Skip to content

Commit

Permalink
Modify analysisd delta tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dwordcito
Dwordcito committed Dec 21, 2022
1 parent 30299f6 commit ca05979
Showing 1 changed file with 91 additions and 58 deletions.
149 changes: 91 additions & 58 deletions tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,29 +23,38 @@
-
description: Process modification
event_payload: >-
{"data":{"checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f871","pid":"156102","processor":0,
"scan_time":"2021/10/07 13:08:19","stime":72,"utime":54,"egroup":null,"rgroup":"NULL","fgroup":"piped|value"},
"operation":"MODIFIED","type":"dbsync_processes"}
{"data":{"argvs":"180","checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f87","cmd":"","egroup":"root",
"euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169,
"priority":10,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:08",
"session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0,
"suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"MODIFIED",
"type":"dbsync_processes"}
alert_expected_values:
rule.id: '100302'
data: >-
{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169",
"utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL",
"sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076",
"resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1",
"tgid":"156102","tty":"0","processor":"0"},"operation_type":"MODIFIED"}
{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0",
"stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root",
"sgroup":"root","fgroup":"root","priority":"10","nice":"0","size":"2019","vm_size":"8076","resident":"129",
"share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0",
"processor":"3"},"operation_type":"MODIFIED"}
-
description: Process deletion
event_payload: >-
{"data":{"pid":"156102","scan_time":"2021/10/13 15:55:03"},"operation":"DELETED","type":"dbsync_processes"}
{"data":{"argvs":"180","checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f87","cmd":"","egroup":"root",
"euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169,
"priority":10,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:09",
"session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0,
"suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"DELETED",
"type":"dbsync_processes"}
alert_expected_values:
rule.id: '100303'
data: >-
{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54",
"stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root",
"fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129",
{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0",
"stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root",
"sgroup":"root","fgroup":"root","priority":"10","nice":"0","size":"2019","vm_size":"8076","resident":"129",
"share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0",
"processor":"0"},"operation_type":"DELETED"}
"processor":"3"},"operation_type":"DELETED"}
-
description: Port creation
event_payload: >-
Expand All @@ -63,26 +72,31 @@
-
description: Port modification
event_payload: >-
{"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908,"local_ip":"0.0.0.0",
"local_port":34340,"protocol":"tcp","scan_time":"2021/10/13 14:40:30","tx_queue":1000,"state":"NULL",
"remote_ip":"piped|value"},"operation":"MODIFIED","type":"dbsync_ports"}
{"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908,
"item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0,
"process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":1,
"scan_time":"2021/10/13 14:40:03","state":"listening","tx_queue":1},"operation":"MODIFIED",
"type":"dbsync_ports"}
alert_expected_values:
rule.id: '100312'
data: >-
{"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340",
"remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908","state":"NULL",
"remote_ip":"0.0.0.0","remote_port":"0","tx_queue":"1","rx_queue":"1","inode":"494908","state":"listening",
"pid":"0"},"operation_type":"MODIFIED"}
-
description: Port deletion
event_payload: >-
{"data":{"inode":494908,"local_ip":"0.0.0.0","local_port":34340,"protocol":"tcp",
"scan_time":"2021/10/13 14:40:43"},"operation":"DELETED","type":"dbsync_ports"}
{"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908,
"item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0,
"process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":1,
"scan_time":"2021/10/13 14:40:04","state":"listening","tx_queue":1},"operation":"DELETED",
"type":"dbsync_ports"}
alert_expected_values:
rule.id: '100313'
data: >-
{"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340",
"remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908",
"state":"NULL","pid":"0"},"operation_type":"DELETED"}
"remote_ip":"0.0.0.0","remote_port":"0","tx_queue":"1","rx_queue":"1","inode":"494908","state":"listening",
"pid":"0"},"operation_type":"DELETED"}
