From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 12 May 2023 10:28:05 +0000 (+0200)
Subject: krb5: improves check for alert app-layer data
X-Git-Tag: suricata-6.0.16~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1488%2Fhead;p=thirdparty%2Fsuricata-verify.git

krb5: improves check for alert app-layer data
---

diff --git a/tests/krb5-kerberoasting/test.yaml b/tests/krb5-kerberoasting/test.yaml
index bd5ba8a3f..b7f1284a7 100644
--- a/tests/krb5-kerberoasting/test.yaml
+++ b/tests/krb5-kerberoasting/test.yaml
@@ -21,6 +21,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      min-version: 8
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        krb5.msg_type: KRB_TGS_REP
   - filter:
       count: 1
       match: