]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
Adds check with http.user_agent keyword and HTTP2 traffic
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 17 Dec 2020 14:21:14 +0000 (15:21 +0100)
committerJason Ish <jason.ish@oisf.net>
Wed, 10 Mar 2021 15:41:50 +0000 (09:41 -0600)
tests/http2-upgrade/test.rules
tests/http2-upgrade/test.yaml

index 46d4352f442db4b7e9372bf87d28f3b4dcd9d2b7..5428b264d93e20dc3b179a6d4f738fcd2e6650ab 100644 (file)
@@ -1,3 +1,5 @@
 alert http1 any any -> any any (http.uri; content:"/robots.txt"; sid:10;)
 alert http2 any any -> any any (http.uri; content:"/robots.txt"; sid:11;)
 alert http any any -> any any (http.uri; content:"/robots.txt"; sid:12;)
+
+alert http2 any any -> any any (http.user_agent; content:"curl"; sid:20;)
index 26d913ee33ec2c50f6a8f05a0a3ef596ab61d1ba..0fc69717377b9d667ca9cfdf8179ecdac18a2523 100644 (file)
@@ -66,3 +66,8 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 12
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 20