-
description: Osinfo creation
event_payload: >-
Expand All @@ -98,13 +112,14 @@
-
description: Osinfo modification
event_payload: >-
{"data":{"checksum":"1634140017886803555", "os_name":"Microsoft Windows 7","os_build":"7602",
"scan_time":"2021/10/13 14:41:43"},"operation":"MODIFIED","type":"dbsync_osinfo"}
{"data":{"checksum":"1634140017886803554","architecture":"x86_64","hostname":"UBUNTU","os_build":"7601",
"os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601",
"os_display_version":"test_text"},"operation":"MODIFIED","type":"dbsync_osinfo"}
alert_expected_values:
rule.id: '100322'
data: >-
{"type":"dbsync_osinfo","os":{"hostname":"UBUNTU","architecture":"x86_64","name":"Microsoft Windows 7",
"version":"6.1.7601","major":"6","minor":"1","build":"7602","os_release":"sp1","display_version":"test"},
"version":"6.1.7601","major":"6","minor":"1","build":"7601","os_release":"sp1","display_version":"test_text"},
"operation_type":"MODIFIED"}
-
description: Hwinfo creation
Expand All @@ -122,15 +137,16 @@
-
description: Hwinfo modification
event_payload: >-
{"data":{"scan_time":"2021/10/13 14:42:43","board_serial":"Intel Corporation",
"checksum":"af7b22eef8f5e06c04af4db49c9f8d1d2896391a","ram_usage":99},"operation":"MODIFIED",
"type":"dbsync_hwinfo"}
{"data":{"scan_time":"2021/10/13 14:41:43","board_serial":"Intel Corporation",
"checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":4,
"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},
"operation":"MODIFIED","type":"dbsync_hwinfo"}
alert_expected_values:
rule.id: '100332'
data: >-
{"type":"dbsync_hwinfo","hardware":{"serial":"Intel Corporation",
"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"2","cpu_mhz":"2904.0","ram_total":"4972208",
"ram_free":"2257872","ram_usage":"99"},"operation_type":"MODIFIED"}
"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"4","cpu_mhz":"2904","ram_total":"4972208",
"ram_free":"2257872","ram_usage":"54"},"operation_type":"MODIFIED"}
-
description: Package creation
event_payload: >-
Expand All @@ -150,25 +166,32 @@
-
description: Package modification
event_payload: >-
{"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569","name":"libqt5opengl5",
"priority":"important","scan_time":"2021/10/13 15:11:50","version":"5.12.8+dfsg-0ubuntu1"},
{"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569",
"description":"Qt 5 OpenGL module","format":"deb","groups":"libs",
"item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5",
"priority":"option","scan_time":"2021/10/13 15:10:50","size":572,"source":"qtbase-opensource-src",
"vendor":"Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>","version":"5.12.8+dfsg-0ubuntu1"},
"operation":"MODIFIED","type":"dbsync_packages"}
alert_expected_values:
rule.id: '100342'
data: >-
{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important",
{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"option",
"size":"572","vendor":"Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
"version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src",
"description":"Qt 5 OpenGL module"},"operation_type":"MODIFIED"}
-
description: Package deletion
event_payload: >-
{"data":{"architecture":"amd64","name":"libqt5opengl5","scan_time":"2021/10/13 15:14:35",
"version":"5.12.8+dfsg-0ubuntu1"},"operation":"DELETED","type":"dbsync_packages"}
{"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569",
"description":"Qt 5 OpenGL module","format":"deb","groups":"libs",
"item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5",
"priority":"option","scan_time":"2021/10/13 15:10:51","size":572,"source":"qtbase-opensource-src",
"vendor":"Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>","version":"5.12.8+dfsg-0ubuntu1"},
"operation":"DELETED","type":"dbsync_packages"}
alert_expected_values:
rule.id: '100343'
data: >-
{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important",
{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"option",
"size":"572","vendor":"Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>",
"version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src",
"description":"Qt 5 OpenGL module"},"operation_type":"DELETED"}
Expand All @@ -189,14 +212,16 @@
-
description: Network interface modification
event_payload: >-
{"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8","name":"dummy0",
"type":"ethernet","rx_bytes":1000,"scan_time":"2021/10/13 18:33:06"},"operation":"MODIFIED",
{"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8",
"item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","mac":"92:27:3b:ee:11:96","mtu":1500,"name":"dummy0",
"rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"scan_time":"2021/10/13 18:32:07","state":"up",
"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"MODIFIED",
"type":"dbsync_network_iface"}
alert_expected_values:
rule.id: '100352'
data: >-
