test.yaml - Suricata - Open Information Security Foundation

Bug #8390 » test.yaml

Yash Datre, 03/19/2026 03:00 AM

    
    requires:

      min-version: 8

    pcap: ../../tls/tls-random/input.pcap

    args:

      - --simulate-ips

      - -k none

    checks:

      # reject:flow rule (sid:99) should fire and produce an alert

      - filter:

          count: 1

          match:

            event_type: alert

            alert.signature_id: 99

            alert.action: blocked

      # Drop event should be logged

      - filter:

          count: 1

          match:

            event_type: drop

      # ips.rejected counter should be non-zero if Suricata actually

      # processed the reject action (RST attempted). If reject is not

      # wired for firewall mode, this will be 0 and ips.blocked will

      # absorb the count instead.

      - filter:

          count: 1

          match:

            event_type: stats

            stats.ips.rejected: 1

« Previous
1
2
3
Next »

(1-1/3)

Project

General

Profile

Suricata

Bug #8390 » test.yaml