Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Filter alerts and logs by timestamp #5157

Merged
Merged
Show file tree
Hide file tree
Changes from 11 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ All notable changes to this project will be documented in this file.

### Fixed

- Fix timestamps alerts and logs filter ([#5157](https://github.com/wazuh/wazuh-qa/pull/5157)) \- (Framework + Tests)
- Fix remote_operations_handler functions to Vulnerability Detector E2E tests ([#5155](https://github.com/wazuh/wazuh-qa/pull/5155)) \- (Framework)
- Fix test_shutdown_message system test ([#5087](https://github.com/wazuh/wazuh-qa/pull/5087)) \- (Tests)
- Include timeout to test_authd system tests ([#5083](https://github.com/wazuh/wazuh-qa/pull/5083)) \- (Tests)
Expand Down
22 changes: 22 additions & 0 deletions deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,25 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': '
json=data)

return response.json()


def delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
index: str = 'wazuh-alerts*'):
"""
Delete index from the Wazuh Indexer API.

Args:
host_manager: An instance of the HostManager class containing information about hosts.
credentials (Optional): A dictionary containing the Indexer credentials. Defaults to
{'user': 'admin', 'password': 'changeme'}.
index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'.
"""
logging.info(f"Deleting {index} index")

url = f"https://{host_manager.get_master_ip()}:9200/{index}/"
headers = {
'Content-Type': 'application/json',
}

requests.delete(url=url, verify=False,
auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']), headers=headers)
4 changes: 2 additions & 2 deletions deps/wazuh_testing/wazuh_testing/end_to_end/regex.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,10 @@
'parameters': ['HOST_NAME', 'CVE', 'PACKAGE_NAME', 'PACKAGE_VERSION', 'ARCHITECTURE']
},
'vuln_affected': {
'regex': 'CVE.*? affects.*"?'
'regex': 'CVE.* affects.*"?'
},
'vuln_mitigated': {
'regex': "The .* that affected .* was solved due to a package removal"
'regex': "The .* that affected .* was solved due to a package removal.*"
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
"""
import logging
from typing import Dict, List
from datetime import datetime
from datetime import datetime, timezone
from concurrent.futures import ThreadPoolExecutor

from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan
Expand Down Expand Up @@ -167,15 +167,14 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho
try:
if host_os_arch in install_package_data[host_os_name]:
package_id = install_package_data[host_os_name][host_os_arch]

package_data = load_packages_metadata()[package_id]
package_url = package_data['urls'][host_os_name][host_os_arch]

logging.info(f"Installing package on {host}")
logging.info(f"Package URL: {package_url}")

current_datetime = datetime.utcnow().isoformat()

current_datetime = datetime.now(timezone.utc).isoformat()[:-6]
Rebits marked this conversation as resolved.
Show resolved Hide resolved
host_manager.install_package(host, package_url, system)

logging.info(f"Package {package_url} installed on {host}")
Expand All @@ -194,10 +193,10 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho

check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
package_data, operation='install')

else:
logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")

except Exception as e:
logging.critical(f"Error searching package: {e}")

Expand Down Expand Up @@ -251,7 +250,7 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos

package_data = load_packages_metadata()[package_id]

current_datetime = datetime.utcnow().isoformat()
current_datetime = datetime.now(timezone.utc).isoformat()[:-6]

logging.info(f"Removing package on {host}")
if 'uninstall_name' in package_data:
Expand All @@ -271,10 +270,10 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos

check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
package_data, operation='remove')

else:
logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")

except Exception as e:
logging.critical(f"Error searching package: {e}")

Expand Down Expand Up @@ -339,7 +338,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
try:
if host_os_arch in install_package_data_to[host_os_name]:
package_id_to = install_package_data_to[host_os_name][host_os_arch]

package_data_from = load_packages_metadata()[package_id_from]
package_data_to = load_packages_metadata()[package_id_to]

Expand All @@ -348,7 +347,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
logging.info(f"Installing package on {host}")
logging.info(f"Package URL: {package_url_to}")

current_datetime = datetime.utcnow().isoformat()
current_datetime = datetime.now(timezone.utc).isoformat()[:-6]
host_manager.install_package(host, package_url_to, system)

logging.info(f"Package {package_url_to} installed on {host}")
Expand All @@ -364,7 +363,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos

check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
{'from': package_data_from, 'to': package_data_to}, operation='update')

else:
logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")

Expand All @@ -389,7 +388,7 @@ def launch_remote_sequential_operation_on_agent(agent: str, task_list: List[Dict
host_manager (HostManager): An instance of the HostManager class containing information about hosts.
"""
# Convert datetime to Unix timestamp (integer)
timestamp = datetime.utcnow().isoformat()
timestamp = datetime.now(timezone.utc).isoformat()[:-6]

if task_list:
for task in task_list:
Expand Down
7 changes: 4 additions & 3 deletions deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ def wait_until_vd_is_updated(host_manager: HostManager) -> None:

monitoring_data = generate_monitoring_logs(host_manager, ["INFO: Vulnerability scanner module started"],
[VD_FEED_UPDATE_TIMEOUT], host_manager.get_group_hosts('manager'))
monitoring_events_multihost(host_manager, monitoring_data)
monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False)


def wait_until_vuln_scan_agents_finished(host_manager: HostManager) -> None:
Expand Down Expand Up @@ -80,11 +80,12 @@ def wait_syscollector_and_vuln_scan(host_manager: HostManager, host: str, opera
[get_event_regex({'event': 'syscollector_scan_start'}),
get_event_regex({'event': 'syscollector_scan_end'})],
[timeout_syscollector_scan, timeout_syscollector_scan],
host_manager.get_group_hosts('agent'))
host_manager.get_group_hosts('agent'),
greater_than_timestamp=current_datetime)

truncate_remote_host_group_files(host_manager, host_manager.get_group_hosts('agent'))

monitoring_events_multihost(host_manager, monitoring_data)
monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False)

logging.info(f"Waiting for vulnerability scan to finish on {host}")

Expand Down
Loading
Loading