From ca05979e73008fe3e514df745755076452c94519 Mon Sep 17 00:00:00 2001 From: Dwordcito Date: Wed, 21 Dec 2022 01:42:15 -0300 Subject: [PATCH] Modify analysisd delta tests --- .../test_syscollector/data/syscollector.yaml | 149 +++++++++++------- 1 file changed, 91 insertions(+), 58 deletions(-) diff --git a/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml b/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml index 47387985c4..098da24273 100644 --- a/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml +++ b/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml @@ -23,29 +23,38 @@ - description: Process modification event_payload: >- - {"data":{"checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f871","pid":"156102","processor":0, - "scan_time":"2021/10/07 13:08:19","stime":72,"utime":54,"egroup":null,"rgroup":"NULL","fgroup":"piped|value"}, - "operation":"MODIFIED","type":"dbsync_processes"} + {"data":{"argvs":"180","checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f87","cmd":"","egroup":"root", + "euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169, + "priority":10,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:08", + "session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0, + "suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"MODIFIED", + "type":"dbsync_processes"} + alert_expected_values: rule.id: '100302' data: >- - {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169", - "utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL", - "sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076", - "resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1", - "tgid":"156102","tty":"0","processor":"0"},"operation_type":"MODIFIED"} + {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0", + "stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root", + "sgroup":"root","fgroup":"root","priority":"10","nice":"0","size":"2019","vm_size":"8076","resident":"129", + "share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0", + "processor":"3"},"operation_type":"MODIFIED"} - description: Process deletion event_payload: >- - {"data":{"pid":"156102","scan_time":"2021/10/13 15:55:03"},"operation":"DELETED","type":"dbsync_processes"} + {"data":{"argvs":"180","checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f87","cmd":"","egroup":"root", + "euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169, + "priority":10,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:09", + "session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0, + "suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"DELETED", + "type":"dbsync_processes"} alert_expected_values: rule.id: '100303' data: >- - {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54", - "stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root", - "fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129", + {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0", + "stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root", + "sgroup":"root","fgroup":"root","priority":"10","nice":"0","size":"2019","vm_size":"8076","resident":"129", "share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0", - "processor":"0"},"operation_type":"DELETED"} + "processor":"3"},"operation_type":"DELETED"} - description: Port creation event_payload: >- @@ -63,26 +72,31 @@ - description: Port modification event_payload: >- - {"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908,"local_ip":"0.0.0.0", - "local_port":34340,"protocol":"tcp","scan_time":"2021/10/13 14:40:30","tx_queue":1000,"state":"NULL", - "remote_ip":"piped|value"},"operation":"MODIFIED","type":"dbsync_ports"} + {"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908, + "item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0, + "process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":1, + "scan_time":"2021/10/13 14:40:03","state":"listening","tx_queue":1},"operation":"MODIFIED", + "type":"dbsync_ports"} alert_expected_values: rule.id: '100312' data: >- {"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340", - "remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908","state":"NULL", + "remote_ip":"0.0.0.0","remote_port":"0","tx_queue":"1","rx_queue":"1","inode":"494908","state":"listening", "pid":"0"},"operation_type":"MODIFIED"} - description: Port deletion event_payload: >- - {"data":{"inode":494908,"local_ip":"0.0.0.0","local_port":34340,"protocol":"tcp", - "scan_time":"2021/10/13 14:40:43"},"operation":"DELETED","type":"dbsync_ports"} + {"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908, + "item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0, + "process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":1, + "scan_time":"2021/10/13 14:40:04","state":"listening","tx_queue":1},"operation":"DELETED", + "type":"dbsync_ports"} alert_expected_values: rule.id: '100313' data: >- {"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340", - "remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908", - "state":"NULL","pid":"0"},"operation_type":"DELETED"} + "remote_ip":"0.0.0.0","remote_port":"0","tx_queue":"1","rx_queue":"1","inode":"494908","state":"listening", + "pid":"0"},"operation_type":"DELETED"} - description: Osinfo creation event_payload: >- @@ -98,13 +112,14 @@ - description: Osinfo modification event_payload: >- - {"data":{"checksum":"1634140017886803555", "os_name":"Microsoft Windows 7","os_build":"7602", - "scan_time":"2021/10/13 14:41:43"},"operation":"MODIFIED","type":"dbsync_osinfo"} + {"data":{"checksum":"1634140017886803554","architecture":"x86_64","hostname":"UBUNTU","os_build":"7601", + "os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601", + "os_display_version":"test_text"},"operation":"MODIFIED","type":"dbsync_osinfo"} alert_expected_values: rule.id: '100322' data: >- {"type":"dbsync_osinfo","os":{"hostname":"UBUNTU","architecture":"x86_64","name":"Microsoft Windows 7", - "version":"6.1.7601","major":"6","minor":"1","build":"7602","os_release":"sp1","display_version":"test"}, + "version":"6.1.7601","major":"6","minor":"1","build":"7601","os_release":"sp1","display_version":"test_text"}, "operation_type":"MODIFIED"} - description: Hwinfo creation @@ -122,15 +137,16 @@ - description: Hwinfo modification event_payload: >- - {"data":{"scan_time":"2021/10/13 14:42:43","board_serial":"Intel Corporation", - "checksum":"af7b22eef8f5e06c04af4db49c9f8d1d2896391a","ram_usage":99},"operation":"MODIFIED", - "type":"dbsync_hwinfo"} + {"data":{"scan_time":"2021/10/13 14:41:43","board_serial":"Intel Corporation", + "checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":4, + "cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54}, + "operation":"MODIFIED","type":"dbsync_hwinfo"} alert_expected_values: rule.id: '100332' data: >- {"type":"dbsync_hwinfo","hardware":{"serial":"Intel Corporation", - "cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"2","cpu_mhz":"2904.0","ram_total":"4972208", - "ram_free":"2257872","ram_usage":"99"},"operation_type":"MODIFIED"} + "cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"4","cpu_mhz":"2904","ram_total":"4972208", + "ram_free":"2257872","ram_usage":"54"},"operation_type":"MODIFIED"} - description: Package creation event_payload: >- @@ -150,25 +166,32 @@ - description: Package modification event_payload: >- - {"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569","name":"libqt5opengl5", - "priority":"important","scan_time":"2021/10/13 15:11:50","version":"5.12.8+dfsg-0ubuntu1"}, + {"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569", + "description":"Qt 5 OpenGL module","format":"deb","groups":"libs", + "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5", + "priority":"option","scan_time":"2021/10/13 15:10:50","size":572,"source":"qtbase-opensource-src", + "vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1"}, "operation":"MODIFIED","type":"dbsync_packages"} alert_expected_values: rule.id: '100342' data: >- - {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important", + {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"option", "size":"572","vendor":"Ubuntu Developers ", "version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src", "description":"Qt 5 OpenGL module"},"operation_type":"MODIFIED"} - description: Package deletion event_payload: >- - {"data":{"architecture":"amd64","name":"libqt5opengl5","scan_time":"2021/10/13 15:14:35", - "version":"5.12.8+dfsg-0ubuntu1"},"operation":"DELETED","type":"dbsync_packages"} + {"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569", + "description":"Qt 5 OpenGL module","format":"deb","groups":"libs", + "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5", + "priority":"option","scan_time":"2021/10/13 15:10:51","size":572,"source":"qtbase-opensource-src", + "vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1"}, + "operation":"DELETED","type":"dbsync_packages"} alert_expected_values: rule.id: '100343' data: >- - {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important", + {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"option", "size":"572","vendor":"Ubuntu Developers ", "version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src", "description":"Qt 5 OpenGL module"},"operation_type":"DELETED"} @@ -189,14 +212,16 @@ - description: Network interface modification event_payload: >- - {"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8","name":"dummy0", - "type":"ethernet","rx_bytes":1000,"scan_time":"2021/10/13 18:33:06"},"operation":"MODIFIED", + {"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8", + "item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","mac":"92:27:3b:ee:11:96","mtu":1500,"name":"dummy0", + "rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"scan_time":"2021/10/13 18:32:07","state":"up", + "tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"MODIFIED", "type":"dbsync_network_iface"} alert_expected_values: