From 7ac108743a278504cfc43ab1a1f07c601ded0d41 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Tue, 6 May 2025 17:54:01 +0200 Subject: [PATCH] tests: datasets set for IP --- tests/datasets/datasets-set-ip/README.md | 2 ++ tests/datasets/datasets-set-ip/test.rules | 2 ++ tests/datasets/datasets-set-ip/test.yaml | 17 +++++++++++++++++ 3 files changed, 21 insertions(+) create mode 100644 tests/datasets/datasets-set-ip/README.md create mode 100644 tests/datasets/datasets-set-ip/test.rules create mode 100644 tests/datasets/datasets-set-ip/test.yaml diff --git a/tests/datasets/datasets-set-ip/README.md b/tests/datasets/datasets-set-ip/README.md new file mode 100644 index 000000000..3daacb0c2 --- /dev/null +++ b/tests/datasets/datasets-set-ip/README.md @@ -0,0 +1,2 @@ +Test that the configuration option to allow absolute dataset filenames +in rules works. diff --git a/tests/datasets/datasets-set-ip/test.rules b/tests/datasets/datasets-set-ip/test.rules new file mode 100644 index 000000000..37c19512d --- /dev/null +++ b/tests/datasets/datasets-set-ip/test.rules @@ -0,0 +1,2 @@ +alert ip any any -> any any (ip.dst; dataset: set, ip-list, type ip, state ip-list.lst; sid:1; rev:1;) +alert ip any any -> any any (ip.dst; dataset: set, ipv4-list, type ipv4, state ipv4-list.lst; sid:2; rev:1;) diff --git a/tests/datasets/datasets-set-ip/test.yaml b/tests/datasets/datasets-set-ip/test.yaml new file mode 100644 index 000000000..ce44d9425 --- /dev/null +++ b/tests/datasets/datasets-set-ip/test.yaml @@ -0,0 +1,17 @@ +pcap: ../../snmp-v2c-get/SNMPv2c_get_requests.pcap + +args: + - --data-dir=${OUTPUT_DIR} + - --set datasets.enabled=yes + - --set datasets.save-directory=. + - --runmode=single + +checks: + - filter: + count: 2 + match: + alert.signature_id: 1 + - filter: + count: 2 + match: + alert.signature_id: 2 -- 2.47.2