From: Victor Julien <victor@inliniac.net>
Date: Wed, 23 Feb 2022 18:26:23 +0000 (+0100)
Subject: tests/iprep: add a non-matching rule
X-Git-Tag: suricata-6.0.8~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7ff3ff2daf10dcf9f489b703f6a62da5841f241;p=thirdparty%2Fsuricata-verify.git

tests/iprep: add a non-matching rule
---

diff --git a/tests/issue-4280-iprep/iprep.rules b/tests/issue-4280-iprep/iprep.rules
index 9fc8a128f..5a67ce81f 100644
--- a/tests/issue-4280-iprep/iprep.rules
+++ b/tests/issue-4280-iprep/iprep.rules
@@ -1 +1,2 @@
 alert ip any any -> any any (msg:"ET DROP Dshield Block Listed Source"; reference:url,feeds.dshield.org/block.txt;  classtype:misc-attack;  sid:2402000; rev:5733; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Major, created_at 2010_12_30, updated_at 2020_11_18; iprep:any,2402000,>,1; target:dest_ip;)
+alert ip any any -> any any (msg:"ET DROP Dshield Block Listed Source"; reference:url,feeds.dshield.org/block.txt;  classtype:misc-attack;  sid:2402001; rev:5733; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Major, created_at 2010_12_30, updated_at 2020_11_18; iprep:any,2402000,>,100; target:dest_ip;)
diff --git a/tests/issue-4280-iprep/test.yaml b/tests/issue-4280-iprep/test.yaml
index 7cb97b20d..0619f8bb4 100644
--- a/tests/issue-4280-iprep/test.yaml
+++ b/tests/issue-4280-iprep/test.yaml
@@ -16,3 +16,8 @@ checks:
       count: 3
       match:
         alert.signature_id: 2402000
+checks:
+  - filter:
+      count: 0
+      match:
+        alert.signature_id: 2402001