]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6ba98d4)
detect/email: add custom log information for tests detect-email-subject and detect...
authorAlice Akaki <akakialice@gmail.com>
Wed, 2 Apr 2025 19:21:35 +0000 (15:21 -0400)
committerVictor Julien <victor@inliniac.net>
Thu, 3 Apr 2025 08:05:48 +0000 (10:05 +0200)
tests/detect-email-date/suricata.yaml [new file with mode: 0644] patch | blob
tests/detect-email-date/test.yaml patch | blob | blame | history
tests/detect-email-subject/suricata.yaml [new file with mode: 0644] patch | blob
tests/detect-email-subject/test.yaml patch | blob | blame | history

diff --git a/tests/detect-email-date/suricata.yaml b/tests/detect-email-date/suricata.yaml
new file mode 100644 (file)
index 0000000..153a396
--- /dev/null
+++ b/tests/detect-email-date/suricata.yaml
@@ -0,0 +1,29 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - alert:
+            tagged-packets: yes
+        - smtp:
+            custom: [date]    # for 'date' logging information
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: all       # start or all: 'start' logs only a single drop
+        - stats
+        - flow
+  - stats:
+       enabled: yes
+       filename: stats.log
+       append: yes
+
+action-order:
+  - pass
+  - drop
+  - reject
+  - alert
+
+exception-policy: ignore
diff --git a/tests/detect-email-date/test.yaml b/tests/detect-email-date/test.yaml
index 54585f3bacc38708591d247c6dec0998c53735e2..b71f2527f3ab7cb38f1bcc03aaec92b60277b03d 100644 (file)
--- a/tests/detect-email-date/test.yaml
+++ b/tests/detect-email-date/test.yaml
@@ -11,6 +11,11 @@ checks:
     count: 1
     match:
       event_type: alert
-      email.date: Fri, 21 Apr 2023 05:10:36 +0000
       pcap_cnt: 13
       alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      email.date: Fri, 21 Apr 2023 05:10:36 +0000
+      pcap_cnt: 13
diff --git a/tests/detect-email-subject/suricata.yaml b/tests/detect-email-subject/suricata.yaml
new file mode 100644 (file)
index 0000000..f54ab26
--- /dev/null
+++ b/tests/detect-email-subject/suricata.yaml
@@ -0,0 +1,29 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filename: eve.json
+      types:
+        - alert:
+            tagged-packets: yes
+        - smtp:
+            custom: [subject]    # for 'subject' logging information
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: all       # start or all: 'start' logs only a single drop
+        - stats
+        - flow
+  - stats:
+       enabled: yes
+       filename: stats.log
+       append: yes
+
+action-order:
+  - pass
+  - drop
+  - reject
+  - alert
+
+exception-policy: ignore
diff --git a/tests/detect-email-subject/test.yaml b/tests/detect-email-subject/test.yaml
index 4ba8abbcd0719585cac0224c2654cc5868c13fc4..b9f0ccac3deff8cab765e73a2df82f896a8e51f9 100644 (file)
--- a/tests/detect-email-subject/test.yaml
+++ b/tests/detect-email-subject/test.yaml
@@ -13,3 +13,9 @@ checks:
       event_type: alert
       pcap_cnt: 13
       alert.signature_id: 1
+- filter:
+    count: 1
+    match:
+      event_type: smtp
+      pcap_cnt: 13
+      email.subject: This is a test email
Mirror of https://github.com/OISF/suricata-verify.git