suricata-verify icon indicating copy to clipboard operation
suricata-verify copied to clipboard

Published 20 hours ago verified publisher icon OISF

tests: update ips-state-1 test - v5

Open jufajardini opened this issue 7 months ago • 0 comments

This test indicated that there were FP drops for HTTP transactions, leading the http events check to fail. This is no longer the case.

flow.action is still not set to drop for tls.

Previous PR: https://github.com/OISF/suricata-verify/pull/1794

Changes from previous PR:

  • Following Philippe's guidance, I've backtracked and kept this simpler: only updating this test to reflect the fact that all checks in it now pass (no more FP for HTTP). I'll create a subsequent PR to showcase the flow.action not being updated for the TLS dropped flow
  • added a suricata.yaml file to enable logging the drop events
  • there was a duplicate check for no alert for the http app-proto. Changed one of those to check for drop

Ticket

If your pull request is related to a Suricata ticket, please provide the full URL to the ticket here so this pull request can monitor changes to the ticket status:

Redmine ticket:

jufajardini avatar Jul 10 '24 20:07 jufajardini