feat(#3341): Trusted Advisor integration tests (#3736)

* feat(#3341): Add basic test for aws Trusted Advisor integration

* feat(#3339): Add data generator for KMS type

* feat(#3341): Add remove_from_bucket test

* feat(#3341): Add only_logs_after tests for aws Trusted Advisor integration

* feat(#3341): Add path tests for aws Trusted Advisor integration

* feat(#3341): Add discard_regex tests for aws Trusted Advisor integration

* feat(#3341): Add only_logs_after tier 1 for aws Trusted Advisor integration

deps/wazuh_testing/wazuh_testing/modules/aws/constants.py

@@ -33,4 +33,6 @@
 NLB_TYPE = 'nlb'
 KMS_TYPE = 'kms'
 MACIE_TYPE = 'macie'
+KMS_TYPE = 'kms'
+TRUSTED_ADVISOR_TYPE = 'trusted'
 CUSTOM_TYPE = 'custom'

deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py

@@ -1600,6 +1600,58 @@ def get_data_sample(self) -> str:
  )
 
 
+class TrustedAdvisorDataGenerator(DataGenerator):
+ BASE_PATH = ''
+ BASE_FILE_NAME = f'firehose_trustedadvisor-1-'
+
+ def get_filename(self) -> str:
+ """Return the filename in the Trusted Advisor format.
+
+ Example:
+ <prefix>/<year>/<month>/<day>
+ Returns:
+ str: Synthetic filename.
+ """
+ now = datetime.utcnow()
+ path = join(self.BASE_PATH, now.strftime(cons.PATH_DATE_FORMAT))
+ name = f"{self.BASE_FILE_NAME}{now.strftime(cons.FILENAME_DATE_FORMAT)}{cons.JSON_EXT}"
+
+ return join(path, name)
+
+ def get_data_sample(self) -> str:
+ """Return a sample of data according to the Trusted Advisor format.
+
+ Returns:
+ str: Synthetic data.
+ """
+ return json.dumps(
+ {
+ 'version': '0',
+ 'id': get_random_string(26),
+ 'detail-type': 'Trusted Advisor Check Item Refresh Notification',
+ 'source': 'aws.trustedadvisor',
+ 'account': cons.RANDOM_ACCOUNT_ID,
+ 'time': datetime.utcnow().strftime(cons.FILENAME_DATE_FORMAT),
+ 'region': 'us-east-1',
+ 'resources': [],
+ 'detail': {
+ 'check-name': 'IAM Group',
+ 'check-item-detail': {
+ 'Status': 'Green',
+ 'Current Usage': '1',
+ 'Limit Name': 'Groups',
+ 'Region': '-',
+ 'Service': 'IAM',
+ 'Limit Amount': '300'
+ },
+ 'status': 'OK',
+ 'resource_id': '',
+ 'uuid': str(uuid4())
+ }
+ }
+ )
+
+
 # Maps bucket type with corresponding data generator
 buckets_data_mapping = {
  cons.CLOUD_TRAIL_TYPE: CloudTrailDataGenerator,

tests/integration/test_aws/data/test_cases/basic_test_module/cases_defaults.yaml

@@ -69,3 +69,12 @@
  metadata:
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
+
+- name: trusted_advisor_defaults
+ description: Trusted Advisor default configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests

tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml

@@ -141,7 +141,10 @@
  BUCKET_NAME: wazuh-trusted-advisor-integration-tests
  DISCARD_FIELD: status
  DISCARD_REGEX: ERROR
+<<<<<<< HEAD
  PATH: ''
+=======
+>>>>>>> feat(#3341): Trusted Advisor integration tests (#3736)
  metadata:
  bucket_type: custom
  bucket_name: wazuh-trusted-advisor-integration-tests
@@ -150,6 +153,7 @@
  discard_regex: ERROR
  found_logs: 3
  skipped_logs: 1
+<<<<<<< HEAD
 
 - name: guardduty_discard_regex
  description: GuardDuty discard regex configurations
@@ -236,3 +240,5 @@
  found_logs: 3
  skipped_logs: 1
  path: dnslogs
+=======
+>>>>>>> feat(#3341): Trusted Advisor integration tests (#3736)

tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_multiple_calls.yaml

@@ -55,3 +55,10 @@
  metadata:
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
+
+- name: trusted_advisor_only_logs_after_multiple_calls
+ description: Trusted Advisor only_logs_after multiple calls configurations
+ configuration_parameters:
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests

tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_with_only_logs_after.yaml

@@ -93,3 +93,15 @@
  bucket_name: wazuh-macie-integration-tests
  only_logs_after: 2022-NOV-20
  expected_results: 3
+
+- name: trusted_avisor_with_only_logs_after
+ description: Trusted Advisor only logs after configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ ONLY_LOGS_AFTER: 2022-NOV-20
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ only_logs_after: 2022-NOV-20
+ expected_results: 3

tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_without_only_logs_after.yaml

@@ -77,3 +77,13 @@
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
  expected_results: 1
+
+- name: trusted_advisor_without_only_logs_after
+ description: Trusted Advisor only logs after configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ expected_results: 1

tests/integration/test_aws/data/test_cases/path_test_module/cases_path.yaml

@@ -413,6 +413,7 @@
  only_logs_after: 2022-NOV-20
  path: inexistent_prefix
  expected_results: 0
+<<<<<<< HEAD
 
 - name: guardduty_path_with_data
  description: GuardDuty path configurations
@@ -589,3 +590,5 @@
 >>>>>>> feat(#3339): KMS integration tests (#3715)
 =======
 >>>>>>> feat(#3340): Macie integration tests (#3734)
+=======
+>>>>>>> feat(#3341): Trusted Advisor integration tests (#3736)

tests/integration/test_aws/data/test_cases/remove_from_bucket_test_module/cases_remove_from_bucket.yaml

@@ -83,6 +83,7 @@
  configuration_parameters:
  BUCKET_TYPE: custom
  BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+<<<<<<< HEAD
  PATH: ''
  metadata:
  bucket_type: custom
@@ -138,3 +139,8 @@
  bucket_type: cisco_umbrella
  bucket_name: wazuh-umbrella-integration-tests
  path: dnslogs
+=======
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+>>>>>>> feat(#3341): Trusted Advisor integration tests (#3736)