From: Eloy Pérez González <zer1t0ps@protonmail.com>
Date: Fri, 22 Oct 2021 10:18:39 +0000 (+0200)
Subject: dcerpc: add dce_iface test to match many request/responses
X-Git-Tag: suricata-6.0.5~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1a5f68bd0cdf86299ed1f4aea2a05a469984b4d;p=thirdparty%2Fsuricata-verify.git

dcerpc: add dce_iface test to match many request/responses
---

diff --git a/tests/dcerpc/dcerpc-dce-iface-many/input.pcap b/tests/dcerpc/dcerpc-dce-iface-many/input.pcap
new file mode 100644
index 000000000..7cfb59254
Binary files /dev/null and b/tests/dcerpc/dcerpc-dce-iface-many/input.pcap differ
diff --git a/tests/dcerpc/dcerpc-dce-iface-many/test.rules b/tests/dcerpc/dcerpc-dce-iface-many/test.rules
new file mode 100644
index 000000000..bc685b37e
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dce-iface-many/test.rules
@@ -0,0 +1 @@
+alert dcerpc any any -> any any (msg: "DCE Netlogon"; dcerpc.iface: 12345678-1234-abcd-ef00-01234567cffb; sid: 1;)
\ No newline at end of file
diff --git a/tests/dcerpc/dcerpc-dce-iface-many/test.yaml b/tests/dcerpc/dcerpc-dce-iface-many/test.yaml
new file mode 100644
index 000000000..6ebc6140c
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dce-iface-many/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 7
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 12
+    match:
+      event_type: alert
+      alert.signature_id: 1