-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GuardDuty integration tests #3762
GuardDuty integration tests #3762
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Tier 0 test test_discard_regex[guardduty_discard_regex]
fails with the following error message:
root@ubuntu-focal:/home/vagrant/wazuh-qa/tests/integration/test_aws# pytest -k 'guardduty' --tier 0
====================================================================== test session starts ======================================================================
platform linux -- Python 3.8.10, pytest-5.0.0, py-1.11.0, pluggy-0.13.1
rootdir: /home/vagrant/wazuh-qa/tests/integration, inifile: pytest.ini
plugins: html-2.0.1, metadata-2.0.4, testinfra-5.0.0
collected 24 items / 16 deselected / 8 selected
test_basic.py . [ 12%]
test_discard_regex.py F [ 25%]
test_only_logs_after.py .. [ 50%]
test_path.py ... [ 87%]
test_remove_from_bucket.py . [100%]
=========================================================================== FAILURES ============================================================================
__________________________________________________________ test_discard_regex[guardduty_discard_regex] __________________________________________________________
configuration = {'metadata': {'bucket_name': 'wazuh-guardduty-integration-tests', 'bucket_type': 'guardduty', 'description': 'GuardDut...elements': [{'disabled': {'value': 'no'}}, {'bucket': {'attributes': [...], 'elements': [...]}}], 'section': 'wodle'}]}
metadata = {'bucket_name': 'wazuh-guardduty-integration-tests', 'bucket_type': 'guardduty', 'description': 'GuardDuty discard regex configurations', 'discard_field': 'partition', ...}
load_wazuh_basic_configuration = None, set_wazuh_configuration = None, clean_s3_cloudtrail_db = None, configure_local_internal_options_function = None
truncate_monitored_files = None, restart_wazuh_function = None, wazuh_log_monitor = <wazuh_testing.tools.monitoring.FileMonitor object at 0x7f20a644b5e0>
@pytest.mark.tier(level=0)
@pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=case_ids)
def test_discard_regex(
configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_s3_cloudtrail_db,
configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, wazuh_log_monitor,
):
"""
description: Fetch logs excluding the ones that match with the regex.
test_phases:
- setup:
- Load Wazuh light configuration.
- Apply ossec.conf configuration changes according to the configuration template and use case.
- Apply custom settings in local_internal_options.conf.
- Truncate wazuh logs.
- Restart wazuh-manager service to apply configuration changes.
- test:
- Check in the ossec.log that a line has appeared calling the module with correct parameters.
- Check the expected number of events were forwarded to analysisd, only logs stored in the bucket and skips
the ones that match with regex.
- Check the database was created and updated accordingly.
- teardown:
- Truncate wazuh logs.
- Restore initial configuration, both ossec.conf and local_internal_options.conf.
- Delete the uploaded file
wazuh_min_version: 4.5.0
parameters:
- configuration:
type: dict
brief: Get configurations from the module.
- metadata:
type: dict
brief: Get metadata from the module.
- load_wazuh_basic_configuration:
type: fixture
brief: Load basic wazuh configuration.
- set_wazuh_configuration:
type: fixture
brief: Apply changes to the ossec.conf configuration.
- clean_s3_cloudtrail_db:
type: fixture
brief: Delete the DB file before and after the test execution.
- configure_local_internal_options_function:
type: fixture
brief: Apply changes to the local_internal_options.conf configuration.
- truncate_monitored_files:
type: fixture
brief: Truncate wazuh logs.
- restart_wazuh_daemon_function:
type: fixture
brief: Restart the wazuh service.
- wazuh_log_monitor:
type: fixture
brief: Return a `ossec.log` monitor.
assertions:
- Check in the log that the module was called with correct parameters.
- Check the expected number of events were forwarded to analysisd.
- Check the database was created and updated accordingly.
input_description:
- The `configuration_discard_regex` file provides the module configuration for this test.
- The `cases_discard_regex` file provides the test cases.
"""
bucket_name = metadata['bucket_name']
bucket_type = metadata['bucket_type']
only_logs_after = metadata['only_logs_after']
discard_field = metadata['discard_field']
discard_regex = metadata['discard_regex']
found_logs = metadata['found_logs']
skipped_logs = metadata['skipped_logs']
pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field. The event will be skipped.'
parameters = [
'wodles/aws/aws-s3',
'--bucket', bucket_name,
'--aws_profile', 'qa',
'--only_logs_after', only_logs_after,
'--discard-field', discard_field,
'--discard-regex', discard_regex,
'--type', bucket_type,
'--debug', '2'
]
# Check AWS module started
wazuh_log_monitor.start(
timeout=global_parameters.default_timeout,
callback=event_monitor.callback_detect_aws_module_start,
error_message='The AWS module did not start as expected',
).result()
# Check command was called correctly
wazuh_log_monitor.start(
timeout=global_parameters.default_timeout,
callback=event_monitor.callback_detect_aws_module_called(parameters),
error_message='The AWS module was not called with the correct parameters',
).result()
> wazuh_log_monitor.start(
timeout=T_20,
callback=event_monitor.callback_detect_event_processed_or_skipped(pattern),
error_message=(
'The AWS module did not show correct message about discard regex or ',
'did not process the expected amout of logs'
),
accum_results=found_logs + skipped_logs
).result()
test_discard_regex.py:130:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.8/dist-packages/wazuh_testing/tools/monitoring.py:201: in start
self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7f20a644b670>, timeout = 20
callback = <function callback_detect_event_processed_or_skipped.<locals>.<lambda> at 0x7f20a644edc0>, accum_results = 6, update_position = True
timeout_extra = 0, error_message = ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')
def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
error_message=''):
"""Start the queue monitoring until the stop method is called."""
