From 53fad5de6383ba7c91956b064d8afcd575a4f863 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Sat, 31 May 2025 10:37:53 -0400
Subject: [PATCH] test/entropy: Validate entropy values

Validate entropy values from flow and alert logs.
---
 tests/entropy/entropy-01/test.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/entropy/entropy-01/test.yaml b/tests/entropy/entropy-01/test.yaml
index 5fcc51ca5..507b0f409 100644
--- a/tests/entropy/entropy-01/test.yaml
+++ b/tests/entropy/entropy-01/test.yaml
@@ -7,11 +7,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 1
       match:
         event_type: alert
         alert.signature_id: 2
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 0
       match:
@@ -22,6 +24,7 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 4
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 0
       match:
@@ -37,6 +40,7 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 7
+        metadata.entropy.file_data: 4.150007324019584
   - filter:
       count: 0
       match:
@@ -47,3 +51,13 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 10
+        metadata.entropy.file_data: 4.150007324019584
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        src_ip: 10.92.95.2
+        dest_ip: 10.92.67.138
+        flow.pkts_toserver: 5
+        flow.pkts_toclient: 5
+        metadata.entropy.file_data: 4.150007324019584
-- 
2.47.2