diff --git a/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py b/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py index ac8841830b..9e79e920ad 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py +++ b/deps/wazuh_testing/wazuh_testing/modules/aws/constants.py @@ -33,4 +33,6 @@ NLB_TYPE = 'nlb' KMS_TYPE = 'kms' MACIE_TYPE = 'macie' +KMS_TYPE = 'kms' +TRUSTED_ADVISOR_TYPE = 'trusted' CUSTOM_TYPE = 'custom' diff --git a/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py b/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py index d13c567bdc..972c6b2563 100644 --- a/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py +++ b/deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py @@ -604,6 +604,58 @@ def get_data_sample(self) -> str: ) +class TrustedAdvisorDataGenerator(DataGenerator): + BASE_PATH = '' + BASE_FILE_NAME = f'firehose_trustedadvisor-1-' + + def get_filename(self) -> str: + """Return the filename in the Trusted Advisor format. + + Example: + /// + Returns: + str: Synthetic filename. + """ + now = datetime.utcnow() + path = join(self.BASE_PATH, now.strftime(cons.PATH_DATE_FORMAT)) + name = f"{self.BASE_FILE_NAME}{now.strftime(cons.FILENAME_DATE_FORMAT)}{cons.JSON_EXT}" + + return join(path, name) + + def get_data_sample(self) -> str: + """Return a sample of data according to the Trusted Advisor format. + + Returns: + str: Synthetic data. + """ + return json.dumps( + { + 'version': '0', + 'id': get_random_string(26), + 'detail-type': 'Trusted Advisor Check Item Refresh Notification', + 'source': 'aws.trustedadvisor', + 'account': cons.RANDOM_ACCOUNT_ID, + 'time': datetime.utcnow().strftime(cons.FILENAME_DATE_FORMAT), + 'region': 'us-east-1', + 'resources': [], + 'detail': { + 'check-name': 'IAM Group', + 'check-item-detail': { + 'Status': 'Green', + 'Current Usage': '1', + 'Limit Name': 'Groups', + 'Region': '-', + 'Service': 'IAM', + 'Limit Amount': '300' + }, + 'status': 'OK', + 'resource_id': '', + 'uuid': str(uuid4()) + } + } + ) + + # Maps bucket type with corresponding data generator buckets_data_mapping = { cons.CLOUD_TRAIL_TYPE: CloudTrailDataGenerator, @@ -614,6 +666,7 @@ def get_data_sample(self) -> str: cons.NLB_TYPE: NLBDataGenerator, cons.KMS_TYPE: KMSDataGenerator, cons.MACIE_TYPE: MacieDataGenerator, + cons.TRUSTED_ADVISOR_TYPE: TrustedAdvisorDataGenerator, } diff --git a/tests/integration/test_aws/data/test_cases/basic_test_module/cases_defaults.yaml b/tests/integration/test_aws/data/test_cases/basic_test_module/cases_defaults.yaml index 6e60b99d19..bfde266372 100644 --- a/tests/integration/test_aws/data/test_cases/basic_test_module/cases_defaults.yaml +++ b/tests/integration/test_aws/data/test_cases/basic_test_module/cases_defaults.yaml @@ -69,3 +69,12 @@ metadata: bucket_type: custom bucket_name: wazuh-macie-integration-tests + +- name: trusted_advisor_defaults + description: Trusted Advisor default configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests diff --git a/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml index b12c38fd3d..d34c346384 100644 --- a/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml +++ b/tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml @@ -125,3 +125,19 @@ discard_regex: LOW found_logs: 3 skipped_logs: 1 + +- name: trusted_advisor_discard_regex + description: Trusted Advisor discard regex configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + DISCARD_FIELD: status + DISCARD_REGEX: ERROR + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests + only_logs_after: 2022-NOV-20 + discard_field: status + discard_regex: ERROR + found_logs: 3 + skipped_logs: 1 diff --git a/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_multiple_calls.yaml b/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_multiple_calls.yaml index 6e8d23f36d..a0fd8e39b7 100644 --- a/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_multiple_calls.yaml +++ b/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_multiple_calls.yaml @@ -55,3 +55,10 @@ metadata: bucket_type: custom bucket_name: wazuh-macie-integration-tests + +- name: trusted_advisor_only_logs_after_multiple_calls + description: Trusted Advisor only_logs_after multiple calls configurations + configuration_parameters: + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests diff --git