From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 13 Jul 2021 11:52:00 +0000 (+0200)
Subject: Better checks for file deletion over SMB2
X-Git-Tag: suricata-6.0.4~66
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0b23f1a63b23d01a88d619b743da97fcfc6a55b;p=thirdparty%2Fsuricata-verify.git

Better checks for file deletion over SMB2
---

diff --git a/tests/smb2-07/test.yaml b/tests/smb2-07/test.yaml
index 5e5597150..849c9dcee 100644
--- a/tests/smb2-07/test.yaml
+++ b/tests/smb2-07/test.yaml
@@ -11,9 +11,22 @@ args:
 
 checks:
   - filter:
+      version: 6
       count: 58
       match:
         event_type: smb
+  - filter:
+      min-version: 7
+      count: 59
+      match:
+        event_type: smb
+  - filter:
+      min-version: 7
+      count: 1
+      match:
+        event_type: smb
+        smb.access: "delete on close"
+        smb.filename: "PSEXESVC.exe"
   - filter:
       count: 1
       match: