Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GuardDuty integration tests #3762

Merged

Conversation

nico-stefani
Copy link
Member

@nico-stefani nico-stefani commented Jan 16, 2023

Related issue
#3342

Description

This PR adds tests for AWS GuardDuty integration

Added

Tier 0

  • Default configuration tests
  • remove_from_bucket parameter tests
  • only_logs_after parameter tests
  • path parameter tests
  • discard_regex parameter tests

Tier 1

  • only_logs_after parameter tests

Testing performed

Tester Test path Jenkins Local OS Commit Notes
@nico-stefani (Developer) tests/integration/test_aws ⚫⚫⚫ 🟢 🔴 Ubuntu 22.04 12
@Reviewer (Reviewer) ⚫⚫⚫ Nothing to highlight

Tier 0 results

root@ubuntu-jammy:/home/vagrant/qa/tests/integration/test_aws# pytest -k 'guardduty' --tier 0
============================= test session starts ==============================
platform linux -- Python 3.10.6, pytest-7.1.2, pluggy-1.0.0
rootdir: /home/vagrant/qa/tests/integration, configfile: pytest.ini
plugins: metadata-2.0.2, html-3.1.1, testinfra-5.0.0
collected 33 items / 17 deselected / 16 selected

test_basic.py ..                                                         [ 12%]
test_discard_regex.py ..                                                 [ 25%]
test_only_logs_after.py ....                                             [ 50%]
test_path.py ......                                                      [ 87%]
test_remove_from_bucket.py ..                                            [100%]

=============================== warnings summary ===============================
../../../../../../usr/local/lib/python3.10/dist-packages/_pytest/cacheprovider.py:433
  /usr/local/lib/python3.10/dist-packages/_pytest/cacheprovider.py:433: PytestCacheWarning: cache could not write path /home/vagrant/qa/tests/integration/.pytest_cache/v/cache/nodeids
    config.cache.set("cache/nodeids", sorted(self.cached_nodeids))

../../../../../../usr/local/lib/python3.10/dist-packages/_pytest/stepwise.py:52
  /usr/local/lib/python3.10/dist-packages/_pytest/stepwise.py:52: PytestCacheWarning: cache could not write path /home/vagrant/qa/tests/integration/.pytest_cache/v/cache/stepwise
    session.config.cache.set(STEPWISE_CACHE_DIR, [])

-- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
========== 16 passed, 17 deselected, 2 warnings in 333.61s (0:05:33) ===========

Tier 1 results

============================= test session starts ==============================
platform linux -- Python 3.10.6, pytest-7.1.2, pluggy-1.0.0
rootdir: /home/vagrant/qa/tests/integration, configfile: pytest.ini
plugins: metadata-2.0.2, html-3.1.1, testinfra-5.0.0
collected 33 items / 31 deselected / 2 selected

test_only_logs_after.py FF                                               [100%]

=================================== FAILURES ===================================
________ test_multiple_calls[guardduty_only_logs_after_multiple_calls] _________
------------------------------ Captured log call -------------------------------
DEBUG    wazuh_testing:cli_utils.py:23 Calling AWS module with: '[PosixPath('/var/ossec/wodles/aws/aws-s3'), '--bucket', 'wazuh-guardduty-integration-tests', '--type', 'guardduty', '--regions', 'us-east-1', '--aws_profile', 'qa', '--debug', '2']'
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Debug mode on - Level: 2
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Table does not exist; create
DEBUG    wazuh_testing:cli_utils.py:52 The functionality to process GuardDuty logs stored in S3 via Kinesis was deprecated in 4.5. Consider configuring GuardDuty to store its findings directly in an S3 bucket instead. Check https://documentation.wazuh.com/current/amazon/services/supported-services/guardduty.html for more information. 
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Marker: 2023/02/02
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ DB Maintenance
ERROR    wazuh_testing:cli_utils.py:62 Some logs may were processed
ERROR    wazuh_testing:cli_utils.py:63 Results found: 0
ERROR    wazuh_testing:cli_utils.py:64 Results expected: 1
_____ test_multiple_calls[native_guardduty_only_logs_after_multiple_calls] _____
------------------------------ Captured log call -------------------------------
DEBUG    wazuh_testing:cli_utils.py:23 Calling AWS module with: '[PosixPath('/var/ossec/wodles/aws/aws-s3'), '--bucket', 'wazuh-native-guardduty-integration-tests', '--type', 'guardduty', '--regions', 'us-east-1', '--aws_profile', 'qa', '--debug', '2']'
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Debug mode on - Level: 2
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Table does not exist; create
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Working on 819751203818 - us-east-1
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Marker: AWSLogs/819751203818/GuardDuty/us-east-1/2023/02/02
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ No logs to process in bucket: 819751203818/us-east-1
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ DB Maintenance
DEBUG    wazuh_testing:cli_utils.py:23 Calling AWS module with: '[PosixPath('/var/ossec/wodles/aws/aws-s3'), '--bucket', 'wazuh-native-guardduty-integration-tests', '--type', 'guardduty', '--regions', 'us-east-1', '--aws_profile', 'qa', '--debug', '2', '--only_logs_after', '2022-NOV-20']'
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Debug mode on - Level: 2
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Working on 819751203818 - us-east-1
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Marker: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/20
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Found new log: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/21/ukkce94f-eb7e-4f45-b324-834a0d0cas43.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Found new log: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/23/465ce94f-eb7e-4f45-b324-834a0d0cas43.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Found new log: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/26/987ce94f-eb7e-4f45-b324-834a0d0ccd08.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ DB Maintenance
DEBUG    wazuh_testing:cli_utils.py:23 Calling AWS module with: '[PosixPath('/var/ossec/wodles/aws/aws-s3'), '--bucket', 'wazuh-native-guardduty-integration-tests', '--type', 'guardduty', '--regions', 'us-east-1', '--aws_profile', 'qa', '--debug', '2', '--only_logs_after', '2022-NOV-20']'
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Debug mode on - Level: 2
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Working on 819751203818 - us-east-1
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Marker: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/20
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Skipping previously processed file: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/21/ukkce94f-eb7e-4f45-b324-834a0d0cas43.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Skipping previously processed file: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/23/465ce94f-eb7e-4f45-b324-834a0d0cas43.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Skipping previously processed file: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/26/987ce94f-eb7e-4f45-b324-834a0d0ccd08.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ DB Maintenance
DEBUG    wazuh_testing:cli_utils.py:23 Calling AWS module with: '[PosixPath('/var/ossec/wodles/aws/aws-s3'), '--bucket', 'wazuh-native-guardduty-integration-tests', '--type', 'guardduty', '--regions', 'us-east-1', '--aws_profile', 'qa', '--debug', '2', '--only_logs_after', '2022-NOV-22']'
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Debug mode on - Level: 2
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Working on 819751203818 - us-east-1
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Marker: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/22
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Skipping previously processed file: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/23/465ce94f-eb7e-4f45-b324-834a0d0cas43.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Skipping previously processed file: AWSLogs/819751203818/GuardDuty/us-east-1/2022/11/26/987ce94f-eb7e-4f45-b324-834a0d0ccd08.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ DB Maintenance
DEBUG    wazuh_testing:cli_utils.py:23 Calling AWS module with: '[PosixPath('/var/ossec/wodles/aws/aws-s3'), '--bucket', 'wazuh-native-guardduty-integration-tests', '--type', 'guardduty', '--regions', 'us-east-1', '--aws_profile', 'qa', '--debug', '2']'
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Debug mode on - Level: 2
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: Generating default configuration for retries: mode standard - max_attempts 10
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Working on 819751203818 - us-east-1
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ Marker: AWSLogs/819751203818/GuardDuty/us-east-1/2023/02/02
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: ++ Found new log: AWSLogs/819751203818/GuardDuty/us-east-1/2023/02/02/dcf07e79-60ab-4e93-a3ca-e4a5a9eda2e9.jsonl.gz
DEBUG    wazuh_testing:cli_utils.py:52 DEBUG: +++ DB Maintenance
ERROR    wazuh_testing:cli_utils.py:62 The AWS module did not use the correct marker
ERROR    wazuh_testing:cli_utils.py:63 Results found: 0
ERROR    wazuh_testing:cli_utils.py:64 Results expected: 1
=========================== short test summary info ============================
FAILED test_only_logs_after.py::test_multiple_calls[guardduty_only_logs_after_multiple_calls]
FAILED test_only_logs_after.py::test_multiple_calls[native_guardduty_only_logs_after_multiple_calls]
================ 2 failed, 31 deselected, 3 warnings in 55.90s =================

Footnotes

  1. Because the module is not showing the message about no logs to process, the tier 1 test guardduty_only_logs_after_multiple_calls is falling. This should be fixed in his respective issue.

  2. Because the module is not showing the correct message about the marker, the tier 1 test native_guardduty_only_logs_after_multiple_calls is falling. This should be fixed in his respective issue.

@nico-stefani nico-stefani self-assigned this Jan 16, 2023
@nico-stefani nico-stefani linked an issue Jan 16, 2023 that may be closed by this pull request
@fdalmaup fdalmaup self-requested a review January 31, 2023 13:41
Copy link
Member

@fdalmaup fdalmaup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Tier 0 test test_discard_regex[guardduty_discard_regex] fails with the following error message:

root@ubuntu-focal:/home/vagrant/wazuh-qa/tests/integration/test_aws# pytest -k 'guardduty' --tier 0
====================================================================== test session starts ======================================================================
platform linux -- Python 3.8.10, pytest-5.0.0, py-1.11.0, pluggy-0.13.1
rootdir: /home/vagrant/wazuh-qa/tests/integration, inifile: pytest.ini
plugins: html-2.0.1, metadata-2.0.4, testinfra-5.0.0
collected 24 items / 16 deselected / 8 selected                                                                                                                 

test_basic.py .                                                                                                                                           [ 12%]
test_discard_regex.py F                                                                                                                                   [ 25%]
test_only_logs_after.py ..                                                                                                                                [ 50%]
test_path.py ...                                                                                                                                          [ 87%]
test_remove_from_bucket.py .                                                                                                                              [100%]

=========================================================================== FAILURES ============================================================================
__________________________________________________________ test_discard_regex[guardduty_discard_regex] __________________________________________________________

configuration = {'metadata': {'bucket_name': 'wazuh-guardduty-integration-tests', 'bucket_type': 'guardduty', 'description': 'GuardDut...elements': [{'disabled': {'value': 'no'}}, {'bucket': {'attributes': [...], 'elements': [...]}}], 'section': 'wodle'}]}
metadata = {'bucket_name': 'wazuh-guardduty-integration-tests', 'bucket_type': 'guardduty', 'description': 'GuardDuty discard regex configurations', 'discard_field': 'partition', ...}
load_wazuh_basic_configuration = None, set_wazuh_configuration = None, clean_s3_cloudtrail_db = None, configure_local_internal_options_function = None
truncate_monitored_files = None, restart_wazuh_function = None, wazuh_log_monitor = <wazuh_testing.tools.monitoring.FileMonitor object at 0x7f20a644b5e0>

    @pytest.mark.tier(level=0)
    @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=case_ids)
    def test_discard_regex(
        configuration, metadata, load_wazuh_basic_configuration, set_wazuh_configuration, clean_s3_cloudtrail_db,
        configure_local_internal_options_function, truncate_monitored_files, restart_wazuh_function, wazuh_log_monitor,
    ):
        """
        description: Fetch logs excluding the ones that match with the regex.
        test_phases:
            - setup:
                - Load Wazuh light configuration.
                - Apply ossec.conf configuration changes according to the configuration template and use case.
                - Apply custom settings in local_internal_options.conf.
                - Truncate wazuh logs.
                - Restart wazuh-manager service to apply configuration changes.
            - test:
                - Check in the ossec.log that a line has appeared calling the module with correct parameters.
                - Check the expected number of events were forwarded to analysisd, only logs stored in the bucket and skips
                  the ones that match with regex.
                - Check the database was created and updated accordingly.
            - teardown:
                - Truncate wazuh logs.
                - Restore initial configuration, both ossec.conf and local_internal_options.conf.
                - Delete the uploaded file
        wazuh_min_version: 4.5.0
        parameters:
            - configuration:
                type: dict
                brief: Get configurations from the module.
            - metadata:
                type: dict
                brief: Get metadata from the module.
            - load_wazuh_basic_configuration:
                type: fixture
                brief: Load basic wazuh configuration.
            - set_wazuh_configuration:
                type: fixture
                brief: Apply changes to the ossec.conf configuration.
            - clean_s3_cloudtrail_db:
                type: fixture
                brief: Delete the DB file before and after the test execution.
            - configure_local_internal_options_function:
                type: fixture
                brief: Apply changes to the local_internal_options.conf configuration.
            - truncate_monitored_files:
                type: fixture
                brief: Truncate wazuh logs.
            - restart_wazuh_daemon_function:
                type: fixture
                brief: Restart the wazuh service.
            - wazuh_log_monitor:
                type: fixture
                brief: Return a `ossec.log` monitor.
        assertions:
            - Check in the log that the module was called with correct parameters.
            - Check the expected number of events were forwarded to analysisd.
            - Check the database was created and updated accordingly.
        input_description:
            - The `configuration_discard_regex` file provides the module configuration for this test.
            - The `cases_discard_regex` file provides the test cases.
        """
        bucket_name = metadata['bucket_name']
        bucket_type = metadata['bucket_type']
        only_logs_after = metadata['only_logs_after']
        discard_field = metadata['discard_field']
        discard_regex = metadata['discard_regex']
        found_logs = metadata['found_logs']
        skipped_logs = metadata['skipped_logs']
    
        pattern = fr'.*The "{discard_regex}" regex found a match in the "{discard_field}" field. The event will be skipped.'
    
        parameters = [
            'wodles/aws/aws-s3',
            '--bucket', bucket_name,
            '--aws_profile', 'qa',
            '--only_logs_after', only_logs_after,
            '--discard-field', discard_field,
            '--discard-regex', discard_regex,
            '--type', bucket_type,
            '--debug', '2'
        ]
    
        # Check AWS module started
        wazuh_log_monitor.start(
            timeout=global_parameters.default_timeout,
            callback=event_monitor.callback_detect_aws_module_start,
            error_message='The AWS module did not start as expected',
        ).result()
    
        # Check command was called correctly
        wazuh_log_monitor.start(
            timeout=global_parameters.default_timeout,
            callback=event_monitor.callback_detect_aws_module_called(parameters),
            error_message='The AWS module was not called with the correct parameters',
        ).result()
    
>       wazuh_log_monitor.start(
            timeout=T_20,
            callback=event_monitor.callback_detect_event_processed_or_skipped(pattern),
            error_message=(
                'The AWS module did not show correct message about discard regex or ',
                'did not process the expected amout of logs'
            ),
            accum_results=found_logs + skipped_logs
        ).result()

test_discard_regex.py:130: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/usr/local/lib/python3.8/dist-packages/wazuh_testing/tools/monitoring.py:201: in start
    self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7f20a644b670>, timeout = 20
callback = <function callback_detect_event_processed_or_skipped.<locals>.<lambda> at 0x7f20a644edc0>, accum_results = 6, update_position = True
timeout_extra = 0, error_message = ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')

    def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
              error_message=''):
        """Start the queue monitoring until the stop method is called."""
        if not self._continue:
            self._continue = True
            self._abort = False
            result = None
    
            while self._continue:
                if self._abort:
                    self.stop()
                    if error_message:
                        logger.error(error_message)
                        logger.error(f"Results accumulated: "
                                     f"{len(result) if isinstance(result, list) else 0}")
                        logger.error(f"Results expected: {accum_results}")
>                   raise TimeoutError(error_message)
E                   TimeoutError: ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')

/usr/local/lib/python3.8/dist-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
--------------------------------------------------------------------- Captured stderr setup ---------------------------------------------------------------------
2023-01-31 13:56:49,269 - wazuh_testing - DEBUG - Set local_internal_option to {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0'}
---------------------------------------------------------------------- Captured log setup -----------------------------------------------------------------------
DEBUG    wazuh_testing:conftest.py:619 Set local_internal_option to {'wazuh_modules.debug': '2', 'monitord.rotate_log': '0'}
--------------------------------------------------------------------- Captured stderr call ----------------------------------------------------------------------
2023-01-31 13:57:23,337 - wazuh_testing - ERROR - ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')
2023-01-31 13:57:23,337 - wazuh_testing - ERROR - Results accumulated: 4
2023-01-31 13:57:23,337 - wazuh_testing - ERROR - Results expected: 6
----------------------------------------------------------------------- Captured log call -----------------------------------------------------------------------
ERROR    wazuh_testing:monitoring.py:465 ('The AWS module did not show correct message about discard regex or ', 'did not process the expected amout of logs')
ERROR    wazuh_testing:monitoring.py:466 Results accumulated: 4
ERROR    wazuh_testing:monitoring.py:468 Results expected: 6
------------------------------------------------------------------- Captured stderr teardown --------------------------------------------------------------------
2023-01-31 13:57:26,520 - wazuh_testing - DEBUG - Restore local_internal_option to {'syscheck.debug': '2\n', 'monitord.rotate_log': '0\n'}
--------------------------------------------------------------------- Captured log teardown ---------------------------------------------------------------------
DEBUG    wazuh_testing:conftest.py:624 Restore local_internal_option to {'syscheck.debug': '2\n', 'monitord.rotate_log': '0\n'}
====================================================== 1 failed, 7 passed, 16 deselected in 186.87 seconds ======================================================

Additionally, the data generated for the testing corresponds to the deprecated implementation of AWSGuardDuty (since wazuh/wazuh#15226). The tests should also address cases where native GuardDuty logs are used.

@nico-stefani nico-stefani force-pushed the 3342-guardduty-integration-tests branch from 4dfaa6b to e7532b4 Compare February 2, 2023 17:42
@nico-stefani
Copy link
Member Author

The Tier 0 test test_discard_regex[guardduty_discard_regex] fails with the following error message:

Additionally, the data generated for the testing corresponds to the deprecated implementation of AWSGuardDuty (since wazuh/wazuh#15226). The tests should also address cases where native GuardDuty logs are used.

The native test cases were added in cf8b22d.
Also the test guardduty_discard_regex was fixed in 85f86e3.

@nico-stefani nico-stefani requested a review from fdalmaup February 2, 2023 19:02
Copy link
Member

@fdalmaup fdalmaup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@nico-stefani nico-stefani force-pushed the 3342-guardduty-integration-tests branch from 560b62a to 9db848b Compare February 7, 2023 20:47
@nico-stefani nico-stefani force-pushed the 3342-guardduty-integration-tests branch from 9db848b to d4e488e Compare February 16, 2023 17:19
@davidjiglesias davidjiglesias merged commit f16564f into 3333-aws-integration-tests Feb 16, 2023
@davidjiglesias davidjiglesias deleted the 3342-guardduty-integration-tests branch February 16, 2023 17:36
nico-stefani added a commit that referenced this pull request Feb 23, 2023
* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings
nico-stefani added a commit that referenced this pull request Mar 13, 2023
* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings
nico-stefani added a commit that referenced this pull request Mar 13, 2023
* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings
nico-stefani added a commit that referenced this pull request Apr 18, 2023
* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings
nico-stefani added a commit that referenced this pull request Apr 26, 2023
* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings
juliamagan added a commit that referenced this pull request Apr 28, 2023
* feat(#3333): Add basic structure for AWS tests

* feat(#3335): Cloudtrail integration tests (#3624)

* feat(#3335): add basic test for aws cloudtrail module

* feat(#3335): add utils for handle files in S3 buckets

* feat(#3335): add remove_from_bucket test for aws cloudtrail module

* feat(#3335): add fixture for delete s3_cloudtrail.db

* refactor(#3335): rename modules

* refactor(#3335): change the return of upload_file function

* refactor(#3335): Fix docstring and rename constant

* refactor(#3335): improve default test catching parser and module errors

* feat(#3335): add only_logs_from test for aws cloudtrail module

* feat(#3335): add path tests for aws cloudtrail module

* feat(#3335): add path_suffix tests for aws cloudtrail module

* feat(#3335): add regions tests for aws cloudtrail module

* refactor(#3335): Move wazuh_log_monitor to a fixture

* feat(#3335): add discard_regex tests for aws cloudtrail module

* feat(#3335): add only_logs_after tier_1 test for aws cloudtrail module

* refactor(#3335): Improve name of test cases

* refactor(#3335): Improve tests assertions

* refactor(#3335): Improve tier 1 test

* refactor(#3335): Implement new design for Tier 1 test

* style(#3335): Changed the extension from .yml to .yaml

* style(#3335): Fixed linter issues

* style(#3335): Apply suggestions from code review

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>

* refactor(#3335): Add path parameter to get_db_connection

* style(#3335): Fix quotes use according to QA style

* style(#3335): Use google docstring style

* refactor(#3335): Add missing information about fixtures

* refactor(#3335): Change sqlite table name for backward compatibility

* style(#3335): Fix docstrings punctuation and capitalization

* refactor(#3335): Apply suggestions from code review

* style(#3335): Apply suggestions from code review

Fix punctuation in docstrings.

