Merge pull request #5157 from wazuh/bug/5108-filter-timestamp-alerts

Filter alerts and logs by timestamp

CHANGELOG.md

@@ -51,6 +51,7 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
+- Fix timestamps alerts and logs filter ([#5157](https://github.com/wazuh/wazuh-qa/pull/5157)) \- (Framework + Tests)
 - Fix macOS and Windows agents timezone ([#5178](https://github.com/wazuh/wazuh-qa/pull/5178)) \- (Framework)
 - Fix Vulnerability Detector E2E tests by adding description to all tests ([#5151](https://github.com/wazuh/wazuh-qa/pull/5151)) \- (Tests)
 - Fix parser for non package vulnerabilities ([#5146](https://github.com/wazuh/wazuh-qa/pull/5146)) \- (Framework)

deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py

@@ -93,3 +93,25 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': '
                             json=data)
 
     return response.json()
+
+
+def delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
+                 index: str = 'wazuh-alerts*'):
+    """
+    Delete index from the Wazuh Indexer API.
+
+    Args:
+        host_manager: An instance of the HostManager class containing information about hosts.
+        credentials (Optional): A dictionary containing the Indexer credentials. Defaults to
+                                 {'user': 'admin', 'password': 'changeme'}.
+        index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'.
+    """
+    logging.info(f"Deleting {index} index")
+
+    url = f"https://{host_manager.get_master_ip()}:9200/{index}/"
+    headers = {
+        'Content-Type': 'application/json',
+    }
+
+    requests.delete(url=url, verify=False,
+                    auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']), headers=headers)

deps/wazuh_testing/wazuh_testing/end_to_end/regex.py

@@ -46,10 +46,10 @@
         'parameters': ['HOST_NAME', 'CVE', 'PACKAGE_NAME', 'PACKAGE_VERSION', 'ARCHITECTURE']
     },
     'vuln_affected': {
-        'regex':  'CVE.*? affects.*"?'
+        'regex':  'CVE.* affects.*"?'
     },
     'vuln_mitigated': {
-        'regex': "The .* that affected .* was solved due to a package removal"
+        'regex': "The .* that affected .* was solved due to a package removal.*"
     }
 }
 

deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py

@@ -22,7 +22,7 @@
 """
 import logging
 from typing import Dict, List
-from datetime import datetime
+from datetime import datetime, timezone
 from concurrent.futures import ThreadPoolExecutor
 
 from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan
@@ -174,8 +174,7 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho
                 logging.info(f"Installing package on {host}")
                 logging.info(f"Package URL: {package_url}")
 
-                current_datetime = datetime.utcnow().isoformat()
-
+                current_datetime = datetime.now(timezone.utc).isoformat()[:-6]  # Delete timezone offset
                 use_npm = package_data.get('use_npm', False)
 
                 if use_npm:
@@ -250,37 +249,39 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
     package_id = None
 
     if host_os_name in package_data:
-        if host_os_arch in package_data[host_os_name]:
-            package_id = package_data[host_os_name][host_os_arch]
-        else:
-            raise ValueError(f"Package for {host_os_name} and {host_os_arch} not found")
+        try:
+            if host_os_arch in package_data[host_os_name]:
+                package_id = package_data[host_os_name][host_os_arch]
 
-        package_data = load_packages_metadata()[package_id]
-        use_npm = package_data.get('use_npm', False)
+                package_data = load_packages_metadata()[package_id]
+                use_npm = package_data.get('use_npm', False)
 
-        current_datetime = datetime.utcnow().isoformat()
+                current_datetime = datetime.now(timezone.utc).isoformat()[:-6]  # Delete timezone offset
 
-        logging.info(f"Removing package on {host}")
-        if 'uninstall_name' in package_data:
-            uninstall_name = package_data['uninstall_name']
-            if use_npm:
-                host_manager.remove_npm_package(host, system, package_uninstall_name=uninstall_name)
-            else:
-                host_manager.remove_package(host, system, package_uninstall_name=uninstall_name)
-        elif 'uninstall_custom_playbook' in package_data:
-            host_manager.remove_package(host, system,
-                                        custom_uninstall_playbook=package_data['uninstall_custom_playbook'])
+                logging.info(f"Removing package on {host}")
+                if 'uninstall_name' in package_data:
+                    uninstall_name = package_data['uninstall_name']
+                    host_manager.remove_package(host, system, package_uninstall_name=uninstall_name)
+                elif 'uninstall_custom_playbook' in package_data:
+                    host_manager.remove_package(host, system,
+                                                custom_uninstall_playbook=package_data['uninstall_custom_playbook'])
 
-        wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or
-                                                          operation_data['check']['state_index'] or
-                                                          operation_data['check']['no_alerts'] or
-                                                          operation_data['check']['no_indices'])
+                wait_is_required = 'check' in operation_data and (operation_data['check']['alerts'] or
+                                                                operation_data['check']['state_index'] or
+                                                                operation_data['check']['no_alerts'] or
+                                                                operation_data['check']['no_indices'])
 
-        if wait_is_required:
-            wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime)
+                if wait_is_required:
+                    wait_syscollector_and_vuln_scan(host_manager, host, operation_data, current_datetime)
+
+                    check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
+                                            package_data, operation='remove')
 
-            check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
-                                       package_data, operation='remove')
+            else:
+                logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")
+
+        except Exception as e:
+            logging.critical(f"Error searching package: {e}")
 
     else:
         logging.info(f"No operation to perform on {host}")
@@ -352,8 +353,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
                 logging.info(f"Installing package on {host}")
                 logging.info(f"Package URL: {package_url_to}")
 
-                current_datetime = datetime.utcnow().isoformat()
-
+                current_datetime = datetime.now(timezone.utc).isoformat()[:-6]  # Delete timezone offset
                 use_npm = package_data_to.get('use_npm', False)
 
                 if use_npm:
@@ -399,7 +399,7 @@ def launch_remote_sequential_operation_on_agent(agent: str, task_list: List[Dict
         host_manager (HostManager): An instance of the HostManager class containing information about hosts.
     """
     # Convert datetime to Unix timestamp (integer)
-    timestamp = datetime.utcnow().isoformat()
+    timestamp = datetime.now(timezone.utc).isoformat()[:-6]  # Delete timezone offset
 
     if task_list:
         for task in task_list:

deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py

@@ -45,7 +45,7 @@ def wait_until_vd_is_updated(host_manager: HostManager) -> None:
 
     monitoring_data = generate_monitoring_logs(host_manager, ["INFO: Vulnerability scanner module started"],
                                                [VD_FEED_UPDATE_TIMEOUT], host_manager.get_group_hosts('manager'))
-    monitoring_events_multihost(host_manager, monitoring_data)
+    monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False)
 
 
 def wait_until_vuln_scan_agents_finished(host_manager: HostManager) -> None:
@@ -80,11 +80,12 @@ def wait_syscollector_and_vuln_scan(host_manager: HostManager, host: str,  opera
                                                [get_event_regex({'event': 'syscollector_scan_start'}),
                                                 get_event_regex({'event': 'syscollector_scan_end'})],
                                                [timeout_syscollector_scan, timeout_syscollector_scan],
-                                               host_manager.get_group_hosts('agent'))
+                                               host_manager.get_group_hosts('agent'),
+                                               greater_than_timestamp=current_datetime)
 
     truncate_remote_host_group_files(host_manager, host_manager.get_group_hosts('agent'))
 
-    monitoring_events_multihost(host_manager, monitoring_data)
+    monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False)
 
     logging.info(f"Waiting for vulnerability scan to finish on {host}")