snmp: adds rule check about snmp.usm keyword

author Philippe Antoine <contact@catenacyber.fr>

Wed, 29 Jun 2022 19:23:47 +0000 (21:23 +0200)

committer Jason Ish <jason.ish@oisf.net>

Mon, 11 Jul 2022 19:01:49 +0000 (13:01 -0600)
author Philippe Antoine <contact@catenacyber.fr>
Wed, 29 Jun 2022 19:23:47 +0000 (21:23 +0200)
committer Jason Ish <jason.ish@oisf.net>
Mon, 11 Jul 2022 19:01:49 +0000 (13:01 -0600)
diff --git a/tests/snmp-v3-encrypted/min7.rules b/tests/snmp-v3-encrypted/min7.rules

new file mode 100644 (file)

index 0000000..adc6ce1
--- /dev/null
+++ b/tests/snmp-v3-encrypted/min7.rules
@@ -0,0 +1 @@
+alert snmp any any -> any any (snmp.usm; content:"admin"; sid:1;)
diff --git a/tests/snmp-v3-encrypted/test.yaml b/tests/snmp-v3-encrypted/test.yaml

index 2f51f296bbbe412451fef25fbbf013dfa77616ad..d823bb6dd1006eb4754e534ad345d5332e58ab61 100644 (file)
--- a/tests/snmp-v3-encrypted/test.yaml
+++ b/tests/snmp-v3-encrypted/test.yaml
@@ -29,3 +29,9 @@ checks:
         event_type: snmp
         snmp.pdu_type: encrypted
         snmp.version: 3
+ - filter:
+     min-version: 7
+     count: 8
+     match:
+       event_type: alert
+       alert.signature_id: 1
author	Philippe Antoine <contact@catenacyber.fr>
	Wed, 29 Jun 2022 19:23:47 +0000 (21:23 +0200)
committer	Jason Ish <jason.ish@oisf.net>
	Mon, 11 Jul 2022 19:01:49 +0000 (13:01 -0600)
tests/snmp-v3-encrypted/min7.rules	[new file with mode: 0644]	patch \| blob
tests/snmp-v3-encrypted/test.yaml		patch \| blob \| blame \| history