dcerpc: check for app-layer metadata in alert

author Philippe Antoine <pantoine@oisf.net>

Thu, 20 Jun 2024 13:08:16 +0000 (15:08 +0200)

committer Victor Julien <victor@inliniac.net>

Sat, 22 Jun 2024 13:54:31 +0000 (15:54 +0200)
author Philippe Antoine <pantoine@oisf.net>
Thu, 20 Jun 2024 13:08:16 +0000 (15:08 +0200)
committer Victor Julien <victor@inliniac.net>
Sat, 22 Jun 2024 13:54:31 +0000 (15:54 +0200)
diff --git a/tests/dcerpc/dcerpc-dce-opnum/test.yaml b/tests/dcerpc/dcerpc-dce-opnum/test.yaml

index e93f2d1e4640f81596163f8c50af3c8a3c38e7e4..fb358ca939ed5d4979b87fd9b0681c8787490736 100644 (file)
--- a/tests/dcerpc/dcerpc-dce-opnum/test.yaml
+++ b/tests/dcerpc/dcerpc-dce-opnum/test.yaml
@@ -13,6 +13,13 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        dcerpc.req.opnum: 4
    - filter:
        count: 2
        match:
author	Philippe Antoine <pantoine@oisf.net>
	Thu, 20 Jun 2024 13:08:16 +0000 (15:08 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sat, 22 Jun 2024 13:54:31 +0000 (15:54 +0200)