if not self._continue:
self._continue = True
self._abort = False
result = None
while self._continue:
if self._abort:
self.stop()
if error_message:
logger.error(error_message)
logger.error(f"Results accumulated: "
f"{len(result) if isinstance(result, list) else 0}")
logger.error(f"Results expected: {accum_results}")
> raise TimeoutError(error_message)
E TimeoutError: ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')
/usr/local/lib/python3.8/dist-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
--------------------------------------------------------------------- Captured stderr setup ---------------------------------------------------------------------
2023-01-31 13:56:49,269 - wazuh_testing - DEBUG - Set local_internal_option to {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0'}
---------------------------------------------------------------------- Captured log setup -----------------------------------------------------------------------
DEBUG wazuh_testing:conftest.py:619 Set local_internal_option to {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0'}
--------------------------------------------------------------------- Captured stderr call ----------------------------------------------------------------------
2023-01-31 13:57:23,337 - wazuh_testing - ERROR - ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')
2023-01-31 13:57:23,337 - wazuh_testing - ERROR - Results accumulated: 4
2023-01-31 13:57:23,337 - wazuh_testing - ERROR - Results expected: 6
----------------------------------------------------------------------- Captured log call -----------------------------------------------------------------------
ERROR wazuh_testing:monitoring.py:465 ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')
ERROR wazuh_testing:monitoring.py:466 Results accumulated: 4
ERROR wazuh_testing:monitoring.py:468 Results expected: 6
------------------------------------------------------------------- Captured stderr teardown --------------------------------------------------------------------
2023-01-31 13:57:26,520 - wazuh_testing - DEBUG - Restore local_internal_option to {'syscheck.debug': '2\n', 'monitord.rotate_log': '0\n'}
--------------------------------------------------------------------- Captured log teardown ---------------------------------------------------------------------
DEBUG wazuh_testing:conftest.py:624 Restore local_internal_option to {'syscheck.debug': '2\n', 'monitord.rotate_log': '0\n'}
====================================================== 1 failed, 7 passed, 16 deselected in 186.87 seconds ======================================================
Additionally, the data generated for the testing corresponds to the deprecated implementation of AWSGuardDuty (since wazuh/wazuh#15226). The tests should also address cases where native GuardDuty logs are used.
4dfaa6b
to
e7532b4
Compare
The native test cases were added in cf8b22d. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
560b62a
to
9db848b
Compare
9db848b
to
d4e488e
Compare
* feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings
* feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings
* feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings
* feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings
* feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings
* feat(#3333): Add basic structure for AWS tests * feat(#3335): Cloudtrail integration tests (#3624) * feat(#3335): add basic test for aws cloudtrail module * feat(#3335): add utils for handle files in S3 buckets * feat(#3335): add remove_from_bucket test for aws cloudtrail module * feat(#3335): add fixture for delete s3_cloudtrail.db * refactor(#3335): rename modules * refactor(#3335): change the return of upload_file function * refactor(#3335): Fix docstring and rename constant * refactor(#3335): improve default test catching parser and module errors * feat(#3335): add only_logs_from test for aws cloudtrail module * feat(#3335): add path tests for aws cloudtrail module * feat(#3335): add path_suffix tests for aws cloudtrail module * feat(#3335): add regions tests for aws cloudtrail module * refactor(#3335): Move wazuh_log_monitor to a fixture * feat(#3335): add discard_regex tests for aws cloudtrail module * feat(#3335): add only_logs_after tier_1 test for aws cloudtrail module * refactor(#3335): Improve name of test cases * refactor(#3335): Improve tests assertions * refactor(#3335): Improve tier 1 test * refactor(#3335): Implement new design for Tier 1 test * style(#3335): Changed the extension from .yml to .yaml * style(#3335): Fixed linter issues * style(#3335): Apply suggestions from code review Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> * refactor(#3335): Add path parameter to get_db_connection * style(#3335): Fix quotes use according to QA style * style(#3335): Use google docstring style * refactor(#3335): Add missing information about fixtures * refactor(#3335): Change sqlite table name for backward compatibility * style(#3335): Fix docstrings punctuation and capitalization * refactor(#3335): Apply suggestions from code review * style(#3335): Apply suggestions from code review Fix punctuation in docstrings. Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * style(#3335): Apply suggestions from code review Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * feat(#3336): VPC integration tests (#3699) * feat(#3336): Add basic test for aws vpc integration * feat(#3336): Add data generator for vpcflow type * feat(#3336): Add remove_from_bucket test for aws vpc integration * feat(#3336): Add only_logs_after tests for aws vpc integration * feat(#3336): Add path tests for aws vpc integration * feat(#3336): Add path_suffix tests for aws vpc integration * feat(#3336): Add regions tests for aws vpc integration * feat(#3336): Add discard_regex tests for aws vpc integration * feat(#3336): Add only_logs_after tier_1 tests for aws vpc integration * style(#3336): Fix linter issues * feat(#3336): Use join in path builds * feat(#3336): Fix cloudtrail cases * feat(#3336): Detect found and skipped logs * feat(#3336): Improve delete_file_from_s3 fixture * fix(#3336): Add minor fixes --------- Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * refactor(#3333): Use utcnow() instead of now() * feat(#3337): AWS Config integration tests (#3705) * feat(#3337): Add basic test for aws config integration * feat(#3337): Add remove_from_bucket test for aws config integration * feat(#3337): Add only_logs_after tests for aws config integration * feat(#3337): Add path tests for aws config integration * feat(#3337): Add path_suffix tests for aws config integration * feat(#3337): Add regions tests for aws config integration * feat(#3337): Add discard_regex tests for aws config integration * feat(#3337): Add only_logs_after tier_1 tests for aws config integration * feat(#3337): Use non padaded month format * feat(#3337): Use join in path builds * feat(#3337): Improve message for check_non_processed_logs_from_output * fix(#3337): Add minor fixes * feat(#3338): ALB, CLB and NLB integration tests (#3711) * feat(#3338): Add basic test for aws ALB integration * feat(#3338): Add remove_from_bucket test for aws ALB integration * feat(#3338): Add schema for ALB table * feat(#3338): Add only_logs_after tests for aws ALB integration * feat(#3338): Add path tests for aws ALB integration * feat(#3338): Add regions tests for aws ALB integration * feat(#3338): Add regions discard_regex for aws ALB integration * feat(#3338): Add regions only_logs_after tier 1 for aws ALB integration * feat(#3338): Improve upload_and_delete_file_to_s3 fixture * feat(#3338): Skip remove_from_bucket test case for ALB * feat(#3338): Add basic test for aws CLB integration * feat(#3338): Add remove_from_bucket test for aws CLB integration * feat(#3338): Add only_logs_after tests for aws CLB integration * feat(#3338): Add path tests for aws CLB integration * feat(#3338): Add regions only_logs_after tier 1 for aws CLB integration * feat(#3338): Add regions discard_regex for aws CLB integration * feat(#3338): Add only_logs_after tier 1 for aws CLB integration * feat(#3338): Skip remove_from_bucket test case for CLB * feat(#3338): Add basic test for aws NLB integration * feat(#3338): Add remove_from_bucket test for aws NLB integration * feat(#3338): Add only_logs_after tests for aws NLB integration * feat(#3338): Add path tests for aws NLB integration * feat(#3338): Add regions tests for aws NLB integration * feat(#3338): Add only_logs_after tier 1 for aws NLB integration * style(#3335): Fix linter issues * feat(#3338): Move skip function to a fixture * feat(#3338): Use join in path builds * feat(#3338): Improve docstrings * feat(#3338): Increase timeout to avoid random failures * refactor(#3338): Use utcnow() instead of now() and typos * refactor(#3338): Apply changes from CR * feat(#3339): KMS integration tests (#3715) * feat(#3339): Add basic test for aws KMS integration * feat(#3339): Add data generator for KMS type * feat(#3339): Add remove_from_bucket test for aws KMS integration * feat(#3339): Add schema for custom table * feat(#3339): Add only_logs_after tests for aws KMS integration * feat(#3339): Add path tests for aws KMS integration * feat(#3339): Add discard_regex tests for aws KMS integration * feat(#3339): Adapt only_logs_after tier 1 test to custom types * feat(#3339): Add only_logs_after tier 1 for aws KMS integration * feat(#3339): Use join in path builds * feat(#3339): Improve skipped logs count in tier 1 test * feat(#3339): Add missing docstring * style(#3339): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * refactor(#3339): Use utcnow() instead of now() and typos * fix(#3339): Apply suggestions from code review Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * feat(#3340): Macie integration tests (#3734) * feat(#3340): Add basic test for aws Macie integration * feat(#3336): Add data generator for vpcflow type * feat(#3340): Add remove_from_bucket test for aws Macie integration * feat(#3340): Add only_logs_after tests for aws Macie integration * feat(#3340): Add path tests for aws Macie integration * feat(#3340): Add discard_regex tests for aws Macie integration * feat(#3340): Add only_logs_after tier 1 for aws Macie integration * feat(#3340): Use join in path builds * fix(#3340): Fix typo * fix(#3340): Remove unused arguments * style(#3340): Apply suggestions from code review Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> --------- Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * fix(#3333): Improve test condition * feat(#3341): Trusted Advisor integration tests (#3736) * feat(#3341): Add basic test for aws Trusted Advisor integration * feat(#3339): Add data generator for KMS type * feat(#3341): Add remove_from_bucket test * feat(#3341): Add only_logs_after tests for aws Trusted Advisor integration * feat(#3341): Add path tests for aws Trusted Advisor integration * feat(#3341): Add discard_regex tests for aws Trusted Advisor integration * feat(#3341): Add only_logs_after tier 1 for aws Trusted Advisor integration * feat(#3342): GuardDuty integration tests (#3762) * feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings * fix(#3333): Improve some test findings * feat(#3343): WAF integration tests (#3763) * feat(#3343): Add basic test for aws WAF integration * feat(#3343): Add data generator for WAF type * feat(#3343): Add remove_from_bucket test for aws WAF integration * feat(#3343): Add schema for WAF table * feat(#3343): Add only_logs_after tests for aws WAF integration * feat(#3343): Add path tests for aws WAF integration * feat(#3343): Add discard_regex tests for aws WAF integration * feat(#3343): Add only_logs_after tier 1 for aws WAF integration * style(#3343): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * refactor(#3343): Improve discard_regex test findings --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * feat(#3344): Server Access