{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down",
"mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000",
{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"up",
"mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"0",
"tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"MODIFIED"}
-
description: Network protocol creation
Expand All @@ -212,33 +237,38 @@
-
description: Network protocol modification
event_payload: >-
{"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2c4a","gateway":"10.0.0.2","iface":"dummy0",
"scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"MODIFIED","type":"dbsync_network_protocol"}
{"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2ca4","gateway":" ","dhcp":"disabled","iface":"dummy0",
"item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","scan_time":"2021/10/13 18:32:06","type":"ethernet"},
"operation":"MODIFIED","type":"dbsync_network_protocol"}
alert_expected_values:
rule.id: '100362'
data: >-
{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet",
"gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"MODIFIED"}
{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":" ",
"dhcp":"disabled"}},"operation_type":"MODIFIED"}
-
description: Network protocol deletion
event_payload: >-
{"data":{"iface":"dummy0","scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"DELETED",
"type":"dbsync_network_protocol"}
{"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2ca4","gateway":" ","dhcp":"disabled","iface":"dummy0",
"item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","scan_time":"2021/10/13 18:32:06","type":"ethernet"},
"operation":"DELETED","type":"dbsync_network_protocol"}
alert_expected_values:
rule.id: '100363'
data: >-
{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet",
"gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"DELETED"}
{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":" ",
"dhcp":"disabled"}},"operation_type":"DELETED"}
-
description: Network interface deletion
event_payload: >-
{"data":{"adapter":null,"name":"dummy0","scan_time":"2021/10/13 18:53:53","type":"ethernet"},
"operation":"DELETED","type":"dbsync_network_iface"}
{"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8",
"item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","mac":"92:27:3b:ee:11:96","mtu":1500,"name":"dummy0",
"rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"scan_time":"2021/10/13 18:32:07","state":"up",
"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"DELETED",
"type":"dbsync_network_iface"}
alert_expected_values:
rule.id: '100353'
data: >-
{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down",
"mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000",
{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"up",
"mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"0",
"tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"DELETED"}
-
description: Network address creation
Expand All @@ -255,24 +285,27 @@
-
description: Network address modification
event_payload: >-
{"data":{"address":"192.168.100.12","checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f28aaa","iface":"enp0s3",
"metric":"90","proto":0,"scan_time":"2021/10/13 16:46:67"},"operation":"MODIFIED",
"type":"dbsync_network_address"}
{"data":{"address":"192.168.100.12","broadcast":"192.168.100.254",
"checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f2873f","dhcp":"unknown","iface":"enp0s3",
"item_id":"7b4e5f1da50834d71d895a3065a3bb098a0b8a5c","metric":"100","netmask":"255.255.255.0","proto":0,
"scan_time":"2021/10/13 16:46:38"},"operation":"MODIFIED","type":"dbsync_network_address"}
alert_expected_values:
rule.id: '100372'
data: >-
{"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12",
"netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"MODIFIED"}
"netmask":"255.255.255.0","broadcast":"192.168.100.254"}},"operation_type":"MODIFIED"}
-
description: Network address deletion
event_payload: >-
{"data":{"address":"192.168.100.12","iface":"enp0s3","proto":0,"scan_time":"2021/10/13 16:48:17"},
"operation":"DELETED","type":"dbsync_network_address"}
{"data":{"address":"192.168.100.12","broadcast":"192.168.100.254",
"checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f2873f","dhcp":"unknown","iface":"enp0s3",
"item_id":"7b4e5f1da50834d71d895a3065a3bb098a0b8a5c","metric":"100","netmask":"255.255.255.0","proto":0,
"scan_time":"2021/10/13 16:46:39"},"operation":"DELETED","type":"dbsync_network_address"}
alert_expected_values:
rule.id: '100373'
data: >-
{"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12",
"netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"DELETED"}
"netmask":"255.255.255.0","broadcast":"192.168.100.254"}},"operation_type":"DELETED"}
-
description: Hotfix creation
event_payload: >-
Expand Down

0 comments on commit ca05979

Please sign in to comment.