a/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_with_only_logs_after.yaml b/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_with_only_logs_after.yaml index 27234609e0..5f2449126c 100644 --- a/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_with_only_logs_after.yaml +++ b/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_with_only_logs_after.yaml @@ -93,3 +93,15 @@ bucket_name: wazuh-macie-integration-tests only_logs_after: 2022-NOV-20 expected_results: 3 + +- name: trusted_avisor_with_only_logs_after + description: Trusted Advisor only logs after configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + ONLY_LOGS_AFTER: 2022-NOV-20 + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests + only_logs_after: 2022-NOV-20 + expected_results: 3 diff --git a/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_without_only_logs_after.yaml b/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_without_only_logs_after.yaml index c10ff53d43..7f5af938a8 100644 --- a/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_without_only_logs_after.yaml +++ b/tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_without_only_logs_after.yaml @@ -77,3 +77,13 @@ bucket_type: custom bucket_name: wazuh-macie-integration-tests expected_results: 1 + +- name: trusted_advisor_without_only_logs_after + description: Trusted Advisor only logs after configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests + expected_results: 1 diff --git a/tests/integration/test_aws/data/test_cases/path_test_module/cases_path.yaml b/tests/integration/test_aws/data/test_cases/path_test_module/cases_path.yaml index c1a869c281..f9a81be7dd 100644 --- a/tests/integration/test_aws/data/test_cases/path_test_module/cases_path.yaml +++ b/tests/integration/test_aws/data/test_cases/path_test_module/cases_path.yaml @@ -309,3 +309,42 @@ only_logs_after: 2022-NOV-20 path: inexistent_prefix expected_results: 0 + +- name: trusted_advisor_path_with_data + description: Trusted Advisor path configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + PATH: test_prefix + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests + only_logs_after: 2022-NOV-20 + path: test_prefix + expected_results: 1 + +- name: trusted_advisor_path_without_data + description: Trusted Advisor path configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + PATH: empty_prefix + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests + only_logs_after: 2022-NOV-20 + path: empty_prefix + expected_results: 0 + +- name: trusted_advisor_inexistent_path + description: Trusted Advisor path configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + PATH: inexistent_prefix + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests + only_logs_after: 2022-NOV-20 + path: inexistent_prefix + expected_results: 0 diff --git a/tests/integration/test_aws/data/test_cases/remove_from_bucket_test_module/cases_remove_from_bucket.yaml b/tests/integration/test_aws/data/test_cases/remove_from_bucket_test_module/cases_remove_from_bucket.yaml index f7b34415fe..c786a29039 100644 --- a/tests/integration/test_aws/data/test_cases/remove_from_bucket_test_module/cases_remove_from_bucket.yaml +++ b/tests/integration/test_aws/data/test_cases/remove_from_bucket_test_module/cases_remove_from_bucket.yaml @@ -69,3 +69,12 @@ metadata: bucket_type: custom bucket_name: wazuh-macie-integration-tests + +- name: trusted_advisor_remove_from_bucket + description: Trusted Advisor remove from bucket configurations + configuration_parameters: + BUCKET_TYPE: custom + BUCKET_NAME: wazuh-trusted-advisor-integration-tests + metadata: + bucket_type: custom + bucket_name: wazuh-trusted-advisor-integration-tests diff --git a/tests/integration/test_aws/test_discard_regex.py b/tests/integration/test_aws/test_discard_regex.py index dfbc102e88..c284e9e20e 100644 --- a/tests/integration/test_aws/test_discard_regex.py +++ b/tests/integration/test_aws/test_discard_regex.py @@ -131,8 +131,8 @@ def test_discard_regex( timeout=T_20, callback=event_monitor.callback_detect_event_processed_or_skipped(pattern), error_message=( - 'The AWS module did not show correct message about discard regex or ', - 'did not process the expected amout of logs' + 'The AWS module did not show the correct message about discard regex or ', + 'did not process the expected amount of logs' ), accum_results=found_logs + skipped_logs ).result()