integration tests (#3771) * feat(#3344): Add basic test for aws server access integration * feat(#3344): Add data generator for Server Access type * feat(#3344): Add remove_from_bucket test for aws SA integration * feat(#3344): Add schema for ServerAccess table * feat(#3344): Add only_logs_after tests for aws SA integration * feat(#3344): Add path tests for aws SA integration * feat(#3344): Add discard_regex tests for aws FA integration * feat(#3344): Add only_logs_after tier 1 for aws SA integration * feat(#3344): Use table_name instead of bucket_type * style(#3344): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * feat(#3345): Add basic test for aws inspector integration * feat(#3345): Add only_logs_after tests for aws Inspector integration * feat(#3345): Add only_logs_after tier 1 for Inspector integration * refactor(#3345): Minor fixes * style(#3345): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * style(#3345): Apply suggestions from code review Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> * feat(#3346): CloudWatch integration tests (#3857) * feat(#3346): Add basic test for aws cloudwatch integration * feat(#3346): Rename basic test for buckets integration * feat(#3346): Add tools for cloudwatch integration * feat(#3346): Add remove_log_streams test for aws cloudwatch integration * feat(#3346): Add utils for cloudwatch tests * feat(#3346): Add fixtures for cloudwatch tests * feat(#3346): Add only_logs_after tests for aws CloudWatch integration * feat(#3346): Rename only_logs_after tests for buckets integration * feat(#3346): Add regions tests for aws CloudWatch integration * feat(#3346): Rename regions tests for buckets integration * feat(#3346): Add log_groups tests for aws CloudWatch integration * feat(#3346): Add only_logs_after tier 1 for aws CloudWatch integration * feat(#3346): Rename tier 1 tests for buckets integration * refactor(#3346): Minor fixes * style(#3346): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * style(#3346): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * feat(#3347): Umbrella integration tests (#3796) * feat(#3347): Add basic test for aws umbrella integration * feat(#3347): Add data generator for Umbrella type * feat(#3347): Add remove_from_bucket test for aws Umbrella integration * feat(#3347): Add schema for Umbrella table * feat(#3347): Add only_logs_after tests for aws Umbrella integration * feat(#3347): Add path tests for aws Umbrella integration * feat(#3347): Add discard_regex tests for aws Umbrella integration * feat(#3347): Add only_logs_after tier 1 for aws Umbrella integration * style(#3347): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3347): Fix discard_regex test findings --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3333): Add missing PATH with empty value * feat(#3581): Parser integration tests (#3882) * feat(#3581): Add tests for mandatory missing params * feat(#3581): Add tests for empty values * feat(#3581): Add tests for invalid values * feat(#3581): Add tests for multiple bucket and service tags * style(#3581): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * style(#3581): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3333): Adjust some tests values * fix(#3333): Fix cloudwatchlogs_log_groups_with_data test * fix(#3333): Adjust cisco_umbrella_only_logs_after_multiple_calls values * fix(#3333): Normalize tier1 tests for all bucket integrations * feat(#3348): AWS integration tests readme (#3892) * docs(#3348): Add AWS integration tests README * docs(#3348): Add referece to AWS tests * refactor(#3348): Improve explanation about credentials Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3333): Adjust inexistent_region test for services * fix(#3333): Adjust parser tests * fix(#3333): Change message to search for services region tests * fix(#3333): Marked inspector tier 1 test as xfail * fix(#3333): Splitted inspector and cloudwatch logs * fix(#3333): Timeouts adjustments * fix(#3333): Fixed tests cases for cloudwatch tier 1 tests * fix(#3333): Fixed linter issues * docs(#3333): Added changelog * fix(#3333): Fixed order and format * fix(#3333): Moved constants to __init__.py * fix(#3333): Replaced wazuh_log_monitor with file_monitoring * fix(#3333): Moved constants to wazuh_testing/__init__.py * fix(#3333): Moved constants to test_aws/__init__.py * fix(#3333): Improved docstring * fix(#3333): Moved exception to new file * fix(#3333): Improved fixtures and removed unused ones * fix(#3333): Fixed quotation marks * fix(#3333): Removed type hints * fix(#3339): Apply suggestions from code review Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> * fix(#3333): Install boto3 only in linux * fix(#3339): Apply suggestions from code review Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> * fix(#3333): Moved constants --------- Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>
* fix(#3328): update auth messages to new payload * fix(#4022): replace Popen() with call() ensuring process killing * feat(#4022): adapt enrollment tests to new payload * fix(#4022): fix wazuh_db global messages yaml * style(#4022): fix some linting issues from global_messages.yaml * fix(#4022): add status_code to queries * docs(#4022): update CHANGELOG * fix(#4026): solve a bug of migration tool framework * fix(#4020): fixed migration tool * feat(#4026): add new changes in the changelog * feat(#4062): adapt integration tests for Office365 GCC support * feat(#4062): adapt integration tests for Office365 GCC support * docs(#4062): update changelog * style(#4062): fix yaml linting errors * fix(#4062): correct the config yaml indents * fix(#4062): add missing api_type value in case 8 --------- Co-authored-by: Bryce Shurts <89558443+S-Bryce@users.noreply.github.com> * merge(#4089)!: merge 4.4 into 4.5 * fix(3862): fix test_assign_agent_group_with_enrollment * fix(#3862): delete default group check * feat(#3862): update changelog * refactor(#3862): add expected logs * fix(#4047): fix