Skip to content

Commit

Permalink
tests: linktype_name test
Browse files Browse the repository at this point in the history
Issue: 6954

Ensure that the linktype_name is included in the alerts.
  • Loading branch information
jlucovsky committed Aug 13, 2024
1 parent e4f9762 commit 4fe8d00
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
1 change: 1 addition & 0 deletions tests/linktype_name/test.rules
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
alert http $HOME_NET any -> any 443 (msg:"ET POLICY HTTP traffic on port 443 (CONNECT)"; flow:to_server,established; content:"CONNECT"; http_method; classtype:bad-unknown; sid:2013933; rev:4; metadata:created_at 2011_11_17, updated_at 2011_11_17;)
14 changes: 14 additions & 0 deletions tests/linktype_name/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
requires:
min-version: 8

pcap: ../bug-2482-01/proxyCONNECT_443.pcap

args:
- -k none --set outputs.1.eve-log.types.0.alert.packet=yes

checks:
- filter:
count: 86
match:
event_type: alert
packet_info.linktype_name: RAW

0 comments on commit 4fe8d00

Please sign in to comment.