rule.id: '100352' data: >- - {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down", - "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000", + {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"up", + "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"0", "tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"MODIFIED"} - description: Network protocol creation @@ -212,33 +237,38 @@ - description: Network protocol modification event_payload: >- - {"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2c4a","gateway":"10.0.0.2","iface":"dummy0", - "scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"MODIFIED","type":"dbsync_network_protocol"} + {"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2ca4","gateway":" ","dhcp":"disabled","iface":"dummy0", + "item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","scan_time":"2021/10/13 18:32:06","type":"ethernet"}, + "operation":"MODIFIED","type":"dbsync_network_protocol"} alert_expected_values: rule.id: '100362' data: >- - {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet", - "gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"MODIFIED"} + {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":" ", + "dhcp":"disabled"}},"operation_type":"MODIFIED"} - description: Network protocol deletion event_payload: >- - {"data":{"iface":"dummy0","scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"DELETED", - "type":"dbsync_network_protocol"} + {"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2ca4","gateway":" ","dhcp":"disabled","iface":"dummy0", + "item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","scan_time":"2021/10/13 18:32:06","type":"ethernet"}, + "operation":"DELETED","type":"dbsync_network_protocol"} alert_expected_values: rule.id: '100363' data: >- - {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet", - "gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"DELETED"} + {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":" ", + "dhcp":"disabled"}},"operation_type":"DELETED"} - description: Network interface deletion event_payload: >- - {"data":{"adapter":null,"name":"dummy0","scan_time":"2021/10/13 18:53:53","type":"ethernet"}, - "operation":"DELETED","type":"dbsync_network_iface"} + {"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8", + "item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","mac":"92:27:3b:ee:11:96","mtu":1500,"name":"dummy0", + "rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"scan_time":"2021/10/13 18:32:07","state":"up", + "tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"DELETED", + "type":"dbsync_network_iface"} alert_expected_values: rule.id: '100353' data: >- - {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down", - "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000", + {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"up", + "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"0", "tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"DELETED"} - description: Network address creation @@ -255,24 +285,27 @@ - description: Network address modification event_payload: >- - {"data":{"address":"192.168.100.12","checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f28aaa","iface":"enp0s3", - "metric":"90","proto":0,"scan_time":"2021/10/13 16:46:67"},"operation":"MODIFIED", - "type":"dbsync_network_address"} + {"data":{"address":"192.168.100.12","broadcast":"192.168.100.254", + "checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f2873f","dhcp":"unknown","iface":"enp0s3", + "item_id":"7b4e5f1da50834d71d895a3065a3bb098a0b8a5c","metric":"100","netmask":"255.255.255.0","proto":0, + "scan_time":"2021/10/13 16:46:38"},"operation":"MODIFIED","type":"dbsync_network_address"} alert_expected_values: rule.id: '100372' data: >- {"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12", - "netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"MODIFIED"} + "netmask":"255.255.255.0","broadcast":"192.168.100.254"}},"operation_type":"MODIFIED"} - description: Network address deletion event_payload: >- - {"data":{"address":"192.168.100.12","iface":"enp0s3","proto":0,"scan_time":"2021/10/13 16:48:17"}, - "operation":"DELETED","type":"dbsync_network_address"} + {"data":{"address":"192.168.100.12","broadcast":"192.168.100.254", + "checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f2873f","dhcp":"unknown","iface":"enp0s3", + "item_id":"7b4e5f1da50834d71d895a3065a3bb098a0b8a5c","metric":"100","netmask":"255.255.255.0","proto":0, + "scan_time":"2021/10/13 16:46:39"},"operation":"DELETED","type":"dbsync_network_address"} alert_expected_values: rule.id: '100373' data: >- {"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12", - "netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"DELETED"} + "netmask":"255.255.255.0","broadcast":"192.168.100.254"}},"operation_type":"DELETED"} - description: Hotfix creation event_payload: >-