duplicated slash in API endpoint (#4048) * refactor: update changelog * refactor: bump version to 4.3.10 * refactor: update changelog --------- Co-authored-by: jmv74211 <jmv74211@gmail.com> * feat: update changelog for 4.4.1 tag (#4084) * fix(#4079): fix unstable system tests * fix(#4079): test active response log format * fix(#4079): remove log monitor to avoid race condition * fix(#4079): internal option fixture call * fix(#4079): enrollment cluster log path typo * docs(#4070): include missing tests in README * feat(#4079): include marks to system tests * docs(#4070): update changelog * docs(#4079): restore deleted commentary * docs(#4079): move pr changes to fixed category * fix(#3942): fix agentd IT for python310 * fix(#3942): include simulator teardown * style(#3943): pep8 * docs(#3942): include 3973 changelog * docs(#3942): move pr changes to fixed category * refactor(#3942): remove unnecessary scopes * docs(#3942): change changelog pr entry * docs(#3942): move change to 4.4.2 * docs(#3942): include teardown documentation * feat(#3912): add tests for groups deletion * feat(#3912): add function to get group id * feat(#3912): add test for group deletion * feat(#3912): add test cases * fix(#3912): fix linter errors * feat(#3912): update changelog * fix(#3912): fix typo * docs(#3912): improve description * fix(#3912): change import * docs(#3912): improve documentation * fix(#3912): delete created group during tear down * docs(#3912): add documentation * refactor(#3912)!: change delete function and test cases * refactor(#3912): change affected tests * feat(#3912): store binary path * docs(#3912): add function documentation * fix(#3912): update changelog * feat(#4089): bump version to 4.4.2 * feat(#4089): bump version to 4.4.2 * refactor(#4089): change revision --------- Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: jmv74211 <jmv74211@gmail.com> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> * fix(#4105): fix a bug when running tests for the first time * fix(#4082): updated log severity * fix(#4082): updated log severity * docs(#4082): update CHANGELOG * feat(#3361): add MSU Catalog Patches IT * feat(#3361): add database query function * feat(#3361): add new test module and cases * style(#3361): fix yaml styling * style(#3361): fix spacing and whitespaces * docs(#3361): update changelog * docs(#3361): add clarifying comment * style(#3361): remove whitespace * style(#3361): fix style and docu * feat(#3333): add AWS integration tests * feat(#3333): Add basic structure for AWS tests * feat(#3335): Cloudtrail integration tests (#3624) * feat(#3335): add basic test for aws cloudtrail module * feat(#3335): add utils for handle files in S3 buckets * feat(#3335): add remove_from_bucket test for aws cloudtrail module * feat(#3335): add fixture for delete s3_cloudtrail.db * refactor(#3335): rename modules * refactor(#3335): change the return of upload_file function * refactor(#3335): Fix docstring and rename constant * refactor(#3335): improve default test catching parser and module errors * feat(#3335): add only_logs_from test for aws cloudtrail module * feat(#3335): add path tests for aws cloudtrail module * feat(#3335): add path_suffix tests for aws cloudtrail module * feat(#3335): add regions tests for aws cloudtrail module * refactor(#3335): Move wazuh_log_monitor to a fixture * feat(#3335): add discard_regex tests for aws cloudtrail module * feat(#3335): add only_logs_after tier_1 test for aws cloudtrail module * refactor(#3335): Improve name of test cases * refactor(#3335): Improve tests assertions * refactor(#3335): Improve tier 1 test * refactor(#3335): Implement new design for Tier 1 test * style(#3335): Changed the extension from .yml to .yaml * style(#3335): Fixed linter issues * style(#3335): Apply suggestions from code review Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> * refactor(#3335): Add path parameter to get_db_connection * style(#3335): Fix quotes use according to QA style * style(#3335): Use google docstring style * refactor(#3335): Add missing information about fixtures * refactor(#3335): Change sqlite table name for backward compatibility * style(#3335): Fix docstrings punctuation and capitalization * refactor(#3335): Apply suggestions from code review * style(#3335): Apply suggestions from code review Fix punctuation in docstrings. Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * style(#3335): Apply suggestions from code review Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * feat(#3336): VPC integration tests (#3699) * feat(#3336): Add basic test for aws vpc integration * feat(#3336): Add data generator for vpcflow type * feat(#3336): Add remove_from_bucket test for aws vpc integration * feat(#3336): Add only_logs_after tests for aws vpc integration * feat(#3336): Add path tests for aws vpc integration * feat(#3336): Add path_suffix tests for aws vpc integration * feat(#3336): Add regions tests for aws vpc integration * feat(#3336): Add discard_regex tests for aws vpc integration * feat(#3336): Add only_logs_after tier_1 tests for aws vpc integration * style(#3336): Fix linter issues * feat(#3336): Use join in path builds * feat(#3336): Fix cloudtrail cases * feat(#3336): Detect found and skipped logs * feat(#3336): Improve delete_file_from_s3 fixture * fix(#3336): Add minor fixes --------- Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * refactor(#3333): Use utcnow() instead of now() * feat(#3337): AWS Config integration tests (#3705) * feat(#3337): Add basic test for aws config integration * feat(#3337): Add remove_from_bucket test for aws config integration * feat(#3337): Add only_logs_after tests for aws config integration * feat(#3337): Add path tests for aws config integration * feat(#3337): Add path_suffix tests for aws config integration * feat(#3337): Add regions tests for aws config integration * feat(#3337): Add discard_regex tests for aws config integration * feat(#3337): Add only_logs_after tier_1 