Merge 4.6.0 into 4.7.0 (#4459)

* docs(#3786): update changelog.md * feat(#3786): new event_monitors * fix(#3786): recursive_directory_creation perms * feat(#3786): new fixture * fix(#3786): configuration imports * feat(#3786): new test module * docs(#3786): update changelog.md * style(#3786): fix indentation and whitelines * style(#3786): fix indentation * feat(#3693): add cases and configuration files * feat(#3693): add test_registry_wildcards module * feat(#3693): add new callbacks and event_monitor * docs(#3693): update changelog.md * style(#3693): fix whitelines * feat(#4281): New invalid decoder test case for wazuh-logtest * fix(#4281): Fix invalid_decoder_syntax.yaml file line lengths * feat(#4325): upgrade pyyaml to 6.0.1 * feat: bump version 4.5.2 * fix(#4275): modified year field in test_update_from_year * fix(#4275): update custom feeds to NVD 2.0 structure * fix(#4275): deprecate NVD update_from_year option and related changes * fix(#4275): NVD feed must be in one line * fix(#4275): more NVD feed one line fix * style(#4275): fix quoted errors in YAML file * style(#4275): added changelog entry and fixed indexing problems * Merge 4.5.2 into 4.6.0 (#4348) * feat(#4281): New invalid decoder test case for wazuh-logtest * fix(#4281): Fix invalid_decoder_syntax.yaml file line lengths * feat(#4325): upgrade pyyaml to 6.0.1 * feat: bump version 4.5.2 * refactor(#4344): Add space to version json * feat(#4344): add Release section --------- Co-authored-by: Vikman Fernandez-Castro <vmfdez90@gmail.com> Co-authored-by: Victor M. Fernandez-Castro <victor@wazuh.com> Co-authored-by: jnasselle <jnasselle@gmail.com> Co-authored-by: Julia <juliamgnr@gmail.com> Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> * Move 4.5.0 `CHANGELOG.md` changes to 4.6.0 (#4331) * Fix registry wildcards path (#4357) * fix(#4356): fix configuration_templates path * docs(#4356): update test wazuh_min_version * fix(#3786): imports and paths * fix: delete update_from_year for nvd * Added new test to verify every check tag in configuration * feat(#3723): Adds custom AlmaLinux OVAL feed * feat(#3723): Adds AlmaLinux to test_providers vd tests * feat(#3723): Adds AlmaLinux to test_scan_results vd tests * feat(#3723): Adds AlmaLinux to test_feeds vd tests * feat(#3723): Adds AlmaLinux to the remaining vd tests description * feat(#3723): Adds AlmaLinux init configurations * style(#3723): minor fixes * style(#3723): Formatting .yaml files according to linting test * fix: renamed syscollector wmodules prefix * fix(#4336): fix flaky test. * style(#4336): add missing line * fix(#4336): fix test logic * docs: include 4382 to changelog * fix(#4231): fix canonical tests * style(#3723): Fixing formatting for AlmaLinux .yaml config file * docs: include affected component to changelog Co-Authored-By: Juan Nicolas Asselle <jnasselle@gmail.com> * Fix FIM framework to validate path in event correctly * docs: update changelog * docs: update changelog * refactor: rename discard cases files * feat: add cloudwatch and inspector discard regex tests and cases * docs: add changelog entry * fix(#4368): Change test and config file * docs(#4368): update changelog * Fixed error related to logs format in reliability test (#4387) * fix(#4365): Adds new logs validations for Agent-groups_recv.yaml * fix(#4635): Remove single