diff --git a/tests/multi-tenant/invalid-vlan-selector-03/classification.config b/tests/multi-tenant/invalid-vlan-selector-03/classification.config new file mode 120000 index 000000000..29efbefb2 --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/classification.config @@ -0,0 +1 @@ +../vlan-selector-01/classification.config \ No newline at end of file diff --git a/tests/multi-tenant/invalid-vlan-selector-03/reference.config b/tests/multi-tenant/invalid-vlan-selector-03/reference.config new file mode 120000 index 000000000..f3cce47a1 --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/reference.config @@ -0,0 +1 @@ +../vlan-selector-01/reference.config \ No newline at end of file diff --git a/tests/multi-tenant/invalid-vlan-selector-03/suricata.yaml b/tests/multi-tenant/invalid-vlan-selector-03/suricata.yaml new file mode 100644 index 000000000..b2acbe712 --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/suricata.yaml @@ -0,0 +1,7 @@ +%YAML 1.1 +--- + +classification-file: classification.config +reference-config-file: reference.config + +include: tenant.yaml diff --git a/tests/multi-tenant/invalid-vlan-selector-03/tenant-1.yaml b/tests/multi-tenant/invalid-vlan-selector-03/tenant-1.yaml new file mode 100644 index 000000000..068ff6a5c --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/tenant-1.yaml @@ -0,0 +1,55 @@ +%YAML 1.1 +--- + +# Suricata configuration file. In addition to the comments describing all +# options in this file, full documentation can be found at: +# https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html + +## +## Step 1: Inform Suricata about your network +## + +vars: + # more specific is better for alert accuracy and performance + address-groups: + HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" + #HOME_NET: "[192.168.0.0/16]" + #HOME_NET: "[10.0.0.0/8]" + #HOME_NET: "[172.16.0.0/12]" + #HOME_NET: "any" + + EXTERNAL_NET: "!$HOME_NET" + #EXTERNAL_NET: "any" + + HTTP_SERVERS: "$HOME_NET" + SMTP_SERVERS: "$HOME_NET" + SQL_SERVERS: "$HOME_NET" + DNS_SERVERS: "$HOME_NET" + TELNET_SERVERS: "$HOME_NET" + AIM_SERVERS: "$EXTERNAL_NET" + DC_SERVERS: "$HOME_NET" + DNP3_SERVER: "$HOME_NET" + DNP3_CLIENT: "$HOME_NET" + MODBUS_CLIENT: "$HOME_NET" + MODBUS_SERVER: "$HOME_NET" + ENIP_CLIENT: "$HOME_NET" + ENIP_SERVER: "$HOME_NET" + + port-groups: + HTTP_PORTS: "80" + SHELLCODE_PORTS: "!80" + ORACLE_PORTS: 1521 + SSH_PORTS: 22 + DNP3_PORTS: 20000 + MODBUS_PORTS: 502 + FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]" + FTP_PORTS: 21 + GENEVE_PORTS: 6081 + VXLAN_PORTS: 4789 + TEREDO_PORTS: 3544 + +rule-files: + - tenant.rules + +classification-file: classification.config +reference-config-file: reference.config diff --git a/tests/multi-tenant/invalid-vlan-selector-03/tenant.rules b/tests/multi-tenant/invalid-vlan-selector-03/tenant.rules new file mode 100644 index 000000000..496ffe912 --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/tenant.rules @@ -0,0 +1,10 @@ +alert tcp-pkt any any -> any any (msg:"byte extract test 1"; byte_extract:2,0,two1,string,dec; content:"|33 34|"; offset:0; depth:two1; sid:1; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 2"; byte_extract:1,2,two2,string,dec; content:"|33 34|"; offset:8; depth:two2; sid:2; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 3"; byte_extract:1,2,two3,string,dec; byte_extract:1,5,eight,string,dec; content:"|33 34|"; offset:eight; depth:two3; sid:3; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 4"; byte_extract:1,3,sixd1,string,dec; content:"|31 30|"; content:"|33 34|"; distance:sixd1; sid:4; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 5"; byte_extract:1,2,twow,string,dec; byte_extract:1,3,sixd2,string,dec; content:"|31 30|"; content:"|33 34|"; distance:sixd2; within:twow; sid: 5; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 6"; content:"|31 30|"; byte_extract:1,6,three1,relative,string,dec; content:"|36 10|"; offset:three1; depth:2; sid:6; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 7"; byte_extract:1,2,dectwo1,string,dec; content:"|32|"; offset:dectwo1; depth:1; sid:7; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 