From: Victor Julien <victor@inliniac.net>
Date: Wed, 20 Jan 2021 14:57:38 +0000 (+0100)
Subject: tests: smb add smb.share test
X-Git-Tag: suricata-6.0.4~168
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e54ea1b4b39210a44fd5f423a0c12e9bb6b941a;p=thirdparty%2Fsuricata-verify.git

tests: smb add smb.share test
---

diff --git a/tests/smb2-03-rule/filedata.rules b/tests/smb2-03-rule/filedata.rules
index e90903c35..a5253ce1c 100644
--- a/tests/smb2-03-rule/filedata.rules
+++ b/tests/smb2-03-rule/filedata.rules
@@ -1 +1,2 @@
 alert smb any any -> any any (file_data; content:"%PDF-1.5"; startswith; sid:1;)
+alert smb any any -> any any (smb.share; content:"|5C 5C|10.0.0.12|5C|smb2"; sid:2;)
diff --git a/tests/smb2-03-rule/test.yaml b/tests/smb2-03-rule/test.yaml
index 0910c932c..b3bdddbae 100644
--- a/tests/smb2-03-rule/test.yaml
+++ b/tests/smb2-03-rule/test.yaml
@@ -13,6 +13,11 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
   - filter:
       count: 20
       match: