]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9b25f4c)
tests: update krb test to do detection 403/head
authorVictor Julien <victor@inliniac.net>
Sun, 17 Jan 2021 19:12:36 +0000 (20:12 +0100)
committerVictor Julien <victor@inliniac.net>
Sun, 17 Jan 2021 19:18:56 +0000 (20:18 +0100)
tests/krb5-request-frag-log/suricata.yaml patch | blob | blame | history
tests/krb5-request-frag-log/test.rules [new file with mode: 0644] patch | blob
tests/krb5-request-frag-log/test.yaml patch | blob | blame | history

diff --git a/tests/krb5-request-frag-log/suricata.yaml b/tests/krb5-request-frag-log/suricata.yaml
index 955cf95e2db6fc77747e94b3cc1456877a7d8128..2cfa6695501c005ee8f35b069477e60912e798cf 100644 (file)
--- a/tests/krb5-request-frag-log/suricata.yaml
+++ b/tests/krb5-request-frag-log/suricata.yaml
@@ -6,3 +6,4 @@ outputs:
       enabled: true
       types:
         - krb5
+        - alert
diff --git a/tests/krb5-request-frag-log/test.rules b/tests/krb5-request-frag-log/test.rules
new file mode 100644 (file)
index 0000000..d3809b0
--- /dev/null
+++ b/tests/krb5-request-frag-log/test.rules
@@ -0,0 +1,2 @@
+alert krb5 any any -> any any (krb5.sname; content:"test"; sid:1;)
+alert krb5 any any -> any any (krb5.cname; content:"user01"; sid:2;)
diff --git a/tests/krb5-request-frag-log/test.yaml b/tests/krb5-request-frag-log/test.yaml
index 900f14d461f980dbc79a6fd0cf0ff13520bc05d2..c14054c65ad9fa470c6dbf6c5906909900d1cb5c 100644 (file)
--- a/tests/krb5-request-frag-log/test.yaml
+++ b/tests/krb5-request-frag-log/test.yaml
@@ -8,8 +8,18 @@ requires:
 
 args:
   - --set pcap-file.checksum-checks=no
-checks:
 
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 2
   - filter:
       comment: authentication service (AS) response
       count: 1
Mirror of https://github.com/OISF/suricata-verify.git