11 lines
408 B
Plaintext
11 lines
408 B
Plaintext
# This tests if a pe file's timestamp in pe.log matches the files timestamp in files.log
|
|
|
|
# We simply test if the timestamp and uid of the file is in both pe.log and files.log
|
|
|
|
# @TEST-EXEC: zcat <$TRACES/pe/pe_files_timestamp.pcap.gz | zeek -b -r - %INPUT
|
|
# @TEST-EXEC: zeek-cut ts id < pe.log > pevalues.txt
|
|
# @TEST-EXEC: fgrep "`cat pevalues.txt`" files.log
|
|
|
|
@load base/protocols/http
|
|
@load base/files/pe
|