quotes * fix(#4635): Updates log messages * fix(#4635): Adds new line at end of Agent-groups_recv.yaml * fix(#4635): Adds PR to changelog. * fix(#4365): Update to changelog * fix(#4365): Update changelog. --------- Co-authored-by: GGP1 <gaston.palomeque@wazuh.com> Co-authored-by: mauromalara <mmalara@outlook.es> * docs: modify changelog and test cases descriptions * fix(#4423): fix NVD custom feed * Merge 4.5.2 into 4.6.0 (#4458) * refactor: bump revision * Fix package name in one_manager_agent system test environment * Add fix to changelog * Update CHANGELOG.md Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> * Update CHANGELOG.md Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> * Merge 4.5.1 into 4.5.2 (#4457) * fix: update VD validate xml test RHEL url * docs: include 4424 in changelog * fix(#4231): fix canonical tests * docs: change changelog line to include all changes * fix(#4411): Upgrading integration test dependencies for python in Mac (#4427) * docs: update changelog * docs: update changelog * docs: delete extra number sign * refactor: bump revision * Change revision to 4.5.1-rc2 (#4435) * Update Changelog --------- Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> Co-authored-by: BelenValdivia <belen.valdivia@wazuh.com> Co-authored-by: Jorge Marino <jorge.marino.dev@gmail.com> Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: Julia <juliamgnr@gmail.com> --------- Co-authored-by: Julia <juliamgnr@gmail.com> Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: Miguel Verdaguer Velázquez <verdx@riseup.net> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> Co-authored-by: BelenValdivia <belen.valdivia@wazuh.com> Co-authored-by: Jorge Marino <jorge.marino.dev@gmail.com> --------- Co-authored-by: Deblintrake09 <amicalizzi2005@gmail.com> Co-authored-by: Vikman Fernandez-Castro <vmfdez90@gmail.com> Co-authored-by: Victor M. Fernandez-Castro <victor@wazuh.com> Co-authored-by: jnasselle <jnasselle@gmail.com> Co-authored-by: Julia <juliamgnr@gmail.com> Co-authored-by: Julia Magán <80041853+juliamagan@users.noreply.github.com> Co-authored-by: David Jose Iglesias Lopez <davidj.iglesias@wazuh.com> Co-authored-by: lsayanes <leandro.sayanes@gmail.com> Co-authored-by: Leonardo Quiceno <leonardo.quiceno@wazuh.com> Co-authored-by: Mateo Cervilla <mateo.cervilla@wazuh.com> Co-authored-by: lsayanes <leandro.sayanes@wazuh.com> Co-authored-by: Marcel Kemp <marcel.kemp@wazuh.com> Co-authored-by: Víctor Rebollo Pérez <victorrebollop@gmail.com> Co-authored-by: Octavio Valle <octa.tala@gmail.com> Co-authored-by: Jose Luis Carreras Marin <jose.carreras@wazuh.com> Co-authored-by: Matias Pereyra <matias.pereyra@wazuh.com> Co-authored-by: mauromalara <mmalara@outlook.es> Co-authored-by: BelenValdivia <belen.valdivia@wazuh.com> Co-authored-by: Facundo Dalmau <facundo.dalmau@wazuh.com> Co-authored-by: Selutario <joseluis.lopez@wazuh.com> Co-authored-by: Eduardo <eduardo.leon@wazuh.com> Co-authored-by: Javier Castro <javier.castro@wazuh.com> Co-authored-by: Federico Ramos <37565679+RamosFe@users.noreply.github.com> Co-authored-by: GGP1 <gaston.palomeque@wazuh.com> Co-authored-by: Miguel Verdaguer Velázquez <verdx@riseup.net> Co-authored-by: Jorge Marino <jorge.marino.dev@gmail.com>
wazuh · Aug 24, 2023 · b8d0df4 · b8d0df4
1 parent fa2fb1b
commit b8d0df4
Show file tree

Hide file tree

Showing 19 changed files with 617 additions and 85 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -28,6 +28,7 @@ Release report: TBD
 
 ### Added
 
+- Add new test cases for the `discard_regex` functionality of `CloudWatchLogs` and `Inspector` services. ([#4278](https://github.com/wazuh/wazuh-qa/pull/4278)) \- (Tests)
 - Add Windows location wildcards tests ([#4263](https://github.com/wazuh/wazuh-qa/pull/4263)) \- (Tests + Framework)
 - New 'SCA' test suite and framework. ([#3566](https://github.com/wazuh/wazuh-qa/pull/3566)) \- (Framework + Tests)
 - Add integration tests for AWS module. ([#3911](https://github.com/wazuh/wazuh-qa/pull/3911)) \- (Framework + Tests + Documentation)
@@ -69,13 +70,49 @@ Release report: TBD
 
 ### Fixed
 
+- Fix an error related to logs format in reliability test ([#4387](https://github.com/wazuh/wazuh-qa/pull/4387)) \- (Tests)
 - Fix boto3 version requirement for legacy OS ([#4150](https://github.com/wazuh/wazuh-qa/pull/4150)) \- (Framework)
 - Fix cases yaml of the analysisd windows registry IT ([#4149](https://github.com/wazuh/wazuh-qa/pull/4149)) \- (Tests)
 - Fix a bug in on Migration tool's library ([#4106](https://github.com/wazuh/wazuh-qa/pull/4106)) \- (Framework)
 - Fix imports and add windows support for test_report_changes_and_diff IT ([#3548](https://github.com/wazuh/wazuh-qa/issues/3548)) \- (Framework + Tests)
 - Fix a regex error in the FIM integration tests ([#3061](https://github.com/wazuh/wazuh-qa/issues/3061)) \- (Framework + Tests)
 - Fix an error in the cluster performance tests related to CSV parser ([#2999](https://github.com/wazuh/wazuh-qa/pull/2999)) \- (Framework + Tests)
 - Fix bug in the framework on migration tool ([#4027](https://github.com/wazuh/wazuh-qa/pull/4027)) \- (Framework)
+- Fix test cluster / integrity sync system test and configuration to avoid flaky behavior ([#4406](https://github.com/wazuh/wazuh-qa/pull/4406)) \- (Tests)
+
+## [4.5.2] - TBD
+
+Wazuh commit: TBD \
+Release report: TBD
+
+### Changed
+
+- Fix one_manager_agent environment provisioning by packages for system tests ([#4438](https://github.com/wazuh/wazuh-qa/pull/4438)) \- (Framework)
+
+## [4.5.1] - 24-08-2023
+
+Wazuh commit: https://github.com/wazuh/wazuh/commit/731cdf39a430d2fb6fa02f3721624e07f887b02f
+Release report: https://github.com/wazuh/wazuh/issues/18475
+
+### Added
+
+- Add an integration test to check the wazuh-analysisd's decoder parser ([#4286](https://github.com/wazuh/wazuh-qa/pull/4286)) \- (Tests)
+
+### Changed
+
+- Update python integration test dependencies in the README ([#4427](https://github.com/wazuh/wazuh-qa/pull/4427)) \- (Documentation)
+- Update vulnerability detector IT outdated URLs ([#4428](https://github.com/wazuh/wazuh-qa/pull/4428)) \- (Tests)
+
+## [4.5.0] - 11-08-2023
+
+Wazuh commit: https://github.com/wazuh/wazuh/commit/f6aba151d08ef065dfc1bdc9b8885c3d4f618fca
+Release report: https://github.com/wazuh/wazuh/issues/18235
+
+### Changed
+
+- Delete `update_from_year` from system and E2E tests configuration ([#4372](https://github.com/wazuh/wazuh-qa/pull/4372)) \- (Tests)
+- Upgrade PyYAML to 6.0.1. ([#4326](https://github.com/wazuh/wazuh-qa/pull/4326)) \- (Framework)
+- Change Vulnerability Detector ITs to support the development of the NVD 2.0 refactor. ([#4327](https://github.com/wazuh/wazuh-qa/pull/4327)) \- (Tests)
 
 ## [4.5.2] - TBD
 

diff --git a/tests/integration/README.md b/tests/integration/README.md
@@ -117,7 +117,7 @@ brew install python3
 brew install autoconf automake libtool
 
