Adds check about ssh bypass

author Philippe Antoine <contact@catenacyber.fr>

Fri, 4 Jun 2021 08:36:04 +0000 (10:36 +0200)

committer Jason Ish <jason.ish@oisf.net>

Mon, 21 Jun 2021 16:28:54 +0000 (10:28 -0600)
author Philippe Antoine <contact@catenacyber.fr>
Fri, 4 Jun 2021 08:36:04 +0000 (10:36 +0200)
committer Jason Ish <jason.ish@oisf.net>
Mon, 21 Jun 2021 16:28:54 +0000 (10:28 -0600)
diff --git a/tests/ssh-hassh/test.yaml b/tests/ssh-hassh/test.yaml

index fec75ab60ac75aa2478597aae1c52eeae6435245..e380e19e8bec6e2f2453d6e302a1b74cb4f35e59 100644 (file)
--- a/tests/ssh-hassh/test.yaml
+++ b/tests/ssh-hassh/test.yaml
@@ -4,7 +4,7 @@ features:
      - RUST
  
  args:
- - -k none
+ - -k none --set stream.bypass=yes
  
  checks:
    # Check that we have the following events in eve.json
@@ -35,3 +35,8 @@ checks:
          event_type: ssh
          ssh.client.hassh.hash: "2dd6531c7e89d3c925db9214711be76a"
          ssh.server.hassh.hash: "6832f1ce43d4397c2c0a3e2f8c94334e"
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        flow.state: bypassed
author	Philippe Antoine <contact@catenacyber.fr>
	Fri, 4 Jun 2021 08:36:04 +0000 (10:36 +0200)
committer	Jason Ish <jason.ish@oisf.net>
	Mon, 21 Jun 2021 16:28:54 +0000 (10:28 -0600)