From: Juliana Fajardini <jufajardini@gmail.com>
Date: Tue, 18 Jan 2022 16:58:21 +0000 (+0000)
Subject: ssh-banner-only: update test.yaml checks
X-Git-Tag: suricata-6.0.5~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f41dc8d8e7e93b1f2d173331e0c4b3ccaf66ea54;p=thirdparty%2Fsuricata-verify.git

ssh-banner-only: update test.yaml checks

Added filter for rule sid 3 which had none
Uncommented rule sid 2
---

diff --git a/tests/ssh-banner-only/test.rules b/tests/ssh-banner-only/test.rules
index 7638fded0..dfeade1e4 100644
--- a/tests/ssh-banner-only/test.rules
+++ b/tests/ssh-banner-only/test.rules
@@ -1,4 +1,4 @@
 alert ssh any any -> any any (ssh.software; content:"OpenSSH"; sid:1;)
-# broken?
-#alert ssh any any -> any any (ssh.softwareversion:OpenSSH_7.4; sid:2;)
+# ssh.softwareversion is deprecated in favor of ssh.software this is just to check if it still works
+alert ssh any any -> any any (ssh.softwareversion:OpenSSH_7.4; sid:2;)
 alert ssh any any -> any any (ssh.proto; content:"2"; sid:3;)
diff --git a/tests/ssh-banner-only/test.yaml b/tests/ssh-banner-only/test.yaml
index 04f1a6058..02e82d20c 100644
--- a/tests/ssh-banner-only/test.yaml
+++ b/tests/ssh-banner-only/test.yaml
@@ -19,3 +19,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 3