8"; byte_extract:1,2,dectwo2,string,dec; content:"|32|"; offset:dectwo2; sid:8; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 9"; byte_extract:1,4,hexten; byte_extract:1,0,decone,string,dec; content:"|66|"; offset:hexten; depth:decone; sid:9; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 10"; byte_extract:1,4,two4; content:"|31|"; depth:1; content:"|2e|"; distance:two4; within:1; sid:10; rev:1;) diff --git a/tests/multi-tenant/invalid-vlan-selector-03/tenant.yaml b/tests/multi-tenant/invalid-vlan-selector-03/tenant.yaml new file mode 100644 index 000000000..defe2e25d --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/tenant.yaml @@ -0,0 +1,15 @@ +%YAML 1.1 +--- + +multi-detect: + enabled: on + default: on + selector: vlan-tupleee + + tenants: + - id: 1 + yaml: tenant-1.yaml + + mappings: + - vlan-id: 1011 + tenant-id: 1 diff --git a/tests/multi-tenant/invalid-vlan-selector-03/test.yaml b/tests/multi-tenant/invalid-vlan-selector-03/test.yaml new file mode 100644 index 000000000..fdfcc416a --- /dev/null +++ b/tests/multi-tenant/invalid-vlan-selector-03/test.yaml @@ -0,0 +1,7 @@ +requires: + min-version: 7 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -T + +exit-code: 1 diff --git a/tests/multi-tenant/vlan-selector-01/classification.config b/tests/multi-tenant/vlan-selector-01/classification.config new file mode 100644 index 000000000..220736c94 --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/classification.config @@ -0,0 +1,51 @@ +# +# config classification:shortname,short description,priority +# + +config classification: not-suspicious,Not Suspicious Traffic,3 +config classification: unknown,Unknown Traffic,3 +config classification: bad-unknown,Potentially Bad Traffic, 2 +config classification: attempted-recon,Attempted Information Leak,2 +config classification: successful-recon-limited,Information Leak,2 +config classification: successful-recon-largescale,Large Scale Information Leak,2 +config classification: attempted-dos,Attempted Denial of Service,2 +config classification: successful-dos,Denial of Service,2 +config classification: attempted-user,Attempted User Privilege Gain,1 +config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1 +config classification: successful-user,Successful User Privilege Gain,1 +config classification: attempted-admin,Attempted Administrator Privilege Gain,1 +config classification: successful-admin,Successful Administrator Privilege Gain,1 + +# NEW CLASSIFICATIONS +config classification: rpc-portmap-decode,Decode of an RPC Query,2 +config classification: shellcode-detect,Executable code was detected,1 +config classification: string-detect,A suspicious string was detected,3 +config classification: suspicious-filename-detect,A suspicious filename was detected,2 +config classification: suspicious-login,An attempted login using a suspicious username was detected,2 +config classification: system-call-detect,A system call was detected,2 +config classification: tcp-connection,A TCP connection was detected,4 +config classification: trojan-activity,A Network Trojan was detected, 1 +config classification: unusual-client-port-connection,A client was using an unusual port,2 +config classification: network-scan,Detection of a Network Scan,3 +config classification: denial-of-service,Detection of a Denial of Service Attack,2 +config classification: non-standard-protocol,Detection of a non-standard protocol or event,2 +config classification: protocol-command-decode,Generic Protocol Command Decode,3 +config classification: web-application-activity,access to a potentially vulnerable web application,2 +config classification: web-application-attack,Web Application Attack,1 +config classification: misc-activity,Misc activity,3 +config classification: misc-attack,Misc Attack,2 +config classification: icmp-event,Generic ICMP event,3 +config classification: inappropriate-content,Inappropriate Content was Detected,1 +config classification: policy-violation,Potential Corporate Privacy Violation,1 +config classification: default-login-attempt,Attempt