tests for aws config integration * feat(#3337): Use non padaded month format * feat(#3337): Use join in path builds * feat(#3337): Improve message for check_non_processed_logs_from_output * fix(#3337): Add minor fixes * feat(#3338): ALB, CLB and NLB integration tests (#3711) * feat(#3338): Add basic test for aws ALB integration * feat(#3338): Add remove_from_bucket test for aws ALB integration * feat(#3338): Add schema for ALB table * feat(#3338): Add only_logs_after tests for aws ALB integration * feat(#3338): Add path tests for aws ALB integration * feat(#3338): Add regions tests for aws ALB integration * feat(#3338): Add regions discard_regex for aws ALB integration * feat(#3338): Add regions only_logs_after tier 1 for aws ALB integration * feat(#3338): Improve upload_and_delete_file_to_s3 fixture * feat(#3338): Skip remove_from_bucket test case for ALB * feat(#3338): Add basic test for aws CLB integration * feat(#3338): Add remove_from_bucket test for aws CLB integration * feat(#3338): Add only_logs_after tests for aws CLB integration * feat(#3338): Add path tests for aws CLB integration * feat(#3338): Add regions only_logs_after tier 1 for aws CLB integration * feat(#3338): Add regions discard_regex for aws CLB integration * feat(#3338): Add only_logs_after tier 1 for aws CLB integration * feat(#3338): Skip remove_from_bucket test case for CLB * feat(#3338): Add basic test for aws NLB integration * feat(#3338): Add remove_from_bucket test for aws NLB integration * feat(#3338): Add only_logs_after tests for aws NLB integration * feat(#3338): Add path tests for aws NLB integration * feat(#3338): Add regions tests for aws NLB integration * feat(#3338): Add only_logs_after tier 1 for aws NLB integration * style(#3335): Fix linter issues * feat(#3338): Move skip function to a fixture * feat(#3338): Use join in path builds * feat(#3338): Improve docstrings * feat(#3338): Increase timeout to avoid random failures * refactor(#3338): Use utcnow() instead of now() and typos * refactor(#3338): Apply changes from CR * feat(#3339): KMS integration tests (#3715) * feat(#3339): Add basic test for aws KMS integration * feat(#3339): Add data generator for KMS type * feat(#3339): Add remove_from_bucket test for aws KMS integration * feat(#3339): Add schema for custom table * feat(#3339): Add only_logs_after tests for aws KMS integration * feat(#3339): Add path tests for aws KMS integration * feat(#3339): Add discard_regex tests for aws KMS integration * feat(#3339): Adapt only_logs_after tier 1 test to custom types * feat(#3339): Add only_logs_after tier 1 for aws KMS integration * feat(#3339): Use join in path builds * feat(#3339): Improve skipped logs count in tier 1 test * feat(#3339): Add missing docstring * style(#3339): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * refactor(#3339): Use utcnow() instead of now() and typos * fix(#3339): Apply suggestions from code review Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * feat(#3340): Macie integration tests (#3734) * feat(#3340): Add basic test for aws Macie integration * feat(#3336): Add data generator for vpcflow type * feat(#3340): Add remove_from_bucket test for aws Macie integration * feat(#3340): Add only_logs_after tests for aws Macie integration * feat(#3340): Add path tests for aws Macie integration * feat(#3340): Add discard_regex tests for aws Macie integration * feat(#3340): Add only_logs_after tier 1 for aws Macie integration * feat(#3340): Use join in path builds * fix(#3340): Fix typo * fix(#3340): Remove unused arguments * style(#3340): Apply suggestions from code review Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> --------- Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> * fix(#3333): Improve test condition * feat(#3341): Trusted Advisor integration tests (#3736) * feat(#3341): Add basic test for aws Trusted Advisor integration * feat(#3339): Add data generator for KMS type * feat(#3341): Add remove_from_bucket test * feat(#3341): Add only_logs_after tests for aws Trusted Advisor integration * feat(#3341): Add path tests for aws Trusted Advisor integration * feat(#3341): Add discard_regex tests for aws Trusted Advisor integration * feat(#3341): Add only_logs_after tier 1 for aws Trusted Advisor integration * feat(#3342): GuardDuty integration tests (#3762) * feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings * fix(#3333): Improve some test findings * feat(#3343): WAF integration tests (#3763) * feat(#3343): Add basic test for aws WAF integration * feat(#3343): Add data generator for WAF type * feat(#3343): Add remove_from_bucket test for aws WAF integration * feat(#3343): Add schema for WAF table * feat(#3343): Add only_logs_after tests for aws WAF integration * feat(#3343): Add path tests for aws WAF integration * feat(#3343): Add discard_regex tests for aws WAF integration * feat(#3343): Add only_logs_after tier 1 for aws WAF integration * style(#3343): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * refactor(#3343): Improve discard_regex test findings --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * feat(#3344): Server Access integration tests (#3771) * feat(#3344): Add basic test for aws server access integration * feat(#3344): Add data generator for Server Access type * feat(#3344): Add remove_from_bucket test for aws SA integration * feat(#3344): Add schema for ServerAccess table * feat(#3344): Add only_logs_after tests for aws SA integration * feat(#3344): Add path tests for aws SA integration * feat(#3344): Add discard_regex tests for aws FA integration * feat(#3344): Add only_logs_after tier 1 for aws SA integration * feat(#3344): Use table_name instead of bucket_type * style(#3344): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * feat(#3345): Add basic test for aws inspector integration * feat(#3345): Add only_logs_after tests for aws Inspector integration * feat(#3345): Add only_logs_after tier 1 for Inspector integration * refactor(#3345): Minor