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* style(#3335): Apply suggestions from code review

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* feat(#3336): VPC integration tests (#3699)

* feat(#3336): Add basic test for aws vpc integration

* feat(#3336): Add data generator for vpcflow type

* feat(#3336): Add remove_from_bucket test for aws vpc integration

* feat(#3336): Add only_logs_after tests for aws vpc integration

* feat(#3336): Add path tests for aws vpc integration

* feat(#3336): Add path_suffix tests for aws vpc integration

* feat(#3336): Add regions tests for aws vpc integration

* feat(#3336): Add discard_regex tests for aws vpc integration

* feat(#3336): Add only_logs_after tier_1 tests for aws vpc integration

* style(#3336): Fix linter issues

* feat(#3336): Use join in path builds

* feat(#3336): Fix cloudtrail cases

* feat(#3336): Detect found and skipped logs

* feat(#3336): Improve delete_file_from_s3 fixture

* fix(#3336): Add minor fixes

---------

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* refactor(#3333): Use utcnow() instead of now()

* feat(#3337): AWS Config integration tests (#3705)

* feat(#3337): Add basic test for aws config integration

* feat(#3337): Add remove_from_bucket test for aws config integration

* feat(#3337): Add only_logs_after tests for aws config integration

* feat(#3337): Add path tests for aws config integration

* feat(#3337): Add path_suffix tests for aws config integration

* feat(#3337): Add regions tests for aws config integration

* feat(#3337): Add discard_regex tests for aws config integration

* feat(#3337): Add only_logs_after tier_1 tests for aws config integration

* feat(#3337): Use non padaded month format

* feat(#3337): Use join in path builds

* feat(#3337): Improve message for check_non_processed_logs_from_output

* fix(#3337): Add minor fixes

* feat(#3338): ALB, CLB and NLB integration tests (#3711)

* feat(#3338): Add basic test for aws ALB integration

* feat(#3338): Add remove_from_bucket test for aws ALB integration

* feat(#3338): Add schema for ALB table

* feat(#3338): Add only_logs_after tests for aws ALB integration

* feat(#3338): Add path tests for aws ALB integration

* feat(#3338): Add regions tests for aws ALB integration

* feat(#3338): Add regions discard_regex for aws ALB integration

* feat(#3338): Add regions only_logs_after tier 1 for aws ALB integration

* feat(#3338): Improve upload_and_delete_file_to_s3 fixture

* feat(#3338): Skip remove_from_bucket test case for ALB

* feat(#3338): Add basic test for aws CLB integration

* feat(#3338): Add remove_from_bucket test for aws CLB integration

* feat(#3338): Add only_logs_after tests for aws CLB integration

* feat(#3338): Add path tests for aws CLB integration

* feat(#3338): Add regions only_logs_after tier 1 for aws CLB integration

* feat(#3338): Add regions discard_regex for aws CLB integration

* feat(#3338): Add only_logs_after tier 1 for aws CLB integration

* feat(#3338): Skip remove_from_bucket test case for CLB

* feat(#3338): Add basic test for aws NLB integration

* feat(#3338): Add remove_from_bucket test for aws NLB integration

* feat(#3338): Add only_logs_after tests for aws NLB integration

* feat(#3338): Add path tests for aws NLB integration

* feat(#3338): Add regions tests for aws NLB integration

* feat(#3338): Add only_logs_after tier 1 for aws NLB integration

* style(#3335): Fix linter issues

* feat(#3338): Move skip function to a fixture

* feat(#3338): Use join in path builds

* feat(#3338): Improve docstrings

* feat(#3338): Increase timeout to avoid random failures

* refactor(#3338): Use utcnow() instead of now() and typos

* refactor(#3338): Apply changes from CR

* feat(#3339): KMS integration tests (#3715)

* feat(#3339): Add basic test for aws KMS integration

* feat(#3339): Add data generator for KMS type

* feat(#3339): Add remove_from_bucket test for aws KMS integration

* feat(#3339): Add schema for custom table

* feat(#3339): Add only_logs_after tests for aws KMS integration

* feat(#3339): Add path tests for aws KMS integration

* feat(#3339): Add discard_regex tests for aws KMS integration

* feat(#3339): Adapt only_logs_after tier 1 test to custom types

* feat(#3339): Add only_logs_after tier 1 for aws KMS integration

* feat(#3339): Use join in path builds

* feat(#3339): Improve skipped logs count in tier 1 test

* feat(#3339): Add missing docstring

* style(#3339): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* refactor(#3339): Use utcnow() instead of now() and typos

* fix(#3339): Apply suggestions from code review

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* feat(#3340): Macie integration tests (#3734)

* feat(#3340): Add basic test for aws Macie integration

* feat(#3336): Add data generator for vpcflow type

* feat(#3340): Add remove_from_bucket test for aws Macie integration

* feat(#3340): Add only_logs_after tests for aws Macie integration

* feat(#3340): Add path tests for aws Macie integration

* feat(#3340): Add discard_regex tests for aws Macie integration

* feat(#3340): Add only_logs_after tier 1 for aws Macie integration

* feat(#3340): Use join in path builds

* fix(#3340): Fix typo

* fix(#3340): Remove unused arguments

* style(#3340): Apply suggestions from code review

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

---------

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* fix(#3333): Improve test condition

* feat(#3341): Trusted Advisor integration tests (#3736)

* feat(#3341): Add basic test for aws Trusted Advisor integration

* feat(#3339): Add data generator for KMS type

* feat(#3341): Add remove_from_bucket test

* feat(#3341): Add only_logs_after tests for aws Trusted Advisor integration

* feat(#3341): Add path tests for aws Trusted Advisor integration

* feat(#3341): Add discard_regex tests for aws Trusted Advisor integration

* feat(#3341): Add only_logs_after tier 1 for aws Trusted Advisor integration

* feat(#3342): GuardDuty integration tests (#3762)

* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings

* fix(#3333): Improve some test findings

* feat(#3343): WAF integration tests (#3763)

* feat(#3343): Add basic test for aws WAF integration

* feat(#3343): Add data generator for WAF type

* feat(#3343): Add remove_from_bucket test for aws WAF integration

* feat(#3343): Add schema for WAF table

* feat(#3343): Add only_logs_after tests for aws WAF integration

* feat(#3343): Add path tests for aws WAF integration

* feat(#3343): Add discard_regex tests for aws WAF integration

* feat(#3343): Add only_logs_after tier 1 for aws WAF integration

* style(#3343): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* refactor(#3343): Improve discard_regex test findings

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* feat(#3344): Server Access integration tests (#3771)

