snmp: adds test for community keyword

as was done by unit test DetectSNMPCommunityTest
jmtaylor90 · May 2, 2024 · d878715 · d878715
1 parent 71a9046
commit d878715
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/tests/snmp-community/README.md b/tests/snmp-community/README.md
@@ -0,0 +1,7 @@
+# Test Purpose
+
+Match on SNMP community keyword
+
+## PCAP
+
+This PCAP from snmp-v2c-get is reused, as was done in DetectSNMPCommunityTest for first packet
diff --git a/tests/snmp-community/test.rules b/tests/snmp-community/test.rules
@@ -0,0 +1,2 @@
+alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.community; content:"[R0_C@cti!]"; sid:1; rev:1;)
+alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.community; content:"private"; sid:2; rev:1;)
diff --git a/tests/snmp-community/test.yaml b/tests/snmp-community/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../snmp-v2c-get/SNMPv2c_get_requests.pcap
+
+checks:
+ - filter:
+     count: 8
+     match:
+       event_type: alert
+       alert.signature_id: 1
+
+ - filter:
+     count: 0
+     match:
+       event_type: alert
+       alert.signature_id: 2
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.community; content:"[R0_C@cti!]"; sid:1; rev:1;)
		alert snmp any any -> any any (msg:"SNMP Test Rule"; snmp.community; content:"private"; sid:2; rev:1;)