fixes * style(#3345): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * style(#3345): Apply suggestions from code review Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> * feat(#3346): CloudWatch integration tests (#3857) * feat(#3346): Add basic test for aws cloudwatch integration * feat(#3346): Rename basic test for buckets integration * feat(#3346): Add tools for cloudwatch integration * feat(#3346): Add remove_log_streams test for aws cloudwatch integration * feat(#3346): Add utils for cloudwatch tests * feat(#3346): Add fixtures for cloudwatch tests * feat(#3346): Add only_logs_after tests for aws CloudWatch integration * feat(#3346): Rename only_logs_after tests for buckets integration * feat(#3346): Add regions tests for aws CloudWatch integration * feat(#3346): Rename regions tests for buckets integration * feat(#3346): Add log_groups tests for aws CloudWatch integration * feat(#3346): Add only_logs_after tier 1 for aws CloudWatch integration * feat(#3346): Rename tier 1 tests for buckets integration * refactor(#3346): Minor fixes * style(#3346): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * style(#3346): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * feat(#3347): Umbrella integration tests (#3796) * feat(#3347): Add basic test for aws umbrella integration * feat(#3347): Add data generator for Umbrella type * feat(#3347): Add remove_from_bucket test for aws Umbrella integration * feat(#3347): Add schema for Umbrella table * feat(#3347): Add only_logs_after tests for aws Umbrella integration * feat(#3347): Add path tests for aws Umbrella integration * feat(#3347): Add discard_regex tests for aws Umbrella integration * feat(#3347): Add only_logs_after tier 1 for aws Umbrella integration * style(#3347): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3347): Fix discard_regex test findings --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3333): Add missing PATH with empty value * feat(#3581): Parser integration tests (#3882) * feat(#3581): Add tests for mandatory missing params * feat(#3581): Add tests for empty values * feat(#3581): Add tests for invalid values * feat(#3581): Add tests for multiple bucket and service tags * style(#3581): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * style(#3581): Apply suggestions from code review Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3333): Adjust some tests values * fix(#3333): Fix cloudwatchlogs_log_groups_with_data test * fix(#3333): Adjust cisco_umbrella_only_logs_after_multiple_calls values * fix(#3333): Normalize tier1 tests for all bucket integrations * feat(#3348): AWS integration tests readme (#3892) * docs(#3348): Add AWS integration tests README * docs(#3348): Add referece to AWS tests * refactor(#3348): Improve explanation about credentials Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> --------- Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> * fix(#3333): Adjust inexistent_region test for services * fix(#3333): Adjust parser tests * fix(#3333): Change message to search for services region tests * fix(#3333): Marked inspector tier 1 test as xfail * fix(#3333): Splitted inspector and cloudwatch logs * fix(#3333): Timeouts adjustments * fix(#3333): Fixed tests cases for cloudwatch tier 1 tests * fix(#3333): Fixed linter issues * docs(#3333): Added changelog * fix(#3333): Fixed order and format * fix(#3333): Moved constants to __init__.py * fix(#3333): Replaced wazuh_log_monitor with file_monitoring * fix(#3333): Moved constants to wazuh_testing/__init__.py * fix(#3333): Moved constants to test_aws/__init__.py * fix(#3333): Improved docstring * fix(#3333): Moved exception to new file * fix(#3333): Improved fixtures and removed unused ones * fix(#3333): Fixed quotation marks * fix(#3333): Removed type hints * fix(#3339): Apply suggestions from code review Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> * fix(#3333): Install boto3 only in linux * fix(#3339): Apply suggestions from code review Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> * fix(#3333): Moved constants --------- Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> * merge(#4135)!: merge 4.4 into 4.5 * fix(3862): fix test_assign_agent_group_with_enrollment * fix(#3862): delete default group check * feat(#3862): update changelog * refactor(#3862): add expected logs * fix(#4047): fix duplicated slash in API endpoint (#4048) * refactor: update changelog * refactor: bump version to 4.3.10 * refactor: update changelog --------- Co-authored-by: jmv74211 <jmv74211@gmail.com> * feat: update changelog for 4.4.1 tag (#4084) * fix(#4079): fix unstable system tests * fix(#4079): test active response log format * fix(#4079): remove log monitor to avoid race condition * fix(#4079): internal option fixture call * fix(#4079): enrollment cluster log path typo * docs(#4070): include missing tests in README * feat(#4079): include marks to system tests * docs(#4070): update changelog * docs(#4079): restore deleted commentary * docs(#4079): move pr changes to fixed category * fix(#3942): fix agentd IT for python310 * fix(#3942): include simulator teardown * style(#3943): pep8 * docs(#3942): include 3973 changelog * docs(#3942): move pr changes to fixed category * refactor(#3942): remove unnecessary scopes * docs(#3942): change changelog pr entry * docs(#3942): move change to 4.4.2 * docs(#3942): include teardown documentation * feat(#3912): add tests for groups deletion * feat(#3912): add function to get group id * feat(#3912): add test for group deletion * feat(#3912): add test cases * fix(#3912): fix linter errors * feat(#3912): update changelog * fix(#3912): fix typo * docs(#3912): improve description * fix(#3912): change import * docs(#3912): improve documentation * fix(#3912): delete created group during tear down * docs(#3912): add documentation * refactor(#3912)!: change delete function and test cases * refactor(#3912): change affected tests * feat(#3912): store binary path * docs(#3912): add function documentation * fix(#3912): update changelog * feat(#4089): bump version to 4.4.2 * feat(#4089): bump version to 4.4.2 * refactor(#4089): change revision * feat(#3545): add test to check the syscollector configuration * feat(#3545): add test to check the syscollector configuration. * fix(#3545): fix errors when running tests in agents. * fix(#3545): modify the way the test restarts deamons. * fix(#3545): fix syscollector DB path in Windows. * fix(#3545): fix syscollector db path variable name. * fix(#3545): fix globalDB error due to execution in agent. * style(#3545): fix linter errors. * docs(#3545): add PR to changelog. * fix(#3545): fix some errors present in Windows tests. * fix(#3545): fix file monitor declaration. * fix(#3545): fix all_scans_disabled test. * refactor(#3545): change the timeout of filemonitor. * fix(#3545): fix macOS tests. * refactor(#3545): add mark to run the test on unix only. * fix(#3545): fix Windows tests. * docs(#3545): mark test as xfail because of an existing bug. * fix(#3545): remove the mark from unix tests. * fix(#3545): reuse an existing function and remove the utilized. * style(#3545): apply identation. * fix(#3545): fix naming and used functions. * fix(#3545): move fixture to integration conftest. * fix(#3545): improve a function name. * refactor(#3545): add new case, disable unused modules and minor changes. * fix(#3545): fix prefix. * fix(#3545): fix metadata because NoneType error. * fix(#3545): fix event monitor and truncate function. * refactor(#3545): remove the max_eps empty test case. It is not a critical field, so it will not thrown an error when empty. * fix(#3545): solve the log position problem when searching a message. * fix(#3545): apply linter corrections. * fix(#3545): fix the test configuration data. * fix(#3545): remove unused import and docs changed. * fix(#3545): change way of importing and minor changes. * fix(#3545): use param depending on the platform. * refactor(#3545): remove unused fixture and change callback. * fix(#3545): change the default argument for prefix. * style(#3545): add spaces for better visualization. * refactor(#3545): improve docs and change some logic. * docs(#3545): add comments and new documentation. * fix(#3545): fix NoneType error. * docs(#3545): fix changelog. * docs(#3545): add docs for file_to_monitor param. Improve existing docs. * refactor(#3545): remove duplicated function and improve documentation * fix(#3545): remove unused imports and sort the remaining ones. * docs(#3545): add docs to wrapped fixture. * fix(#3545): remove xfail mark and add note to mark. * docs(#3545): remove duplicated line. * style(#3545): sort imports according the guidelines. * docs(#3545): move change to 4.4.2 section in CHANGELOG. * fix(#4111): fix WazuhDB IT * fix(#4111): make_callback function * fix(#4111): typo in set agent groups tcases * fix(#4111): stop agent simulator after test end * docs(#4111): update changelog * fix(#4123): fix gcloud tests * fix(#4123): fix daemons_handler fixture. * fix(#4123): remove some analysisd on test_gcloud * fix(#4123): change test_logging fixtures to module * fix(#4123): start analysisd in test max messages * docs(#4123): add fix to CHANGELOG. --------- Co-authored-by: jnasselle <jnasselle@gmail.com> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> * feat(#4135): update changelog * refactor(#4137): change when the check is executed * refactor(#4137): change when the check is executed * fix(#4137): revert draft condition --------- Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: jmv74211 <jmv74211@gmail.com> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> Co-authored-by: Mauro Agustín Malara Zapata <39094716+mauromalara@users.noreply.github.com> Co-authored-by: jnasselle <jnasselle@gmail.com> --------- Co-authored-by: Kevin Ledesma <kevin.ledesma@wazuh.com> Co-authored-by: Belén Valdivia <belen.valdivia@wazuh.com> Co-authored-by: Tomás Turina <tomas.turina@wazuh.com> Co-authored-by: Kevin Ledesma <44633633+QU3B1M@users.noreply.github.com> Co-authored-by: Bryce Shurts <89558443+S-Bryce@users.noreply.github.com> Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com> Co-authored-by: jmv74211 <jmv74211@gmail.com> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> Co-authored-by: Mauro Agustín Malara Zapata <39094716+mauromalara@users.noreply.github.com> Co-authored-by: Andrés Carmelo Micalizzi Casali <amicalizzi2005@gmail.com> Co-authored-by: Nico Stefani <nicolas.stefi@wazuh.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> Co-authored-by: jnasselle <jnasselle@gmail.com>
* feat(#3342): Add basic test for aws GuardDuty integration * feat(#3342): Add remove_from_bucket test for aws Guard Duty integration * feat(#3342): Add schema for GuardDuty table * feat(#3342): Add only_logs_after tests for aws GuardDuty integration * feat(#3342): Add path tests for aws GuardDuty integration * feat(#3342): Add discard_regex tests for aws GuardDuty integration * feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration * fix(#3342): Adjust the number of found logs * feat(#3342): Add missing docstring * feat(#3342): Add data generator for Native GD * feat(#3342): Add test cases for Native GuardDuty * refactor(#3342): Improve tier 1 test findings
Description
This PR adds tests for AWS GuardDuty integration
Added
Tier 0
remove_from_bucket
parameter testsonly_logs_after
parameter testspath
parameter testsdiscard_regex
parameter testsTier 1
only_logs_after
parameter testsTesting performed
tests/integration/test_aws
Tier 0 results
Tier 1 results
Footnotes
Because the module is not showing the message about no logs to process, the tier 1 test
guardduty_only_logs_after_multiple_calls
is falling. This should be fixed in his respective issue. ↩Because the module is not showing the correct message about the marker, the tier 1 test
native_guardduty_only_logs_after_multiple_calls
is falling. This should be fixed in his respective issue. ↩