* feat(#3344): Add basic test for aws server access integration

* feat(#3344): Add data generator for Server Access type

* feat(#3344): Add remove_from_bucket test for aws SA integration

* feat(#3344): Add schema for ServerAccess table

* feat(#3344): Add only_logs_after tests for aws SA integration

* feat(#3344): Add path tests for aws SA integration

* feat(#3344): Add discard_regex tests for aws FA integration

* feat(#3344): Add only_logs_after tier 1 for aws SA integration

* feat(#3344): Use table_name instead of bucket_type

* style(#3344): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* feat(#3345): Add basic test for aws inspector integration

* feat(#3345): Add only_logs_after tests for aws Inspector integration

* feat(#3345): Add only_logs_after tier 1 for Inspector integration

* refactor(#3345): Minor fixes

* style(#3345): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* style(#3345): Apply suggestions from code review

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>

* feat(#3346): CloudWatch integration tests (#3857)

* feat(#3346): Add basic test for aws cloudwatch integration

* feat(#3346): Rename basic test for buckets integration

* feat(#3346): Add tools for cloudwatch integration

* feat(#3346): Add remove_log_streams test for aws cloudwatch integration

* feat(#3346): Add utils for cloudwatch tests

* feat(#3346): Add fixtures for cloudwatch tests

* feat(#3346): Add only_logs_after tests for aws CloudWatch integration

* feat(#3346): Rename only_logs_after tests for buckets integration

* feat(#3346): Add regions tests for aws CloudWatch integration

* feat(#3346): Rename regions tests for buckets integration

* feat(#3346): Add log_groups tests for aws CloudWatch integration

* feat(#3346): Add only_logs_after tier 1 for aws CloudWatch integration

* feat(#3346): Rename tier 1 tests for buckets integration

* refactor(#3346): Minor fixes

* style(#3346): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* style(#3346): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* feat(#3347): Umbrella integration tests (#3796)

* feat(#3347): Add basic test for aws umbrella integration

* feat(#3347): Add data generator for Umbrella type

* feat(#3347): Add remove_from_bucket test for aws Umbrella integration

* feat(#3347): Add schema for Umbrella table

* feat(#3347): Add only_logs_after tests for aws Umbrella integration

* feat(#3347): Add path tests for aws Umbrella integration

* feat(#3347): Add discard_regex tests for aws Umbrella integration

* feat(#3347): Add only_logs_after tier 1 for aws Umbrella integration

* style(#3347): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3347): Fix discard_regex test findings

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3333): Add missing PATH with empty value

* feat(#3581): Parser integration tests (#3882)

* feat(#3581): Add tests for mandatory missing params

* feat(#3581): Add tests for empty values

* feat(#3581): Add tests for invalid values

* feat(#3581): Add tests for multiple bucket and service tags

* style(#3581): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* style(#3581): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3333): Adjust some tests values

* fix(#3333): Fix cloudwatchlogs_log_groups_with_data test

* fix(#3333): Adjust cisco_umbrella_only_logs_after_multiple_calls values

* fix(#3333): Normalize tier1 tests for all bucket integrations

* feat(#3348): AWS integration tests readme (#3892)

* docs(#3348): Add AWS integration tests README

* docs(#3348): Add referece to AWS tests

* refactor(#3348): Improve explanation about credentials

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3333): Adjust inexistent_region test for services

* fix(#3333): Adjust parser tests

* fix(#3333): Change message to search for services region tests

* fix(#3333): Marked inspector tier 1 test as xfail

* fix(#3333): Splitted inspector and cloudwatch logs

* fix(#3333): Timeouts adjustments

* fix(#3333): Fixed tests cases for cloudwatch tier 1 tests

* fix(#3333): Fixed linter issues

* docs(#3333): Added changelog

* fix(#3333): Fixed order and format

* fix(#3333): Moved constants to __init__.py

* fix(#3333): Replaced wazuh_log_monitor with file_monitoring

* fix(#3333): Moved constants to wazuh_testing/__init__.py

* fix(#3333): Moved constants to test_aws/__init__.py

* fix(#3333): Improved docstring

* fix(#3333): Moved exception to new file

* fix(#3333): Improved fixtures and removed unused ones

* fix(#3333): Fixed quotation marks

* fix(#3333): Removed type hints

* fix(#3339): Apply suggestions from code review

Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>

* fix(#3333): Install boto3 only in linux

* fix(#3339): Apply suggestions from code review

Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>

* fix(#3333): Moved constants

---------

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>
Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>
juliamagan added a commit that referenced this pull request May 2, 2023
* fix(#3328): update auth messages to new payload

* fix(#4022): replace Popen() with call() ensuring process killing

* feat(#4022): adapt enrollment tests to new payload

* fix(#4022): fix wazuh_db global messages yaml

* style(#4022): fix some linting issues from global_messages.yaml

* fix(#4022): add status_code to queries

* docs(#4022): update CHANGELOG

* fix(#4026): solve a bug of migration tool framework

* fix(#4020): fixed migration tool

* feat(#4026): add new changes in the changelog

* feat(#4062): adapt integration tests for Office365 GCC support

* feat(#4062): adapt integration tests for Office365 GCC support

* docs(#4062): update changelog

* style(#4062): fix yaml linting errors

* fix(#4062): correct the config yaml indents

* fix(#4062): add missing api_type value in case 8

---------

Co-authored-by: Bryce Shurts <89558443+S-Bryce@users.noreply.github.com>

* merge(#4089)!: merge 4.4 into 4.5

* fix(3862): fix test_assign_agent_group_with_enrollment

* fix(#3862): delete default group check

* feat(#3862): update changelog

* refactor(#3862): add expected logs

* fix(#4047): fix duplicated slash in API endpoint (#4048)

* refactor: update changelog

* refactor: bump version to 4.3.10

* refactor: update changelog

---------

Co-authored-by: jmv74211 <jmv74211@gmail.com>

* feat: update changelog for 4.4.1 tag (#4084)

* fix(#4079): fix unstable system tests

* fix(#4079): test active response log format

* fix(#4079): remove log monitor to avoid race condition

* fix(#4079): internal option fixture call

* fix(#4079): enrollment cluster log path typo

* docs(#4070): include missing tests in README

* feat(#4079): include marks to system tests

* docs(#4070): update changelog

* docs(#4079): restore deleted commentary

* docs(#4079): move pr changes to fixed category

* fix(#3942): fix agentd IT for python310

* fix(#3942): include simulator teardown

* style(#3943): pep8

* docs(#3942): include 3973 changelog

* docs(#3942): move pr changes to fixed category

* refactor(#3942): remove unnecessary scopes

* docs(#3942): change changelog pr entry

* docs(#3942): move change to 4.4.2

* docs(#3942): include teardown documentation

* feat(#3912):  add tests for groups deletion 

* feat(#3912): add function to get group id

* feat(#3912): add test for group deletion

* feat(#3912): add test cases

* fix(#3912): fix linter errors

* feat(#3912): update changelog

* fix(#3912): fix typo

* docs(#3912): improve description

* fix(#3912): change import

* docs(#3912): improve documentation

* fix(#3912): delete created group during tear down

* docs(#3912): add documentation

* refactor(#3912)!: change delete function and test cases

* refactor(#3912): change affected tests

* feat(#3912): store binary path

* docs(#3912): add function documentation

* fix(#3912): update changelog

* feat(#4089): bump version to 4.4.2

* feat(#4089): bump version to 4.4.2

* refactor(#4089): change revision

---------

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: jmv74211 <jmv74211@gmail.com>
Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com>

