feat(#3562): update test and add new test cases

tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/configuration_template/configuration_windows_system_folder_redirection.yaml

@@ -10,6 +10,9 @@
  attributes:
  - realtime: REALTIME
  - whodata: WHODATA
+ - recursion_level: 0
+ - windows_audit_interval:
+ value: 500
 
  - section: sca
  elements:

tests/integration/test_fim/test_files/test_windows_system_folder_redirection/data/test_cases/cases_windows_system_folder_redirection.yaml

@@ -1,9 +1,116 @@
-- name: report_changes_found_scheduled
+- name: monitor /Windows/System32 - scheduled
  description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
  configuration_parameters:
  INTERVAL: 3
  REALTIME: 'no'
  WHODATA: 'no'
+ TEST_DIRECTORIES: '%WINDIR%\System32'
+ fim_mode: scheduled
  metadata:
- folder: \%WINDIR%/Sysnative
+ folder: system32
  fim_mode: scheduled
+ redirected: false
+
+- name: monitor /Windows/System32 - realtime
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 10000
+ REALTIME: 'yes'
+ WHODATA: 'no'
+ TEST_DIRECTORIES: '%WINDIR%\System32'
+ fim_mode: realtime
+ metadata:
+ folder: system32
+ fim_mode: realtime
+ redirected: false
+
+- name: monitor /Windows/System32 - whodata
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 10000
+ REALTIME: 'no'
+ WHODATA: 'yes'
+ TEST_DIRECTORIES: '%WINDIR%\System32'
+ fim_mode: whodata
+ metadata:
+ folder: system32
+ fim_mode: whodata
+ redirected: false
+
+- name: monitor /Windows/Sysnative - scheduled
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 3
+ REALTIME: 'no'
+ WHODATA: 'no'
+ TEST_DIRECTORIES: '%WINDIR%\Sysnative'
+ fim_mode: scheduled
+ metadata:
+ folder: system32
+ fim_mode: scheduled
+ redirected: true
+
+- name: monitor /Windows/Sysnative - realtime
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 10000
+ REALTIME: 'yes'
+ WHODATA: 'no'
+ TEST_DIRECTORIES: '%WINDIR%\Sysnative'
+ fim_mode: realtime
+ metadata:
+ folder: system32
+ fim_mode: realtime
+ redirected: true
+
+- name: monitor /Windows/Sysnative - whodata
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 10000
+ REALTIME: 'no'
+ WHODATA: 'yes'
+ TEST_DIRECTORIES: '%WINDIR%\Sysnative'
+ fim_mode: whodata
+ metadata:
+ folder: system32
+ fim_mode: whodata
+ redirected: true
+
+- name: monitor SyWOW64 - scheduled
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 3
+ REALTIME: 'no'
+ WHODATA: 'no'
+ TEST_DIRECTORIES: '%WINDIR%\SysWOW64'
+ fim_mode: scheduled
+ metadata:
+ folder: syswow64
+ fim_mode: scheduled
+ redirected: false
+
+- name: monitor SysWOW64 - realtime
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 10000
+ REALTIME: 'yes'
+ WHODATA: 'no'
+ TEST_DIRECTORIES: '%WINDIR%\SysWOW64'
+ fim_mode: realtime
+ metadata:
+ folder: syswow64
+ fim_mode: realtime
+ redirected: false
+
+- name: monitor SysWOW64 - whodata
+ description: When a file is monitored with report_changes, the diff file and changes are reported (Scheduled mode)
+ configuration_parameters:
+ INTERVAL: 10000
+ REALTIME: 'no'
+ WHODATA: 'yes'
+ TEST_DIRECTORIES: '%WINDIR%\SysWOW64'
+ fim_mode: whodata
+ metadata:
+ folder: syswow64
+ fim_mode: whodata
+ redirected: false

tests/integration/test_fim/test_files/test_windows_system_folder_redirection/test_windows_system_folder_redirection.py

@@ -70,14 +70,14 @@
 import pytest
 from wazuh_testing import global_parameters, LOG_FILE_PATH, T_10
 from wazuh_testing.tools import PREFIX, configuration
-from wazuh_testing.tools.monitoring import FileMonitor, generate_monitoring_callback
-from wazuh_testing.modules.fim import CB_FIM_PATH_CONVERTED, ERR_MSG_FIM_PATH_CONVERTED_EVENT
+from wazuh_testing.tools.monitoring import FileMonitor
 from wazuh_testing.modules.fim import FIM_DEFAULT_LOCAL_INTERNAL_OPTIONS as local_internal_options
+from wazuh_testing.modules.fim.event_monitor import check_fim_event, CB_FIM_PATH_CONVERTED
 from wazuh_testing.modules.fim.utils import regular_file_cud
 
 # Marks
 
-pytestmark = [pytest.mark.linux, pytest.mark.tier(level=1)]
+pytestmark = [pytest.mark.win32, pytest.mark.tier(level=1)]
 
 
 # Reference paths
@@ -89,16 +89,14 @@
 test_cases_path = os.path.join(TEST_CASES_PATH, 'cases_windows_system_folder_redirection.yaml')
 configurations_path = os.path.join(CONFIGURATIONS_PATH, 'configuration_windows_system_folder_redirection.yaml')
 
-
-# variables
-wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
-
-
 # Test configurations
 configuration_parameters, configuration_metadata, test_case_ids = configuration.get_test_cases_data(test_cases_path)
 configurations = configuration.load_configuration_template(configurations_path, configuration_parameters,
  configuration_metadata)
 
+# variables
+wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
+
 
 # tests
 @pytest.mark.parametrize('configuration, metadata', zip(configurations, configuration_metadata), ids=test_case_ids)
@@ -134,9 +132,6 @@ def test_windows_folder_redirection(configuration, metadata, set_wazuh_configura
  - restart_syscheck_function:
  type: fixture
  brief: restart syscheckd daemon, and truncate the ossec.log.
- - create_monitored_folders
- type: fixture
- brief: Create folders to be monitored, delete after test.
  - wait_for_fim_start_function:
  type: fixture
  brief: check that the starting fim scan is detected.
@@ -161,12 +156,11 @@ def test_windows_folder_redirection(configuration, metadata, set_wazuh_configura
  - scheduled
  '''
  file_list = [f"regular_file"]
- folder = os.path.join(PREFIX, metadata['folder'])
+ folder = os.path.join(PREFIX, 'windows', metadata['folder'])
  wazuh_log_monitor = FileMonitor(LOG_FILE_PATH)
 
- wazuh_log_monitor.start(timeout=T_10, callback=generate_monitoring_callback(CB_FIM_PATH_CONVERTED),
- error_message=ERR_MSG_FIM_PATH_CONVERTED_EVENT)
-
+ if metadata['redirected']:
+ check_fim_event(callback=CB_FIM_PATH_CONVERTED, timeout=T_10)
 
  regular_file_cud(folder, wazuh_log_monitor, file_list=file_list, time_travel=False,
- min_timeout=global_parameters.default_timeout*4, triggers_event=True)
+ min_timeout=300, triggers_event=True, escaped=True)