From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Sat, 31 May 2025 14:37:53 +0000 (-0400)
Subject: test/entropy: Validate entropy values
X-Git-Tag: suricata-7.0.11~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2551%2Fhead;p=thirdparty%2Fsuricata-verify.git

test/entropy: Validate entropy values

Validate entropy values from flow and alert logs.
---

diff --git a/tests/entropy/entropy-01/test.yaml b/tests/entropy/entropy-01/test.yaml
index 5fcc51ca5..507b0f409 100644
--- a/tests/entropy/entropy-01/test.yaml
+++ b/tests/entropy/entropy-01/test.yaml
@@ -7,11 +7,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 1
       match:
         event_type: alert
         alert.signature_id: 2
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 0
       match:
@@ -22,6 +24,7 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 4
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 0
       match:
@@ -37,6 +40,7 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 7
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 0
       match:
@@ -47,3 +51,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 10
+        metadata.entropy.file_data: 4.150007324019584
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        src_ip: 10.92.95.2
+        dest_ip: 10.92.67.138
+        flow.pkts_toserver: 5
+        flow.pkts_toclient: 5
+        metadata.entropy.file_data: 4.150007324019584