From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 11 May 2023 09:21:11 +0000 (+0200)
Subject: ftp: improves check for alert app-layer data
X-Git-Tag: suricata-6.0.16~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3bd25293a636305517a43d000ce68e3e1b0fbf2d;p=thirdparty%2Fsuricata-verify.git

ftp: improves check for alert app-layer data
---

diff --git a/tests/ftp/ftp-too-long-command/test.yaml b/tests/ftp/ftp-too-long-command/test.yaml
index 3336d8883..4ce3111b0 100644
--- a/tests/ftp/ftp-too-long-command/test.yaml
+++ b/tests/ftp/ftp-too-long-command/test.yaml
@@ -34,3 +34,11 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 2232000
+  # Alert has app-layer details.
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2232000
+        ftp.command: "RETR"