* fix(#4105): fix a bug when running tests for the first time

* fix(#4082): updated log severity

* fix(#4082): updated log severity

* docs(#4082): update CHANGELOG

* feat(#3361): add MSU Catalog Patches IT

* feat(#3361): add database query function

* feat(#3361): add new test module and cases

* style(#3361): fix yaml styling

* style(#3361): fix spacing and whitespaces

* docs(#3361): update changelog

* docs(#3361): add clarifying comment

* style(#3361): remove whitespace

* style(#3361): fix style and docu

* feat(#3333): add AWS integration tests 

* feat(#3333): Add basic structure for AWS tests

* feat(#3335): Cloudtrail integration tests (#3624)

* feat(#3335): add basic test for aws cloudtrail module

* feat(#3335): add utils for handle files in S3 buckets

* feat(#3335): add remove_from_bucket test for aws cloudtrail module

* feat(#3335): add fixture for delete s3_cloudtrail.db

* refactor(#3335): rename modules

* refactor(#3335): change the return of upload_file function

* refactor(#3335): Fix docstring and rename constant

* refactor(#3335): improve default test catching parser and module errors

* feat(#3335): add only_logs_from test for aws cloudtrail module

* feat(#3335): add path tests for aws cloudtrail module

* feat(#3335): add path_suffix tests for aws cloudtrail module

* feat(#3335): add regions tests for aws cloudtrail module

* refactor(#3335): Move wazuh_log_monitor to a fixture

* feat(#3335): add discard_regex tests for aws cloudtrail module

* feat(#3335): add only_logs_after tier_1 test for aws cloudtrail module

* refactor(#3335): Improve name of test cases

* refactor(#3335): Improve tests assertions

* refactor(#3335): Improve tier 1 test

* refactor(#3335): Implement new design for Tier 1 test

* style(#3335): Changed the extension from .yml to .yaml

* style(#3335): Fixed linter issues

* style(#3335): Apply suggestions from code review

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>

* refactor(#3335): Add path parameter to get_db_connection

* style(#3335): Fix quotes use according to QA style

* style(#3335): Use google docstring style

* refactor(#3335): Add missing information about fixtures

* refactor(#3335): Change sqlite table name for backward compatibility

* style(#3335): Fix docstrings punctuation and capitalization

* refactor(#3335): Apply suggestions from code review

* style(#3335): Apply suggestions from code review

Fix punctuation in docstrings.

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* style(#3335): Apply suggestions from code review

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* feat(#3336): VPC integration tests (#3699)

* feat(#3336): Add basic test for aws vpc integration

* feat(#3336): Add data generator for vpcflow type

* feat(#3336): Add remove_from_bucket test for aws vpc integration

* feat(#3336): Add only_logs_after tests for aws vpc integration

* feat(#3336): Add path tests for aws vpc integration

* feat(#3336): Add path_suffix tests for aws vpc integration

* feat(#3336): Add regions tests for aws vpc integration

* feat(#3336): Add discard_regex tests for aws vpc integration

* feat(#3336): Add only_logs_after tier_1 tests for aws vpc integration

* style(#3336): Fix linter issues

* feat(#3336): Use join in path builds

* feat(#3336): Fix cloudtrail cases

* feat(#3336): Detect found and skipped logs

* feat(#3336): Improve delete_file_from_s3 fixture

* fix(#3336): Add minor fixes

---------

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* refactor(#3333): Use utcnow() instead of now()

* feat(#3337): AWS Config integration tests (#3705)

* feat(#3337): Add basic test for aws config integration

* feat(#3337): Add remove_from_bucket test for aws config integration

* feat(#3337): Add only_logs_after tests for aws config integration

* feat(#3337): Add path tests for aws config integration

* feat(#3337): Add path_suffix tests for aws config integration

* feat(#3337): Add regions tests for aws config integration

* feat(#3337): Add discard_regex tests for aws config integration

* feat(#3337): Add only_logs_after tier_1 tests for aws config integration

* feat(#3337): Use non padaded month format

* feat(#3337): Use join in path builds

* feat(#3337): Improve message for check_non_processed_logs_from_output

* fix(#3337): Add minor fixes

* feat(#3338): ALB, CLB and NLB integration tests (#3711)

* feat(#3338): Add basic test for aws ALB integration

* feat(#3338): Add remove_from_bucket test for aws ALB integration

* feat(#3338): Add schema for ALB table

* feat(#3338): Add only_logs_after tests for aws ALB integration

* feat(#3338): Add path tests for aws ALB integration

* feat(#3338): Add regions tests for aws ALB integration

* feat(#3338): Add regions discard_regex for aws ALB integration

* feat(#3338): Add regions only_logs_after tier 1 for aws ALB integration

* feat(#3338): Improve upload_and_delete_file_to_s3 fixture

* feat(#3338): Skip remove_from_bucket test case for ALB

* feat(#3338): Add basic test for aws CLB integration

* feat(#3338): Add remove_from_bucket test for aws CLB integration

* feat(#3338): Add only_logs_after tests for aws CLB integration

* feat(#3338): Add path tests for aws CLB integration

* feat(#3338): Add regions only_logs_after tier 1 for aws CLB integration

* feat(#3338): Add regions discard_regex for aws CLB integration

* feat(#3338): Add only_logs_after tier 1 for aws CLB integration

* feat(#3338): Skip remove_from_bucket test case for CLB

* feat(#3338): Add basic test for aws NLB integration

* feat(#3338): Add remove_from_bucket test for aws NLB integration

* feat(#3338): Add only_logs_after tests for aws NLB integration

* feat(#3338): Add path tests for aws NLB integration

* feat(#3338): Add regions tests for aws NLB integration

* feat(#3338): Add only_logs_after tier 1 for aws NLB integration

* style(#3335): Fix linter issues

* feat(#3338): Move skip function to a fixture

* feat(#3338): Use join in path builds

* feat(#3338): Improve docstrings

* feat(#3338): Increase timeout to avoid random failures

* refactor(#3338): Use utcnow() instead of now() and typos

* refactor(#3338): Apply changes from CR

* feat(#3339): KMS integration tests (#3715)

* feat(#3339): Add basic test for aws KMS integration

* feat(#3339): Add data generator for KMS type

* feat(#3339): Add remove_from_bucket test for aws KMS integration

* feat(#3339): Add schema for custom table

* feat(#3339): Add only_logs_after tests for aws KMS integration

* feat(#3339): Add path tests for aws KMS integration

* feat(#3339): Add discard_regex tests for aws KMS integration

* feat(#3339): Adapt only_logs_after tier 1 test to custom types

* feat(#3339): Add only_logs_after tier 1 for aws KMS integration

* feat(#3339): Use join in path builds

* feat(#3339): Improve skipped logs count in tier 1 test

* feat(#3339): Add missing docstring

* style(#3339): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* refactor(#3339): Use utcnow() instead of now() and typos