to login by a default username and password,2 + +# Update +config classification: targeted-activity,Targeted Malicious Activity was Detected,1 +config classification: exploit-kit,Exploit Kit Activity Detected,1 +config classification: external-ip-check,Device Retrieving External IP Address Detected,2 +config classification: domain-c2,Domain Observed Used for C2 Detected,1 +config classification: pup-activity,Possibly Unwanted Program Detected,2 +config classification: credential-theft,Successful Credential Theft Detected,1 +config classification: social-engineering,Possible Social Engineering Attempted,2 +config classification: coin-mining,Crypto Currency Mining Activity Detected,2 +config classification: command-and-control,Malware Command and Control Activity Detected,1 diff --git a/tests/multi-tenant/vlan-selector-01/reference.config b/tests/multi-tenant/vlan-selector-01/reference.config new file mode 100644 index 000000000..ff4f53ddb --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/reference.config @@ -0,0 +1,26 @@ +# config reference: system URL + +config reference: bugtraq http://www.securityfocus.com/bid/ +config reference: bid http://www.securityfocus.com/bid/ +config reference: cve http://cve.mitre.org/cgi-bin/cvename.cgi?name= +#config reference: cve http://cvedetails.com/cve/ +config reference: secunia http://www.secunia.com/advisories/ + +#whitehats is unfortunately gone +config reference: arachNIDS http://www.whitehats.com/info/IDS + +config reference: McAfee http://vil.nai.com/vil/content/v_ +config reference: nessus http://cgi.nessus.org/plugins/dump.php3?id= +config reference: url http:// +config reference: et http://doc.emergingthreats.net/ +config reference: etpro http://doc.emergingthreatspro.com/ +config reference: telus http:// +config reference: osvdb http://osvdb.org/show/osvdb/ +config reference: threatexpert http://www.threatexpert.com/report.aspx?md5= +config reference: md5 http://www.threatexpert.com/report.aspx?md5= +config reference: exploitdb http://www.exploit-db.com/exploits/ +config reference: openpacket https://www.openpacket.org/capture/grab/ +config reference: securitytracker http://securitytracker.com/id? +config reference: secunia http://secunia.com/advisories/ +config reference: xforce http://xforce.iss.net/xforce/xfdb/ +config reference: msft http://technet.microsoft.com/security/bulletin/ diff --git a/tests/multi-tenant/vlan-selector-01/suricata.yaml b/tests/multi-tenant/vlan-selector-01/suricata.yaml new file mode 100644 index 000000000..b2acbe712 --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/suricata.yaml @@ -0,0 +1,7 @@ +%YAML 1.1 +--- + +classification-file: classification.config +reference-config-file: reference.config + +include: tenant.yaml diff --git a/tests/multi-tenant/vlan-selector-01/tenant-1.yaml b/tests/multi-tenant/vlan-selector-01/tenant-1.yaml new file mode 100644 index 000000000..068ff6a5c --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/tenant-1.yaml @@ -0,0 +1,55 @@ +%YAML 1.1 +--- + +# Suricata configuration file. In addition to the comments describing all +# options in this file, full documentation can be found at: +# https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html + +## +## Step 1: Inform Suricata about your network +## + +vars: + # more specific is better for alert accuracy and performance + address-groups: + HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" + #HOME_NET: "[192.168.0.0/16]" + #HOME_NET: "[10.0.0.0/8]" + #HOME_NET: "[172.16.0.0/12]" + #HOME_NET: "any" + + EXTERNAL_NET: "!