test/entropy: Update checks to include sid

The sid is part of the log -- e.g., sticky-buffer_sid -- so update the
test checks for each sid that alerts.

Author: jlucovsky

tests/entropy/entropy-01/test.yaml

@@ -1,5 +1,5 @@
 requires:
-  min-version: 8
+  version: 8
 
 checks:
   - filter:

tests/entropy/entropy-02/README.md

@@ -0,0 +1,2 @@
+This test checks the entropy keyword with a comparison against HTTP file data and ensures
+that the logging name is composed of the sticky buffer and sid.

tests/entropy/entropy-02/test.rules

@@ -0,0 +1,12 @@
+# The entropy value is 4.137370175000773
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value > 4; sid:1;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value >= 4; sid:2;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value >= 5; sid:3;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value 4-5; sid:4;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value !4-5; sid:5;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value < 4; sid:6;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value != 4; sid:7;)
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: value = 4; sid:8;)
+# The entropy value is 4.150007324019584
+alert http any any -> any any (msg:"entropy simple test"; file.data; entropy: offset 10, value > 4.14; sid:10;)
+

tests/entropy/entropy-02/test.yaml

@@ -0,0 +1,76 @@
+requires:
+  min-version: 8.0.1
+
+pcap: ../entropy-01/input.pcap
+
+args:
+  - --set logging.entropy.make-unique=on
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        metadata.entropy.file_data_1: 4.137370175000773
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        metadata.entropy.file_data_2: 4.137370175000773
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 4
+        metadata.entropy.file_data_4: 4.137370175000773
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 5
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 6
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 7
+        metadata.entropy.file_data_7: 4.137370175000773
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 8
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 10
+        metadata.entropy.file_data_10: 4.150007324019584
+  - filter:
+      count: 1
+      match:
+        event_type: flow
+        src_ip: 10.92.95.2
+        dest_ip: 10.92.67.138
+        flow.pkts_toserver: 5
+        flow.pkts_toclient: 5
+        metadata.entropy.file_data_1: 4.137370175000773
+        metadata.entropy.file_data_2: 4.137370175000773
+        metadata.entropy.file_data_3: 4.137370175000773
+        metadata.entropy.file_data_4: 4.137370175000773
+        metadata.entropy.file_data_5: 4.137370175000773
+        metadata.entropy.file_data_6: 4.137370175000773
+        metadata.entropy.file_data_7: 4.137370175000773
+        metadata.entropy.file_data_8: 4.137370175000773
+        metadata.entropy.file_data_10: 4.150007324019584