From d7ff3ff2daf10dcf9f489b703f6a62da5841f241 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 23 Feb 2022 19:26:23 +0100
Subject: [PATCH] tests/iprep: add a non-matching rule

---
 tests/issue-4280-iprep/iprep.rules | 1 +
 tests/issue-4280-iprep/test.yaml   | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/tests/issue-4280-iprep/iprep.rules b/tests/issue-4280-iprep/iprep.rules
index 9fc8a128f..5a67ce81f 100644
--- a/tests/issue-4280-iprep/iprep.rules
+++ b/tests/issue-4280-iprep/iprep.rules
@@ -1 +1,2 @@
 alert ip any any -> any any (msg:"ET DROP Dshield Block Listed Source"; reference:url,feeds.dshield.org/block.txt;  classtype:misc-attack;  sid:2402000; rev:5733; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Major, created_at 2010_12_30, updated_at 2020_11_18; iprep:any,2402000,>,1; target:dest_ip;)
+alert ip any any -> any any (msg:"ET DROP Dshield Block Listed Source"; reference:url,feeds.dshield.org/block.txt;  classtype:misc-attack;  sid:2402001; rev:5733; metadata:affected_product Any, attack_target Any, deployment Perimeter, tag Dshield, signature_severity Major, created_at 2010_12_30, updated_at 2020_11_18; iprep:any,2402000,>,100; target:dest_ip;)
diff --git a/tests/issue-4280-iprep/test.yaml b/tests/issue-4280-iprep/test.yaml
index 7cb97b20d..0619f8bb4 100644
--- a/tests/issue-4280-iprep/test.yaml
+++ b/tests/issue-4280-iprep/test.yaml
@@ -16,3 +16,8 @@ checks:
       count: 3
       match:
         alert.signature_id: 2402000
+checks:
+  - filter:
+      count: 0
+      match:
+        alert.signature_id: 2402001
-- 
2.47.2