$HOME_NET" + #EXTERNAL_NET: "any" + + HTTP_SERVERS: "$HOME_NET" + SMTP_SERVERS: "$HOME_NET" + SQL_SERVERS: "$HOME_NET" + DNS_SERVERS: "$HOME_NET" + TELNET_SERVERS: "$HOME_NET" + AIM_SERVERS: "$EXTERNAL_NET" + DC_SERVERS: "$HOME_NET" + DNP3_SERVER: "$HOME_NET" + DNP3_CLIENT: "$HOME_NET" + MODBUS_CLIENT: "$HOME_NET" + MODBUS_SERVER: "$HOME_NET" + ENIP_CLIENT: "$HOME_NET" + ENIP_SERVER: "$HOME_NET" + + port-groups: + HTTP_PORTS: "80" + SHELLCODE_PORTS: "!80" + ORACLE_PORTS: 1521 + SSH_PORTS: 22 + DNP3_PORTS: 20000 + MODBUS_PORTS: 502 + FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]" + FTP_PORTS: 21 + GENEVE_PORTS: 6081 + VXLAN_PORTS: 4789 + TEREDO_PORTS: 3544 + +rule-files: + - tenant.rules + +classification-file: classification.config +reference-config-file: reference.config diff --git a/tests/multi-tenant/vlan-selector-01/tenant.rules b/tests/multi-tenant/vlan-selector-01/tenant.rules new file mode 100644 index 000000000..496ffe912 --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/tenant.rules @@ -0,0 +1,10 @@ +alert tcp-pkt any any -> any any (msg:"byte extract test 1"; byte_extract:2,0,two1,string,dec; content:"|33 34|"; offset:0; depth:two1; sid:1; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 2"; byte_extract:1,2,two2,string,dec; content:"|33 34|"; offset:8; depth:two2; sid:2; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 3"; byte_extract:1,2,two3,string,dec; byte_extract:1,5,eight,string,dec; content:"|33 34|"; offset:eight; depth:two3; sid:3; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 4"; byte_extract:1,3,sixd1,string,dec; content:"|31 30|"; content:"|33 34|"; distance:sixd1; sid:4; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 5"; byte_extract:1,2,twow,string,dec; byte_extract:1,3,sixd2,string,dec; content:"|31 30|"; content:"|33 34|"; distance:sixd2; within:twow; sid: 5; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 6"; content:"|31 30|"; byte_extract:1,6,three1,relative,string,dec; content:"|36 10|"; offset:three1; depth:2; sid:6; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 7"; byte_extract:1,2,dectwo1,string,dec; content:"|32|"; offset:dectwo1; depth:1; sid:7; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 8"; byte_extract:1,2,dectwo2,string,dec; content:"|32|"; offset:dectwo2; sid:8; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 9"; byte_extract:1,4,hexten; byte_extract:1,0,decone,string,dec; content:"|66|"; offset:hexten; depth:decone; sid:9; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 10"; byte_extract:1,4,two4; content:"|31|"; depth:1; content:"|2e|"; distance:two4; within:1; sid:10; rev:1;) diff --git a/tests/multi-tenant/vlan-selector-01/tenant.yaml b/tests/multi-tenant/vlan-selector-01/tenant.yaml new file mode 100644 index 000000000..fc711cf4c --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/tenant.yaml @@ -0,0 +1,15 @@ +%YAML 1.1 +--- + +multi-detect: + enabled: on + default: on + selector: vlan + + tenants: + - id: 1 + yaml: tenant-1.yaml + + mappings: + - vlan-id: 1011 + tenant-id: 1 diff --git a/tests/multi-tenant/vlan-selector-01/test.yaml b/tests/multi-tenant/vlan-selector-01/test.yaml new file mode 100644 index 000000000..eb3197110 --- /dev/null +++ b/tests/multi-tenant/vlan-selector-01/test.yaml @@ -0,0 +1,7 @@ +requires: + min-version: 7 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -T + +exit-code: 0 diff --git a/tests/multi-tenant/vlan-tuple-selector-02/classification.config b/tests/multi-tenant/vlan-tuple-selector-02/classification.config new file mode 120000 index 000000000..29efbefb2 --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/classification.config @@ -0,0 +1 @@ +../vlan-selector-01/classification.config \ No newline at end of file diff --git a/tests/multi-tenant/vlan-tuple-selector-02/reference.config b/tests/multi-tenant/vlan-tuple-selector-02/reference.config new file mode 120000 index 000000000..f3cce47a1 --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/reference.config @@ -0,0 +1 @@ +../vlan-selector-01/reference.config \ No newline at end of file diff --git a/tests/multi-tenant/vlan-tuple-selector-02/suricata.yaml b/tests/multi-tenant/vlan-tuple-selector-02/suricata.yaml new file mode 100644 index 000000000..b2acbe712 --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/suricata.yaml @@ -0,0 +1,7 @@ +%YAML 1.1 +--- + +classification-file: classification.config +reference-config-file: reference.config + +include: tenant.yaml diff --git a/tests/multi-tenant/vlan-tuple-selector-02/tenant-1.yaml b/tests/multi-tenant/vlan-tuple-selector-02/tenant-1.yaml new file mode 100644 index 000000000..068ff6a5c --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/tenant-1.yaml @@ -0,0 +1,55 @@ +%YAML 1.1 +--- + +# Suricata configuration file. In addition to the comments describing all +# options in this file, full documentation can be found at: +# https://suricata.readthedocs.io/en/latest/configuration/suricata-yaml.html + +## +## Step 1: Inform Suricata about your network +## + +vars: + # more specific is better for alert accuracy and performance + address-groups: + HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]" + #HOME_NET: "[192.168.0.0/16]" + #HOME_NET: "[10.0.0.0/8]" + #HOME_NET: "[172.16.0.0/12]" + #HOME_NET: "any" + + EXTERNAL_NET: "!$HOME_NET" + #EXTERNAL_NET: "any" + + HTTP_SERVERS: "$HOME_NET" + SMTP_SERVERS: "$HOME_NET" + SQL_SERVERS: "$HOME_NET" + DNS_SERVERS: "$HOME_NET" + TELNET_SERVERS: "$HOME_NET" + AIM_SERVERS: "$EXTERNAL_NET" + DC_SERVERS: "$HOME_NET" + DNP3_SERVER: "$HOME_NET" + DNP3_CLIENT: "$HOME_NET" + MODBUS_CLIENT: "$HOME_NET" + MODBUS_SERVER: "$HOME_NET" + ENIP_CLIENT: "$HOME_NET" + ENIP_SERVER: "$HOME_NET" + + port-groups: + HTTP_PORTS: "80" + SHELLCODE_PORTS: "!80" + ORACLE_PORTS: 1521 + SSH_PORTS: 22 + DNP3_PORTS: 20000 + MODBUS_PORTS: 502 + FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]" + FTP_PORTS: 21 + GENEVE_PORTS: 6081 + VXLAN_PORTS: 4789 + TEREDO_PORTS: 3544 + +rule-files: + - tenant.rules + +classification-file: classification.config +reference-config-file: reference.config diff --git a/tests/multi-tenant/vlan-tuple-selector-02/tenant.rules b/tests/multi-tenant/vlan-tuple-selector-02/tenant.rules new file mode 100644 index 000000000..496ffe912 --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/tenant.rules @@ -0,0 +1,10 @@ +alert tcp-pkt any any -> any any (msg:"byte extract test 1"; byte_extract:2,0,two1,string,dec; content:"|33 34|"; offset:0; depth:two1; sid:1; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 2"; byte_extract:1,2,two2,string,dec; content:"|33 34|"; offset:8; depth:two2; sid:2; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 3"; byte_extract:1,2,two3,string,dec; byte_extract:1,5,eight,string,dec; content:"|33 34|"; offset:eight; depth:two3; sid:3; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 4"; byte_extract:1,3,sixd1,string,dec; content:"|31 30|"; content:"|33 34|"; distance:sixd1; sid:4; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 5"; byte_extract:1,2,twow,string,dec; byte_extract:1,3,sixd2,string,dec; content:"|31 30|"; content:"|33 34|"; distance:sixd2; within:twow; sid: 5; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 6"; content:"|31 30|"; byte_extract:1,6,three1,relative,string,dec; content:"|36 10|"; offset:three1; depth:2; sid:6; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 7"; byte_extract:1,2,dectwo1,string,dec; content:"|32|"; offset:dectwo1; depth:1; sid:7; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 8"; byte_extract:1,2,dectwo2,string,dec; content:"|32|"; offset:dectwo2; sid:8; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 9"; byte_extract:1,4,hexten; byte_extract:1,0,decone,string,dec; content:"|66|"; offset:hexten; depth:decone; sid:9; rev:1;) +alert tcp-pkt any any -> any any (msg:"byte extract test 10"; byte_extract:1,4,two4; content:"|31|"; depth:1; content:"|2e|"; distance:two4; within:1; sid:10; rev:1;) diff --git a/tests/multi-tenant/vlan-tuple-selector-02/tenant.yaml b/tests/multi-tenant/vlan-tuple-selector-02/tenant.yaml new file mode 100644 index 000000000..090c544c3 --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/tenant.yaml @@ -0,0 +1,15 @@ +%YAML 1.1 +--- + +multi-detect: + enabled: on + default: on + selector: vlan-tuple + + tenants: + - id: 1 + yaml: tenant-1.yaml + + mappings: + - vlan-tuple: [1011, 1000] + tenant-id: 1 diff --git a/tests/multi-tenant/vlan-tuple-selector-02/test.yaml b/tests/multi-tenant/vlan-tuple-selector-02/test.yaml new file mode 100644 index 000000000..eb3197110 --- /dev/null +++ b/tests/multi-tenant/vlan-tuple-selector-02/test.yaml @@ -0,0 +1,7 @@ +requires: + min-version: 7 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -T + +exit-code: 0