> any any (cip_service: 10; sid:1; )
  alert ip any any -> any any (enip_command: 112; sid:2; )
+alert enip any any -> any any (msg:"Testing enip command"; enip_command:99 ; sid:3;)
diff --git a/tests/enip-keywords/test.yaml b/tests/enip-keywords/test.yaml

index 0b9a098007ca5378c76c5f04b9b72a588f59b842..af188cda7d64d479b22b21eaaf9d2d724b207f44 100644 (file)
--- a/tests/enip-keywords/test.yaml
+++ b/tests/enip-keywords/test.yaml
@@ -16,3 +16,8 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 2
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 3
author	Modupe Falodun <falodunmodupeola@gmail.com>
	Tue, 1 Feb 2022 21:56:43 +0000 (22:56 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 2 Feb 2022 07:36:00 +0000 (08:36 +0100)
tests/enip-keywords/test.rules		patch \| blob \| blame \| history
tests/enip-keywords/test.yaml		patch \| blob \| blame \| history