Migrate test_active_response documentation to qa-docs
#1960
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 task
roronoasins
changed the title
active_response documentation to qa-docstest_active_response documentation to qa-docs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As part of epic #1796, this PR adds the missing documentation and migrates the current documentation to the new format used by qa-docs.
The schema used is the one defined in issue #1694
Generated documentation
test_analysisd
test_os_exec.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Active responses perform various countermeasures to address active threats, such as blocking access to an agent from the threat source when certain criteria are met. These tests will check if the 'wazuh-analysisd' daemon processes 'active response' messages correctly.", "tier": 0, "modules": [ "active_response" ], "components": [ "manager" ], "daemons": [ "wazuh-analysisd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/active-response/#active-response" ], "tags": [ "ar_analysisd" ], "name": "test_os_exec.py", "id": 1, "group_id": 0, "tests": [ { "description": "Check if 'active response' messages are sent in the correct format depending on the agent version used. For this purpose, simulated agents with different properties are created, and messages in two formats (string and JSON) are sent to the socket of the 'wazuh-analisysd' daemon, which should process them correctly.", "wazuh_min_version": "4.2.0", "parameters": [ { "set_debug_mode": { "type": "fixture", "brief": "Set execd daemon in debug mode." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "restart_service": { "type": "fixture", "brief": "Restart the Wazuh manager and clean the 'ossec.log' file." } }, { "configure_agents": { "type": "fixture", "brief": "Create simulated agents for testing." } } ], "assertions": [ "Verify that 'active response' messages in the old string format are valid.", "Verify that 'active response' messages in the new JSON format are valid." ], "input_description": "Different use cases are found in the test module and include parameters for 'active response' messages and metadata to configure the testing environment.", "expected_output": [ "r'Active response request received'", "Active response message with the structure defined in the validate_new_ar_message function (for Wazuh versions >= 4.2).", "Active response message with the structure defined in the validate_old_ar_message function (for Wazuh versions < 4.2)." ], "tags": [ "simulator" ], "name": "test_os_exec", "inputs": [ "get_configuration0", "get_configuration1", "get_configuration2", "get_configuration3", "get_configuration4", "get_configuration5" ] } ] }test_os_exec.yaml
test_execd
test_execd_firewall_drop.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Active responses execute a script in response to the triggering of specific alerts based on the alert level or rule group. These tests will check if the 'active responses', which are executed by the 'wazuh-execd' daemon via scripts, run correctly.", "tier": 0, "modules": [ "active_response" ], "components": [ "agent" ], "daemons": [ "wazuh-analysisd", "wazuh-execd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/active-response/#active-response" ], "tags": [ "ar_execd" ], "name": "test_execd_firewall_drop.py", "id": 3, "group_id": 0, "tests": [ { "description": "Check if 'firewall-drop' command of 'active response' is executed correctly. For this purpose, a simulated agent is used and the 'active response' is sent to it. This response includes an IP address that must be added and removed from 'iptables', the Linux firewall.", "wazuh_min_version": "4.2.0", "parameters": [ { "set_debug_mode": { "type": "fixture", "brief": "Set the 'wazuh-execd' daemon in debug mode." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "test_version": { "type": "fixture", "brief": "Validate the Wazuh version." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "remove_ip_from_iptables": { "type": "fixture", "brief": "Remove the testing IP address from 'iptables' if it exists." } }, { "start_agent": { "type": "fixture", "brief": "Create 'wazuh-remoted' and 'wazuh-authd' simulators, register agent and start it." } }, { "set_ar_conf_mode": { "type": "fixture", "brief": "Configure the 'active responses' used in the test." } } ], "assertions": [ "Verify that the testing IP address is added to 'iptables'.", "Verify that the testing IP address is removed from 'iptables'." ], "input_description": "Different use cases are found in the test module and include parameters for 'firewall-drop' command and the expected result.", "expected_output": [ { "r'DEBUG": "Received message'" }, "r'Starting'", "r'active-response/bin/firewall-drop'", "r'Ended'", "r'Cannot read 'srcip' from data' (If the 'active response' fails)" ], "tags": [ "simulator" ], "name": "test_execd_firewall_drop", "inputs": [ "get_configuration0", "get_configuration1" ] } ] }test_execd_firewall_drop.yaml
test_execd_restart.json
{ "copyright": "Copyright (C) 2015-2021, Wazuh Inc.\nCreated by Wazuh, Inc. <info@wazuh.com>.\nThis program is free software; you can redistribute it and/or modify it under the terms of GPLv2", "type": "integration", "brief": "Active responses execute a script in response to the triggering of specific alerts based on the alert level or rule group. These tests will check if the 'active responses', which are executed by the 'wazuh-execd' daemon via scripts, run correctly.", "tier": 0, "modules": [ "active_response" ], "components": [ "agent" ], "daemons": [ "wazuh-analysisd", "wazuh-execd" ], "os_platform": [ "linux" ], "os_version": [ "Arch Linux", "Amazon Linux 2", "Amazon Linux 1", "CentOS 8", "CentOS 7", "CentOS 6", "Ubuntu Focal", "Ubuntu Bionic", "Ubuntu Xenial", "Ubuntu Trusty", "Debian Buster", "Debian Stretch", "Debian Jessie", "Debian Wheezy", "Red Hat 8", "Red Hat 7", "Red Hat 6" ], "references": [ "https://documentation.wazuh.com/current/user-manual/capabilities/active-response/#active-response" ], "name": "test_execd_restart.py", "id": 2, "group_id": 0, "tests": [ { "description": "Check if 'restart-wazuh' command of 'active response' is executed correctly. For this purpose, a simulated agent is used, to which the active response is sent. This response includes the order to restart the Wazuh agent, which must restart after receiving this response.", "wazuh_min_version": "4.2.0", "parameters": [ { "set_debug_mode": { "type": "fixture", "brief": "Set execd daemon in debug mode." } }, { "get_configuration": { "type": "fixture", "brief": "Get configurations from the module." } }, { "test_version": { "type": "fixture", "brief": "Validate Wazuh version." } }, { "configure_environment": { "type": "fixture", "brief": "Configure a custom environment for testing." } }, { "start_agent": { "type": "fixture", "brief": "Create Remoted and Authd simulators, register agent and start it." } }, { "set_ar_conf_mode": { "type": "fixture", "brief": "Configure Active Responses used in tests." } } ], "assertions": [ "Verify that the 'active response' 'restart-wazuh' is received.", "Verify that the agent is ready to restart." ], "input_description": "Different use cases are found in the test module and include parameters for 'restart-wazuh' command and the expected result.", "expected_output": [ { "r'DEBUG": "Received message'" }, "r'Shutdown received. Deleting responses.'", "r'Starting'", "r'active-response/bin/restart-wazuh'", "r'Ended'", "r'Invalid input format' (If the 'active response' fails)" ], "tags": [ "simulator" ], "name": "test_execd_restart", "inputs": [ "get_configuration0", "get_configuration1" ] } ] }test_execd_restart.yaml
Tests
pycodestyle --max-line-length=120 --show-source --show-pep8 file.py.python3 DocGenerator.py -s