From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 20 Jun 2024 13:08:16 +0000 (+0200)
Subject: dcerpc: check for app-layer metadata in alert
X-Git-Tag: suricata-6.0.20~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee526edc2a2516f807643eea1d84a6195ecb4002;p=thirdparty%2Fsuricata-verify.git

dcerpc: check for app-layer metadata in alert

Ticket: 6090
---

diff --git a/tests/dcerpc/dcerpc-dce-opnum/test.yaml b/tests/dcerpc/dcerpc-dce-opnum/test.yaml
index e93f2d1e4..fb358ca93 100644
--- a/tests/dcerpc/dcerpc-dce-opnum/test.yaml
+++ b/tests/dcerpc/dcerpc-dce-opnum/test.yaml
@@ -13,6 +13,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        dcerpc.req.opnum: 4
   - filter:
       count: 2
       match: