Merge pull request #344 from Security-Onion-Solutions/jertel/suri

fix tests

html/js/routes/jobs.js

@@ -153,13 +153,16 @@ routes.push({ path: '/jobs', name: 'jobs', component: {
         if (!sensorId) {
           this.$root.showError(this.i18n.sensorIdRequired);
         } else {
+          if (protocol) {
+            protocol = protocol.toLowerCase();
+          }
           const beginDate = moment(beginTime);
           const endDate = moment(endTime);
           const response = await this.$root.papi.post('job/', {
             nodeId: sensorId,
             filter: {
               importId: importId,
-              protocol: protocol.toLowerCase(),
+              protocol: protocol,
               srcIp: srcIp,
               srcPort: parseInt(srcPort),
               dstIp: dstIp,

server/modules/elastic/elasticeventstore.go

@@ -788,13 +788,13 @@ func (store *ElasticEventstore) PopulateJobFromDocQuery(ctx context.Context, idF
 		}).Info("Obtained output parameters")
 	}
 
-	if len(filter.SrcIp) == 0 || len(filter.DstIp) == 0 || filter.SrcPort == 0 || filter.DstPort == 0 {
+	if len(filter.SrcIp) == 0 || len(filter.DstIp) == 0 || ((filter.SrcPort == 0 || filter.DstPort == 0) && filter.Protocol != model.PROTOCOL_ICMP) {
 		log.WithFields(log.Fields{
 			"query":     store.truncate(query),
 			"uid":       uid,
 			"requestId": ctx.Value(web.ContextKeyRequestId),
-		}).Warn("Unable to lookup PCAP due to missing TCP/UDP parameters")
-		return errors.New("No TCP/UDP record was found for retrieving PCAP")
+		}).Warn("Unable to lookup PCAP due to missing TCP/UDP/ICMP parameters")
+		return errors.New("No TCP/UDP/ICMP record was found for retrieving PCAP")
 	}
 
 	filter.BeginTime = timestamp.Add(time.Duration(-duration-int64(store.timeShiftMs)) * time.Millisecond)