* fix(#3339): Apply suggestions from code review

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* feat(#3340): Macie integration tests (#3734)

* feat(#3340): Add basic test for aws Macie integration

* feat(#3336): Add data generator for vpcflow type

* feat(#3340): Add remove_from_bucket test for aws Macie integration

* feat(#3340): Add only_logs_after tests for aws Macie integration

* feat(#3340): Add path tests for aws Macie integration

* feat(#3340): Add discard_regex tests for aws Macie integration

* feat(#3340): Add only_logs_after tier 1 for aws Macie integration

* feat(#3340): Use join in path builds

* fix(#3340): Fix typo

* fix(#3340): Remove unused arguments

* style(#3340): Apply suggestions from code review

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

---------

Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>

* fix(#3333): Improve test condition

* feat(#3341): Trusted Advisor integration tests (#3736)

* feat(#3341): Add basic test for aws Trusted Advisor integration

* feat(#3339): Add data generator for KMS type

* feat(#3341): Add remove_from_bucket test

* feat(#3341): Add only_logs_after tests for aws Trusted Advisor integration

* feat(#3341): Add path tests for aws Trusted Advisor integration

* feat(#3341): Add discard_regex tests for aws Trusted Advisor integration

* feat(#3341): Add only_logs_after tier 1 for aws Trusted Advisor integration

* feat(#3342): GuardDuty integration tests (#3762)

* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings

* fix(#3333): Improve some test findings

* feat(#3343): WAF integration tests (#3763)

* feat(#3343): Add basic test for aws WAF integration

* feat(#3343): Add data generator for WAF type

* feat(#3343): Add remove_from_bucket test for aws WAF integration

* feat(#3343): Add schema for WAF table

* feat(#3343): Add only_logs_after tests for aws WAF integration

* feat(#3343): Add path tests for aws WAF integration

* feat(#3343): Add discard_regex tests for aws WAF integration

* feat(#3343): Add only_logs_after tier 1 for aws WAF integration

* style(#3343): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* refactor(#3343): Improve discard_regex test findings

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* feat(#3344): Server Access integration tests (#3771)

* feat(#3344): Add basic test for aws server access integration

* feat(#3344): Add data generator for Server Access type

* feat(#3344): Add remove_from_bucket test for aws SA integration

* feat(#3344): Add schema for ServerAccess table

* feat(#3344): Add only_logs_after tests for aws SA integration

* feat(#3344): Add path tests for aws SA integration

* feat(#3344): Add discard_regex tests for aws FA integration

* feat(#3344): Add only_logs_after tier 1 for aws SA integration

* feat(#3344): Use table_name instead of bucket_type

* style(#3344): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* feat(#3345): Add basic test for aws inspector integration

* feat(#3345): Add only_logs_after tests for aws Inspector integration

* feat(#3345): Add only_logs_after tier 1 for Inspector integration

* refactor(#3345): Minor fixes

* style(#3345): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* style(#3345): Apply suggestions from code review

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>

* feat(#3346): CloudWatch integration tests (#3857)

* feat(#3346): Add basic test for aws cloudwatch integration

* feat(#3346): Rename basic test for buckets integration

* feat(#3346): Add tools for cloudwatch integration

* feat(#3346): Add remove_log_streams test for aws cloudwatch integration

* feat(#3346): Add utils for cloudwatch tests

* feat(#3346): Add fixtures for cloudwatch tests

* feat(#3346): Add only_logs_after tests for aws CloudWatch integration

* feat(#3346): Rename only_logs_after tests for buckets integration

* feat(#3346): Add regions tests for aws CloudWatch integration

* feat(#3346): Rename regions tests for buckets integration

* feat(#3346): Add log_groups tests for aws CloudWatch integration

* feat(#3346): Add only_logs_after tier 1 for aws CloudWatch integration

* feat(#3346): Rename tier 1 tests for buckets integration

* refactor(#3346): Minor fixes

* style(#3346): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* style(#3346): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* feat(#3347): Umbrella integration tests (#3796)

* feat(#3347): Add basic test for aws umbrella integration

* feat(#3347): Add data generator for Umbrella type

* feat(#3347): Add remove_from_bucket test for aws Umbrella integration

* feat(#3347): Add schema for Umbrella table

* feat(#3347): Add only_logs_after tests for aws Umbrella integration

* feat(#3347): Add path tests for aws Umbrella integration

* feat(#3347): Add discard_regex tests for aws Umbrella integration

* feat(#3347): Add only_logs_after tier 1 for aws Umbrella integration

* style(#3347): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3347): Fix discard_regex test findings

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3333): Add missing PATH with empty value

* feat(#3581): Parser integration tests (#3882)

* feat(#3581): Add tests for mandatory missing params

* feat(#3581): Add tests for empty values

* feat(#3581): Add tests for invalid values

* feat(#3581): Add tests for multiple bucket and service tags

* style(#3581): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* style(#3581): Apply suggestions from code review

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3333): Adjust some tests values

* fix(#3333): Fix cloudwatchlogs_log_groups_with_data test

* fix(#3333): Adjust cisco_umbrella_only_logs_after_multiple_calls values

* fix(#3333): Normalize tier1 tests for all bucket integrations

* feat(#3348): AWS integration tests readme (#3892)

* docs(#3348): Add AWS integration tests README

* docs(#3348): Add referece to AWS tests

* refactor(#3348): Improve explanation about credentials

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

---------

Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>

* fix(#3333): Adjust inexistent_region test for services

* fix(#3333): Adjust parser tests

* fix(#3333): Change message to search for services region tests

* fix(#3333): Marked inspector tier 1 test as xfail

* fix(#3333): Splitted inspector and cloudwatch logs

* fix(#3333): Timeouts adjustments

* fix(#3333): Fixed tests cases for cloudwatch tier 1 tests

* fix(#3333): Fixed linter issues

* docs(#3333): Added changelog

* fix(#3333): Fixed order and format

* fix(#3333): Moved constants to __init__.py

* fix(#3333): Replaced wazuh_log_monitor with file_monitoring

* fix(#3333): Moved constants to wazuh_testing/__init__.py

* fix(#3333): Moved constants to test_aws/__init__.py

* fix(#3333): Improved docstring

* fix(#3333): Moved exception to new file

* fix(#3333): Improved fixtures and removed unused ones

* fix(#3333): Fixed quotation marks

* fix(#3333): Removed type hints

* fix(#3339): Apply suggestions from code review

Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>

* fix(#3333): Install boto3 only in linux

* fix(#3339): Apply suggestions from code review

Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>

* fix(#3333): Moved constants

---------

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>
Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com>

* merge(#4135)!: merge 4.4 into 4.5 

* fix(3862): fix test_assign_agent_group_with_enrollment

* fix(#3862): delete default group check

* feat(#3862): update changelog

* refactor(#3862): add expected logs

* fix(#4047): fix duplicated slash in API endpoint (#4048)

