tests: update for fixed rate_filter drops

diff --git a/tests/http-gap-simple-frames-ips/test.yaml b/tests/http-gap-simple-frames-ips/test.yaml
index 8f41b1a9dbab50e9e758dd873265b00bc582228e..34bc09c288bbf5ccbd844605c30fead7af1f21c5 100644 (file)
--- a/tests/http-gap-simple-frames-ips/test.yaml
+++ b/tests/http-gap-simple-frames-ips/test.yaml
@@ -18,7 +18,7 @@ checks:
         http.url: "/1"
         http.status: 200
   - filter:
-      count: 1
+      count: 0
       match:
         event_type: http
         http.url: "/2"
@@ -37,7 +37,7 @@ checks:
         fileinfo.state: "CLOSED"
         fileinfo.gaps: false
   - filter:
-      count: 1
+      count: 0
       match:
         event_type: fileinfo
         fileinfo.size: 14

diff --git a/tests/threshold/threshold-config-rate-filter-drop-hostdst/test.yaml b/tests/threshold/threshold-config-rate-filter-drop-hostdst/test.yaml
index 65594aa5f198f13b01af8ac4514087ad75cf67bc..3c0eddff6f3126bb9a8e5c8fd05f44de18dd5d10 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-drop-hostdst/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-drop-hostdst/test.yaml
@@ -7,15 +7,36 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 3
       match:
         event_type: alert
         alert.signature_id: 1000001
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: blocked
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: allowed
   - filter:
       count: 29
       match:
         event_type: drop
+  - filter:
+      count: 1
+      match:
+        event_type: drop
         drop.reason: threshold detection_filter
+  - filter:
+      count: 28
+      match:
+        event_type: drop
+        drop.reason: flow drop
 # due to the drops, we don't expect to see any http event
   - filter:
       count: 0

diff --git a/tests/threshold/threshold-config-rate-filter-drop-hostsrc/test.yaml b/tests/threshold/threshold-config-rate-filter-drop-hostsrc/test.yaml
index 1b351c028b1a37efd86db144cc38f21f102dd899..a333cc9aa4b55749234ab0efda551a9fdbe3fb10 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-drop-hostsrc/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-drop-hostsrc/test.yaml
@@ -7,12 +7,33 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 3
       match:
         event_type: alert
         alert.signature_id: 1000001
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: blocked
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: allowed
   - filter:
       count: 29
       match:
         event_type: drop
+  - filter:
+      count: 1
+      match:
+        event_type: drop
         drop.reason: threshold detection_filter
+  - filter:
+      count: 28
+      match:
+        event_type: drop
+        drop.reason: flow drop

diff --git a/tests/threshold/threshold-config-rate-filter-drop-ippair/test.yaml b/tests/threshold/threshold-config-rate-filter-drop-ippair/test.yaml
index fea44cfe46cf2c97f1e7e767b1344c15bd5fcbaa..012af667a24020beee3f22ab1bc847f78cb7c1aa 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-drop-ippair/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-drop-ippair/test.yaml
@@ -7,7 +7,7 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 2
       match:
         event_type: alert
         alert.signature_id: 1000001
@@ -15,4 +15,3 @@ checks:
       count: 30
       match:
         event_type: drop
-        drop.reason: threshold detection_filter

diff --git a/tests/threshold/threshold-config-rate-filter-drop-rule/test.yaml b/tests/threshold/threshold-config-rate-filter-drop-rule/test.yaml
index fea44cfe46cf2c97f1e7e767b1344c15bd5fcbaa..ec6a9f076acd0dd6fc74492ab30a63f9b975815b 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-drop-rule/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-drop-rule/test.yaml
@@ -7,12 +7,34 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 2
       match:
         event_type: alert
         alert.signature_id: 1000001
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: blocked
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: allowed
   - filter:
       count: 30
+      match:
+        event_type: drop
+        #drop.reason: threshold detection_filter
+  - filter:
+      count: 1
       match:
         event_type: drop
         drop.reason: threshold detection_filter
+  - filter:
+      count: 29
+      match:
+        event_type: drop
+        drop.reason: flow drop

diff --git a/tests/threshold/threshold-config-rate-filter-reject-hostdst/test.yaml b/tests/threshold/threshold-config-rate-filter-reject-hostdst/test.yaml
index 1b351c028b1a37efd86db144cc38f21f102dd899..a333cc9aa4b55749234ab0efda551a9fdbe3fb10 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-reject-hostdst/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-reject-hostdst/test.yaml
@@ -7,12 +7,33 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 3
       match:
         event_type: alert
         alert.signature_id: 1000001
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: blocked
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: allowed
   - filter:
       count: 29
       match:
         event_type: drop
+  - filter:
+      count: 1
+      match:
+        event_type: drop
         drop.reason: threshold detection_filter
+  - filter:
+      count: 28
+      match:
+        event_type: drop
+        drop.reason: flow drop

diff --git a/tests/threshold/threshold-config-rate-filter-reject-hostsrc/test.yaml b/tests/threshold/threshold-config-rate-filter-reject-hostsrc/test.yaml
index 1b351c028b1a37efd86db144cc38f21f102dd899..a333cc9aa4b55749234ab0efda551a9fdbe3fb10 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-reject-hostsrc/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-reject-hostsrc/test.yaml
@@ -7,12 +7,33 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 3
       match:
         event_type: alert
         alert.signature_id: 1000001
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: blocked
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: allowed
   - filter:
       count: 29
       match:
         event_type: drop
+  - filter:
+      count: 1
+      match:
+        event_type: drop
         drop.reason: threshold detection_filter
+  - filter:
+      count: 28
+      match:
+        event_type: drop
+        drop.reason: flow drop

diff --git a/tests/threshold/threshold-config-rate-filter-reject-pair/test.yaml b/tests/threshold/threshold-config-rate-filter-reject-pair/test.yaml
index fea44cfe46cf2c97f1e7e767b1344c15bd5fcbaa..012af667a24020beee3f22ab1bc847f78cb7c1aa 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-reject-pair/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-reject-pair/test.yaml
@@ -7,7 +7,7 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 2
       match:
         event_type: alert
         alert.signature_id: 1000001
@@ -15,4 +15,3 @@ checks:
       count: 30
       match:
         event_type: drop
-        drop.reason: threshold detection_filter

diff --git a/tests/threshold/threshold-config-rate-filter-reject-rule/test.yaml b/tests/threshold/threshold-config-rate-filter-reject-rule/test.yaml
index fea44cfe46cf2c97f1e7e767b1344c15bd5fcbaa..ec6a9f076acd0dd6fc74492ab30a63f9b975815b 100644 (file)
--- a/tests/threshold/threshold-config-rate-filter-reject-rule/test.yaml
+++ b/tests/threshold/threshold-config-rate-filter-reject-rule/test.yaml
@@ -7,12 +7,34 @@ args:
 
 checks:
   - filter:
-      count: 31
+      count: 2
       match:
         event_type: alert
         alert.signature_id: 1000001
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: blocked
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1000001
+        alert.action: allowed
   - filter:
       count: 30
+      match:
+        event_type: drop
+        #drop.reason: threshold detection_filter
+  - filter:
+      count: 1
       match:
         event_type: drop
         drop.reason: threshold detection_filter
+  - filter:
+      count: 29
+      match:
+        event_type: drop
+        drop.reason: flow drop