Filter alerts and logs by timestamp

deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py

@@ -93,3 +93,25 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': '
                             json=data)
 
     return response.json()
+
+
+def delete_index(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
+                 index: str = 'wazuh-alerts*'):
+    """
+    Delete index from the Wazuh Indexer API.
+
+    Args:
+        host_manager: An instance of the HostManager class containing information about hosts.
+        credentials (Optional): A dictionary containing the Indexer credentials. Defaults to
+                                 {'user': 'admin', 'password': 'changeme'}.
+        index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'.
+    """
+    logging.info(f"Deleting {index} index")
+
+    url = f"https://{host_manager.get_master_ip()}:9200/{index}/"
+    headers = {
+        'Content-Type': 'application/json',
+    }
+
+    requests.delete(url=url, verify=False,
+                    auth=requests.auth.HTTPBasicAuth(credentials['user'], credentials['password']), headers=headers)

deps/wazuh_testing/wazuh_testing/end_to_end/regex.py

@@ -46,10 +46,10 @@
         'parameters': ['HOST_NAME', 'CVE', 'PACKAGE_NAME', 'PACKAGE_VERSION', 'ARCHITECTURE']
     },
     'vuln_affected': {
-        'regex':  'CVE.*? affects.*"?'
+        'regex':  'CVE.* affects.*"?'
     },
     'vuln_mitigated': {
-        'regex': "The .* that affected .* was solved due to a package removal"
+        'regex': "The .* that affected .* was solved due to a package removal.*"
     }
 }
 

deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py

@@ -22,7 +22,7 @@
 """
 import logging
 from typing import Dict, List
-from datetime import datetime
+from datetime import datetime, timezone
 from concurrent.futures import ThreadPoolExecutor
 
 from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan
@@ -167,15 +167,14 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho
         try:
             if host_os_arch in install_package_data[host_os_name]:
                 package_id = install_package_data[host_os_name][host_os_arch]
-        
+
                 package_data = load_packages_metadata()[package_id]
                 package_url = package_data['urls'][host_os_name][host_os_arch]
 
                 logging.info(f"Installing package on {host}")
                 logging.info(f"Package URL: {package_url}")
 
-                current_datetime = datetime.utcnow().isoformat()
-
+                current_datetime = datetime.now(timezone.utc).isoformat()[:-6]
                 host_manager.install_package(host, package_url, system)
 
                 logging.info(f"Package {package_url} installed on {host}")
@@ -194,10 +193,10 @@ def install_package(host: str, operation_data: Dict[str, Dict], host_manager: Ho
 
                     check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
                                                 package_data, operation='install')
-            
+
             else:
                 logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")
-                
+
         except Exception as e:
             logging.critical(f"Error searching package: {e}")
 
@@ -251,7 +250,7 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
 
                 package_data = load_packages_metadata()[package_id]
 
-                current_datetime = datetime.utcnow().isoformat()
+                current_datetime = datetime.now(timezone.utc).isoformat()[:-6]
 
                 logging.info(f"Removing package on {host}")
                 if 'uninstall_name' in package_data:
@@ -271,10 +270,10 @@ def remove_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
 
                     check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
                                             package_data, operation='remove')
-            
+
             else:
                 logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")
-        
+
         except Exception as e:
             logging.critical(f"Error searching package: {e}")
 
@@ -339,7 +338,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
         try:
             if host_os_arch in install_package_data_to[host_os_name]:
                 package_id_to = install_package_data_to[host_os_name][host_os_arch]
-            
+
                 package_data_from = load_packages_metadata()[package_id_from]
                 package_data_to = load_packages_metadata()[package_id_to]
 
@@ -348,7 +347,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
                 logging.info(f"Installing package on {host}")
                 logging.info(f"Package URL: {package_url_to}")
 
-                current_datetime = datetime.utcnow().isoformat()
+                current_datetime = datetime.now(timezone.utc).isoformat()[:-6]
                 host_manager.install_package(host, package_url_to, system)
 
                 logging.info(f"Package {package_url_to} installed on {host}")
@@ -364,7 +363,7 @@ def update_package(host: str, operation_data: Dict[str, Dict], host_manager: Hos
 
                     check_vulnerability_alerts(results, operation_data['check'], current_datetime, host_manager, host,
                                             {'from': package_data_from, 'to': package_data_to}, operation='update')
-                
+
             else:
                 logging.error(f"Error: Package for {host_os_name} and {host_os_arch} not found")
 
@@ -389,7 +388,7 @@ def launch_remote_sequential_operation_on_agent(agent: str, task_list: List[Dict
         host_manager (HostManager): An instance of the HostManager class containing information about hosts.
     """
     # Convert datetime to Unix timestamp (integer)
-    timestamp = datetime.utcnow().isoformat()
+    timestamp = datetime.now(timezone.utc).isoformat()[:-6]
 
     if task_list:
         for task in task_list:

deps/wazuh_testing/wazuh_testing/end_to_end/waiters.py

@@ -45,7 +45,7 @@ def wait_until_vd_is_updated(host_manager: HostManager) -> None:
 
     monitoring_data = generate_monitoring_logs(host_manager, ["INFO: Vulnerability scanner module started"],
                                                [VD_FEED_UPDATE_TIMEOUT], host_manager.get_group_hosts('manager'))
-    monitoring_events_multihost(host_manager, monitoring_data)
+    monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False)
 
 
 def wait_until_vuln_scan_agents_finished(host_manager: HostManager) -> None:
@@ -80,11 +80,12 @@ def wait_syscollector_and_vuln_scan(host_manager: HostManager, host: str,  opera
                                                [get_event_regex({'event': 'syscollector_scan_start'}),
                                                 get_event_regex({'event': 'syscollector_scan_end'})],
                                                [timeout_syscollector_scan, timeout_syscollector_scan],
-                                               host_manager.get_group_hosts('agent'))
+                                               host_manager.get_group_hosts('agent'),
+                                               greater_than_timestamp=current_datetime)
 
     truncate_remote_host_group_files(host_manager, host_manager.get_group_hosts('agent'))
 
-    monitoring_events_multihost(host_manager, monitoring_data)
+    monitoring_events_multihost(host_manager, monitoring_data, ignore_timeout_error=False)
 
     logging.info(f"Waiting for vulnerability scan to finish on {host}")