* refactor: update changelog

* refactor: bump version to 4.3.10

* refactor: update changelog

---------

Co-authored-by: jmv74211 <jmv74211@gmail.com>

* feat: update changelog for 4.4.1 tag (#4084)

* fix(#4079): fix unstable system tests

* fix(#4079): test active response log format

* fix(#4079): remove log monitor to avoid race condition

* fix(#4079): internal option fixture call

* fix(#4079): enrollment cluster log path typo

* docs(#4070): include missing tests in README

* feat(#4079): include marks to system tests

* docs(#4070): update changelog

* docs(#4079): restore deleted commentary

* docs(#4079): move pr changes to fixed category

* fix(#3942): fix agentd IT for python310

* fix(#3942): include simulator teardown

* style(#3943): pep8

* docs(#3942): include 3973 changelog

* docs(#3942): move pr changes to fixed category

* refactor(#3942): remove unnecessary scopes

* docs(#3942): change changelog pr entry

* docs(#3942): move change to 4.4.2

* docs(#3942): include teardown documentation

* feat(#3912):  add tests for groups deletion 

* feat(#3912): add function to get group id

* feat(#3912): add test for group deletion

* feat(#3912): add test cases

* fix(#3912): fix linter errors

* feat(#3912): update changelog

* fix(#3912): fix typo

* docs(#3912): improve description

* fix(#3912): change import

* docs(#3912): improve documentation

* fix(#3912): delete created group during tear down

* docs(#3912): add documentation

* refactor(#3912)!: change delete function and test cases

* refactor(#3912): change affected tests

* feat(#3912): store binary path

* docs(#3912): add function documentation

* fix(#3912): update changelog

* feat(#4089): bump version to 4.4.2

* feat(#4089): bump version to 4.4.2

* refactor(#4089): change revision

* feat(#3545): add test to check the syscollector configuration

* feat(#3545): add test to check the syscollector configuration.

* fix(#3545): fix errors when running tests in agents.

* fix(#3545): modify the way the test restarts deamons.

* fix(#3545): fix syscollector DB path in Windows.

* fix(#3545): fix syscollector db path variable name.

* fix(#3545): fix globalDB error due to execution in agent.

* style(#3545): fix linter errors.

* docs(#3545): add PR to changelog.

* fix(#3545): fix some errors present in Windows tests.

* fix(#3545): fix file monitor declaration.

* fix(#3545): fix all_scans_disabled test.

* refactor(#3545): change the timeout of filemonitor.

* fix(#3545): fix macOS tests.

* refactor(#3545): add mark to run the test on unix only.

* fix(#3545): fix Windows tests.

* docs(#3545): mark test as xfail because of an existing bug.

* fix(#3545): remove the mark from unix tests.

* fix(#3545): reuse an existing function and remove the utilized.

* style(#3545): apply identation.

* fix(#3545): fix naming and used functions.

* fix(#3545): move fixture to integration conftest.

* fix(#3545): improve a function name.

* refactor(#3545): add new case, disable unused modules and minor changes.

* fix(#3545): fix prefix.

* fix(#3545): fix metadata because NoneType error.

* fix(#3545): fix event monitor and truncate function.

* refactor(#3545): remove the max_eps empty test case.

It is not a critical field, so it will not thrown an error when empty.

* fix(#3545): solve the log position problem when searching a message.

* fix(#3545): apply linter corrections.

* fix(#3545): fix the test configuration data.

* fix(#3545): remove unused import and docs changed.

* fix(#3545): change way of importing and minor changes.

* fix(#3545): use param depending on the platform.

* refactor(#3545): remove unused fixture and change callback.

* fix(#3545): change the default argument for prefix.

* style(#3545): add spaces for better visualization.

* refactor(#3545): improve docs and change some logic.

* docs(#3545): add comments and new documentation.

* fix(#3545): fix NoneType error.

* docs(#3545): fix changelog.

* docs(#3545): add docs for file_to_monitor param.

Improve existing docs.

* refactor(#3545): remove duplicated function and improve

documentation

* fix(#3545): remove unused imports and sort the remaining ones.

* docs(#3545): add docs to wrapped fixture.

* fix(#3545): remove xfail mark and add note to mark.

* docs(#3545): remove duplicated line.

* style(#3545): sort imports according the guidelines.

* docs(#3545): move change to 4.4.2 section in CHANGELOG.

* fix(#4111): fix WazuhDB IT 

* fix(#4111): make_callback function

* fix(#4111): typo in set agent groups tcases

* fix(#4111): stop agent simulator after test end

* docs(#4111): update changelog

* fix(#4123): fix gcloud tests

* fix(#4123): fix daemons_handler fixture.

* fix(#4123): remove some analysisd on test_gcloud

* fix(#4123): change test_logging fixtures to module

* fix(#4123): start analysisd in test max messages

* docs(#4123): add fix to CHANGELOG.

---------

Co-authored-by: jnasselle <jnasselle@gmail.com>
Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com>

* feat(#4135): update changelog

* refactor(#4137): change when the check is executed

* refactor(#4137): change when the check is executed

* fix(#4137): revert draft condition

---------

Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: jmv74211 <jmv74211@gmail.com>
Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com>
Co-authored-by: Mauro Agustín Malara Zapata <39094716+mauromalara@users.noreply.github.com>
Co-authored-by: jnasselle <jnasselle@gmail.com>

---------

Co-authored-by: Kevin Ledesma <kevin.ledesma@wazuh.com>
Co-authored-by: Belén Valdivia <belen.valdivia@wazuh.com>
Co-authored-by: Tomás Turina <tomas.turina@wazuh.com>
Co-authored-by: Kevin Ledesma <44633633+QU3B1M@users.noreply.github.com>
Co-authored-by: Bryce Shurts <89558443+S-Bryce@users.noreply.github.com>
Co-authored-by: José Luis López Sánchez <joseluis.lopez@wazuh.com>
Co-authored-by: jmv74211 <jmv74211@gmail.com>
Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com>
Co-authored-by: Mauro Agustín Malara Zapata <39094716+mauromalara@users.noreply.github.com>
Co-authored-by: Andrés Carmelo Micalizzi Casali <amicalizzi2005@gmail.com>
Co-authored-by: Nico Stefani <nicolas.stefi@wazuh.com>
Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com>
Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com>
Co-authored-by: jnasselle <jnasselle@gmail.com>
fdalmaup pushed a commit that referenced this pull request Jun 16, 2023
* feat(#3342): Add basic test for aws GuardDuty integration

* feat(#3342): Add remove_from_bucket test for aws Guard Duty integration

* feat(#3342): Add schema for GuardDuty table

* feat(#3342): Add only_logs_after tests for aws GuardDuty integration

* feat(#3342): Add path tests for aws GuardDuty integration

* feat(#3342): Add discard_regex tests for aws GuardDuty integration

* feat(#3342): Add only_logs_after tier 1 for aws GuarDuty integration

* fix(#3342): Adjust the number of found logs

* feat(#3342): Add missing docstring

* feat(#3342): Add data generator for Native GD

* feat(#3342): Add test cases for Native GuardDuty

* refactor(#3342): Improve tier 1 test findings
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add AWS GuardDuty integration tests
3 participants