From 7f55309b0b8e5e4a9db1bcd569044a18c425f767 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 30 Nov 2022 16:28:14 +0100
Subject: [PATCH] rfb: adds a check for community_id field in a rfb event

---
 tests/rfb-protocol-3.3/suricata.yaml | 1 +
 tests/rfb-protocol-3.3/test.yaml     | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/tests/rfb-protocol-3.3/suricata.yaml b/tests/rfb-protocol-3.3/suricata.yaml
index 4aea57de3..c630bad84 100644
--- a/tests/rfb-protocol-3.3/suricata.yaml
+++ b/tests/rfb-protocol-3.3/suricata.yaml
@@ -6,6 +6,7 @@ outputs:
       enabled: yes
       filetype: regular
       filename: eve.json
+      community-id: true
       types:
         - rfb
         - flow
diff --git a/tests/rfb-protocol-3.3/test.yaml b/tests/rfb-protocol-3.3/test.yaml
index 5f23763d1..beff2819b 100644
--- a/tests/rfb-protocol-3.3/test.yaml
+++ b/tests/rfb-protocol-3.3/test.yaml
@@ -12,6 +12,12 @@ checks:
         event_type: flow
         app_proto: rfb
 
+  - filter:
+      count: 1
+      match:
+        event_type: rfb
+        community_id: 1:d6qHVLyvWEl4kfHAZiDmEtDyb2I=
+
   - filter:
       count: 1
       match:
-- 
2.47.2