Release 4.3.6 - Release Candidate 1 - E2E UX tests - Office 365 Integration

[miguelfdez99]

The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.

Test information

Test name	Office365 Integration
Category	Cloud Security
Main release issue	#14260
Release candidate #	RC1

Installation procedure

Wazuh indexer:

• Installation: Offline Installation
• Type: Single Node
• OS: Ubuntu 18.04

Wazuh manager:
-- Installation: Offline Installation

• Type: Single Node
• OS: Ubuntu 18.04

Wazuh dashboard:

• Installation: Offline Installation
• Type: Single Node
• OS: Ubuntu 18.04

Wazuh agent:

• Installation: Wazuh WUI one-liner deploy IP GROUP (created beforehand)
• OS: CentOs 7

Test Steps:

• Test should be executed: Test Steps

Test report procedure

All test results must have one of the following statuses:

🟢	All checks passed.
🔴	There is at least one failed result.
🟡	There is at least one expected failure or skipped test and no failures.

Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.

An extended report of the test results must be attached as a ZIP or TXT file. Please attach any documents, screenshots, or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.

Conclusions

All tests have been executed and the results can be found here.

Status	Test	Failure type	Notes
🟢	Offline installation	Minor documentation issues	[1] [2] [3] [4]
🟢	Agent installation	Minor documentation issues
🟢	Office 365 documentation	Minor documentation issues	[5]
🟢	Office 365 configuration	Minor documentation issues	[5]
🟢	Office 365 dashboards

There are some issues open in previous release tests:

1. wazuh-install.sh checks host OS even if just downloading the packages wazuh-packages#1633
2. indexer-security-init.sh script sets unsecure defaullt credentials wazuh-documentation#5578
3. offline install instructions leads to error on single-node install wazuh-documentation#5329
4. offline documentation suggest trying a service before checkin its status wazuh-documentation#5330
5. Office 365 documentation do not mention the UI wazuh-documentation#5331

Auditors validation

[miguelfdez99]

Offline installation

• Installed following the documentation: Offline installation
  There are still some issues that were reported in previous release tests.

Agent installation

After the offline installation, an agent can be added without any issue.

Office 365 configuration

The access was created following the documentation

• Register your app
• Certificates & secrets
• API permissions

The documentation does not mention anything about the module Office365 in the WUI.
We can configure the Office365 module in ossec.conf.

<office365>
    <enabled>yes</enabled>
    <interval>1m</interval>
    <curl_max_size>1M</curl_max_size>
    <only_future_events>yes</only_future_events>
    <api_auth>
        <tenant_id>your_tenant_id</tenant_id>
        <client_id>your_client_id</client_id>
        <client_secret>your_client_secret</client_secret>
    </api_auth>
    <subscriptions>
        <subscription>Audit.SharePoint</subscription>
    </subscriptions>
</office365>

Office 365 dashboard

The dashboard shows the events for the default rules for office365.