Adding tests¶
This section explains how to use the various types of tests that are available. You can add as many tests to one test file as you want.
The type of data type differs per test. The data type that you should use for the test is documented at each test.
The available tests are:
- check_md5 - Type: String
- check_sha1 - Type: String
- check_sha256 - Type: String
- check_sha512 - Type: String
- check_expected_api_calls - Type: Dictionary: String:Integer
- check_expected_regkeys_opened - Type: List: String
- check_expected_regkeys_read - Type: List: String
- check_expected_regkeys_written - Type: List: String
- check_expected_regkeys_deleted - Type: List: String
- check_expected_files_opened - Type: List: String
- check_expected_files_read - Type: List: String
- check_expected_files_written - Type: List: String
- check_expected_files_deleted - Type: List: String
- check_expected_mutexes_created - Type: Dictionary: String:String
- check_expected_ips_connected - Type: List: String
- check_expected_hosts_connected - Type: List: String
- check_expected_processes - Type: Dictionary: String:Integer
- check_expected_dll_loaded - Type: List: String
- check_expected_monitor_log_lines - Type: Dictionary: String:dictionary(String:integer)
- Each test key in the ‘tests’ key should be seperated by a comma. Like so:
1 2 3 4 5 6 7 8 9 10 11 12
{ "test_info": { }, "tests": { "check_md5":"", "check_sha256":"", "check_expected_api_calls": { }, "check_expected_ips_connected": [ ] } }
- tests
- check_md5
- check_sha1
- check_sha256
- check_sha512
- check_expected_api_calls
- check_expected_regkeys_opened
- check_expected_regkeys_read
- check_expected_regkeys_written
- check_expected_regkeys_deleted
- check_expected_mutexes_created
- check_expected_ips_connected
- check_expected_hosts_connected
- check_expected_processes
- check_expected_dll_loaded
- check_expected_monitor_log_lines