From d878715f0b9433b168e455d174ca4048a32c04c8 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 26 Apr 2024 16:25:18 +0200 Subject: [PATCH] snmp: adds test for community keyword as was done by unit test DetectSNMPCommunityTest --- tests/snmp-community/README.md | 7 +++++++ tests/snmp-community/test.rules | 2 ++ tests/snmp-community/test.yaml | 14 ++++++++++++++ 3 files changed, 23 insertions(+) create mode 100644 tests/snmp-community/README.md create mode 100644 tests/snmp-community/test.rules create mode 100644 tests/snmp-community/test.yaml diff --git a/tests/snmp-community/README.md b/tests/snmp-community/README.md new file mode 100644 index 000000000..764e6b610 --- /dev/null +++ b/tests/snmp-community/README.md @@ -0,0 +1,7 @@ +# Test Purpose + +Match on SNMP community keyword + +## PCAP + +This PCAP from snmp-v2c-get is reused, as was done in DetectSNMPCommunityTest for first packet diff --git a/tests/snmp-community/test.rules b/tests/snmp-community/test.rules new file mode 100644 index 000000000..fe402de4f --- /dev/null +++ b/tests/snmp-community/test.rules @@ -0,0 +1,2 @@ +alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.community; content:"[R0_C@cti!]"; sid:1; rev:1;) +alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.community; content:"private"; sid:2; rev:1;) diff --git a/tests/snmp-community/test.yaml b/tests/snmp-community/test.yaml new file mode 100644 index 000000000..c36f37233 --- /dev/null +++ b/tests/snmp-community/test.yaml @@ -0,0 +1,14 @@ +pcap: ../snmp-v2c-get/SNMPv2c_get_requests.pcap + +checks: + - filter: + count: 8 + match: + event_type: alert + alert.signature_id: 1 + + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 2 -- 2.47.2