diff --git a/services/test_pcap/eve.json b/services/test_pcap/eve.json
new file mode 100644
index 0000000..e18c324
--- /dev/null
+++ b/services/test_pcap/eve.json
@@ -0,0 +1,20 @@
+{"timestamp":"2018-06-27T13:25:32.730991+0200","flow_id":2069435303860030,"pcap_cnt":1053,"event_type":"alert","src_ip":"10.10.3.126","src_port":56318,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":22,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":478,"bytes_toclient":4113,"start":"2018-06-27T13:25:32.726846+0200"}}
+{"timestamp":"2018-06-27T13:25:32.765278+0200","flow_id":1927400735416114,"pcap_cnt":1101,"event_type":"alert","src_ip":"10.10.3.126","src_port":56338,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:32.761650+0200"}}
+{"timestamp":"2018-06-27T13:25:32.775379+0200","flow_id":2097973214102936,"pcap_cnt":1113,"event_type":"alert","src_ip":"10.10.3.126","src_port":56340,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:32.771480+0200"}}
+{"timestamp":"2018-06-27T13:25:32.863536+0200","flow_id":1898723238747734,"pcap_cnt":1187,"event_type":"alert","src_ip":"10.10.3.126","src_port":56368,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:32.859734+0200"}}
+{"timestamp":"2018-06-27T13:25:32.813865+0200","flow_id":1411583753082899,"pcap_cnt":1125,"event_type":"alert","src_ip":"10.10.3.126","src_port":56342,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:32.808979+0200"}}
+{"timestamp":"2018-06-27T13:25:34.407695+0200","flow_id":747418600481573,"pcap_cnt":2381,"event_type":"alert","src_ip":"10.10.3.126","src_port":56664,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:34.402213+0200"}}
+{"timestamp":"2018-06-27T13:25:34.529182+0200","flow_id":2125248403997853,"pcap_cnt":2455,"event_type":"alert","src_ip":"10.10.3.126","src_port":56676,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:34.525469+0200"}}
+{"timestamp":"2018-06-27T13:25:34.420240+0200","flow_id":2133726669461986,"pcap_cnt":2393,"event_type":"alert","src_ip":"10.10.3.126","src_port":56666,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:34.416226+0200"}}
+{"timestamp":"2018-06-27T13:25:34.357527+0200","flow_id":1103645335512403,"pcap_cnt":2368,"event_type":"alert","src_ip":"10.10.3.126","src_port":56662,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:25:34.353619+0200"}}
+{"timestamp":"2018-06-27T13:25:34.321335+0200","flow_id":1761322940160278,"pcap_cnt":2320,"event_type":"alert","src_ip":"10.10.3.126","src_port":56654,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":22,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":478,"bytes_toclient":4113,"start":"2018-06-27T13:25:34.317718+0200"}}
+{"timestamp":"2018-06-27T13:26:02.712247+0200","flow_id":961464740003431,"pcap_cnt":5111,"event_type":"alert","src_ip":"10.10.3.126","src_port":56816,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:02.704103+0200"}}
+{"timestamp":"2018-06-27T13:26:02.650619+0200","flow_id":239392690724429,"pcap_cnt":5086,"event_type":"alert","src_ip":"10.10.3.126","src_port":56812,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:02.646733+0200"}}
+{"timestamp":"2018-06-27T13:26:02.613070+0200","flow_id":2069096003421829,"pcap_cnt":5035,"event_type":"alert","src_ip":"10.10.3.126","src_port":56804,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":22,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":478,"bytes_toclient":4113,"start":"2018-06-27T13:26:02.607877+0200"}}
+{"timestamp":"2018-06-27T13:26:02.874624+0200","flow_id":1493039957295662,"pcap_cnt":5218,"event_type":"alert","src_ip":"10.10.3.126","src_port":56826,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:02.868910+0200"}}
+{"timestamp":"2018-06-27T13:26:02.659710+0200","flow_id":1918050593538319,"pcap_cnt":5098,"event_type":"alert","src_ip":"10.10.3.126","src_port":56814,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:02.655631+0200"}}
+{"timestamp":"2018-06-27T13:26:04.365438+0200","flow_id":849226507256712,"pcap_cnt":6479,"event_type":"alert","src_ip":"10.10.3.126","src_port":57010,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":22,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":478,"bytes_toclient":4113,"start":"2018-06-27T13:26:04.361352+0200"}}
+{"timestamp":"2018-06-27T13:26:04.444369+0200","flow_id":198886854277507,"pcap_cnt":6528,"event_type":"alert","src_ip":"10.10.3.126","src_port":57018,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:04.440707+0200"}}
+{"timestamp":"2018-06-27T13:26:04.453926+0200","flow_id":1750302056046457,"pcap_cnt":6540,"event_type":"alert","src_ip":"10.10.3.126","src_port":57020,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:04.450425+0200"}}
+{"timestamp":"2018-06-27T13:26:04.520356+0200","flow_id":526496222207011,"pcap_cnt":6554,"event_type":"alert","src_ip":"10.10.3.126","src_port":57022,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:04.515107+0200"}}
+{"timestamp":"2018-06-27T13:26:04.619382+0200","flow_id":1830967984283982,"pcap_cnt":6615,"event_type":"alert","src_ip":"10.10.3.126","src_port":57032,"dest_ip":"10.10.3.1","dest_port":5000,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":1001200,"rev":1,"signature":"Example - single character password","category":"","severity":3,"metadata":{"tag":["enemy"]}},"http":{"hostname":"10.10.3.1","http_port":5000,"url":"/login","http_user_agent":"python-requests/2.19.1","http_content_type":"text/html","http_method":"POST","protocol":"HTTP/1.1","status":200,"length":3684},"files":[{"filename":"/login","sid":[],"gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}],"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":480,"bytes_toclient":4113,"start":"2018-06-27T13:26:04.614734+0200"}}
diff --git a/services/test_pcap/example.rule b/services/test_pcap/example.rule
new file mode 100644
index 0000000..6d2af18
--- /dev/null
+++ b/services/test_pcap/example.rule
@@ -0,0 +1,8 @@
+# Just as an example, this suricata rule tags every single-character password in the starchaser service
+# that is included as a test pcap.
+
+alert tcp any any -> any 5000 (msg: "Example - single character password"; flow:to_server; \
+	content:"POST"; http_method; content:"/login"; http_uri; \
+	content: "password"; http_client_body; pcre:"/password=[A-Za-z0-9]&/"; \
+	metadata: tag enemy; \
+	sid:1001200; rev: 1;)