 # Install Python libraries
-pip3 install pytest freezegun jq jsonschema pyyaml==5.4 psutil paramiko distro pandas==0.25.3 pytest-html==2.0.1 numpydoc==0.9.2
+pip3 install filetype freezegun jq jsonschema lockfile numpydoc psutil pytest-html pytest-testinfra pyyaml
 ```
 
 - Add some internal options and restart

diff --git a/...t_module/configuration_discard_regex.yaml → ...e/configuration_bucket_discard_regex.yaml b/...t_module/configuration_discard_regex.yaml → ...e/configuration_bucket_discard_regex.yaml
diff --git a/...ation_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_json.yaml b/...ation_template/discard_regex_test_module/configuration_cloudwatch_discard_regex_json.yaml
@@ -0,0 +1,23 @@
+- sections:
+    - section: wodle
+      attributes:
+        - name: aws-s3
+      elements:
+        - disabled:
+            value: 'no'
+        - service:
+            attributes:
+              - type: SERVICE_TYPE
+            elements:
+              - aws_profile:
+                  value: qa
+              - aws_log_groups:
+                  value: LOG_GROUP_NAME
+              - only_logs_after:
+                  value: ONLY_LOGS_AFTER
+              - regions:
+                  value: REGIONS
+              - discard_regex:
+                  attributes:
+                    - field: DISCARD_FIELD
+                  value: DISCARD_REGEX
diff --git a/...emplate/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml b/...emplate/discard_regex_test_module/configuration_cloudwatch_discard_regex_simple_text.yaml
@@ -0,0 +1,21 @@
+- sections:
+    - section: wodle
+      attributes:
+        - name: aws-s3
+      elements:
+        - disabled:
+            value: 'no'
+        - service:
+            attributes:
+              - type: SERVICE_TYPE
+            elements:
+              - aws_profile:
+                  value: qa
+              - aws_log_groups:
+                  value: LOG_GROUP_NAME
+              - only_logs_after:
+                  value: ONLY_LOGS_AFTER
+              - regions:
+                  value: REGIONS
+              - discard_regex:
+                  value: DISCARD_REGEX
diff --git a/...nfiguration_template/discard_regex_test_module/configuration_inspector_discard_regex.yaml b/...nfiguration_template/discard_regex_test_module/configuration_inspector_discard_regex.yaml
@@ -0,0 +1,21 @@
+- sections:
+    - section: wodle
+      attributes:
+        - name: aws-s3
+      elements:
+        - disabled:
+            value: 'no'
+        - service:
+            attributes:
+              - type: SERVICE_TYPE
+            elements:
+              - aws_profile:
+                  value: qa
+              - only_logs_after:
+                  value: ONLY_LOGS_AFTER
+              - regions:
+                  value: REGIONS
+              - discard_regex:
+                  attributes:
+                    - field: DISCARD_FIELD
+                  value: DISCARD_REGEX
diff --git a/...egex_test_module/cases_discard_regex.yaml → ...st_module/cases_bucket_discard_regex.yaml b/...egex_test_module/cases_discard_regex.yaml → ...st_module/cases_bucket_discard_regex.yaml
diff --git a/...st_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_json.yaml b/...st_aws/data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_json.yaml
@@ -0,0 +1,19 @@
+- name: cloudwatch_discard_regex_json
+  description: >
+    CloudWatch configuration for an event being discarded when the regex matches
+    the content in the specified field inside the incoming JSON log
+  configuration_parameters:
+    SERVICE_TYPE: cloudwatchlogs
+    LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests
+    REGIONS: us-east-1
+    DISCARD_FIELD: networkInterfaces.networkInterfaceId
+    DISCARD_REGEX: .*eni-networkInterfaceId*
+    ONLY_LOGS_AFTER: 2023-JUL-03
+  metadata:
+    service_type: cloudwatchlogs
+    log_group_name: wazuh-cloudwatchlogs-integration-tests
+    only_logs_after: 2023-JUL-03
+    discard_field: networkInterfaces.networkInterfaceId
+    discard_regex: .*eni-networkInterfaceId.*
+    regions: us-east-1
+    found_logs: 1
diff --git a/...data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml b/...data/test_cases/discard_regex_test_module/cases_cloudwatch_discard_regex_simple_text.yaml
@@ -0,0 +1,17 @@
+- name: cloudwatch_discard_regex_simple_text
+  description: >
+    CloudWatch configuration for an event being discarded when the regex matches
+    the content inside the incoming simple text log
+  configuration_parameters:
+    SERVICE_TYPE: cloudwatchlogs
+    LOG_GROUP_NAME: wazuh-cloudwatchlogs-integration-tests
+    REGIONS: us-east-1
+    DISCARD_REGEX: .*Test.*
+    ONLY_LOGS_AFTER: 2023-JAN-12
+  metadata:
+    service_type: cloudwatchlogs
+    log_group_name: wazuh-cloudwatchlogs-integration-tests
+    only_logs_after: 2023-JAN-12
+    discard_regex: .*Test.*
+    regions: us-east-1
+    found_logs: 3
diff --git a/...ion/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml b/...ion/test_aws/data/test_cases/discard_regex_test_module/cases_inspector_discard_regex.yaml
@@ -0,0 +1,17 @@
+- name: inspector_discard_regex
+  description: >
+    Inspector configuration for an event being discarded when the regex matches
+    the content in the specified field inside the incoming JSON log
+  configuration_parameters:
+    SERVICE_TYPE: inspector
+    REGIONS: us-east-1
+    DISCARD_FIELD: assetAttributes.tags.value
+    DISCARD_REGEX: .*inspector-integration-test.*
+    ONLY_LOGS_AFTER: 2023-JAN-12
+  metadata:
+    service_type: inspector
+    only_logs_after: 2023-JAN-12
+    discard_field: assetAttributes.tags.value
+    discard_regex: .*inspector-integration-test.*
+    regions: us-east-1
+    found_logs: 4