feat(#3341): Trusted Advisor integration tests (#3736)

* feat(#3341): Add basic test for aws Trusted Advisor integration

* feat(#3339): Add data generator for KMS type

* feat(#3341): Add remove_from_bucket test

* feat(#3341): Add only_logs_after tests for aws Trusted Advisor integration

* feat(#3341): Add path tests for aws Trusted Advisor integration

* feat(#3341): Add discard_regex tests for aws Trusted Advisor integration

* feat(#3341): Add only_logs_after tier 1 for aws Trusted Advisor integration

deps/wazuh_testing/wazuh_testing/modules/aws/constants.py

@@ -33,4 +33,6 @@
 NLB_TYPE = 'nlb'
 KMS_TYPE = 'kms'
 MACIE_TYPE = 'macie'
+KMS_TYPE = 'kms'
+TRUSTED_ADVISOR_TYPE = 'trusted'
 CUSTOM_TYPE = 'custom'

deps/wazuh_testing/wazuh_testing/modules/aws/data_generator.py

@@ -604,6 +604,58 @@ def get_data_sample(self) -> str:
  )
 
 
+class TrustedAdvisorDataGenerator(DataGenerator):
+ BASE_PATH = ''
+ BASE_FILE_NAME = f'firehose_trustedadvisor-1-'
+
+ def get_filename(self) -> str:
+ """Return the filename in the Trusted Advisor format.
+
+ Example:
+ <prefix>/<year>/<month>/<day>
+ Returns:
+ str: Synthetic filename.
+ """
+ now = datetime.utcnow()
+ path = join(self.BASE_PATH, now.strftime(cons.PATH_DATE_FORMAT))
+ name = f"{self.BASE_FILE_NAME}{now.strftime(cons.FILENAME_DATE_FORMAT)}{cons.JSON_EXT}"
+
+ return join(path, name)
+
+ def get_data_sample(self) -> str:
+ """Return a sample of data according to the Trusted Advisor format.
+
+ Returns:
+ str: Synthetic data.
+ """
+ return json.dumps(
+ {
+ 'version': '0',
+ 'id': get_random_string(26),
+ 'detail-type': 'Trusted Advisor Check Item Refresh Notification',
+ 'source': 'aws.trustedadvisor',
+ 'account': cons.RANDOM_ACCOUNT_ID,
+ 'time': datetime.utcnow().strftime(cons.FILENAME_DATE_FORMAT),
+ 'region': 'us-east-1',
+ 'resources': [],
+ 'detail': {
+ 'check-name': 'IAM Group',
+ 'check-item-detail': {
+ 'Status': 'Green',
+ 'Current Usage': '1',
+ 'Limit Name': 'Groups',
+ 'Region': '-',
+ 'Service': 'IAM',
+ 'Limit Amount': '300'
+ },
+ 'status': 'OK',
+ 'resource_id': '',
+ 'uuid': str(uuid4())
+ }
+ }
+ )
+
+
 # Maps bucket type with corresponding data generator
 buckets_data_mapping = {
  cons.CLOUD_TRAIL_TYPE: CloudTrailDataGenerator,
@@ -614,6 +666,7 @@ def get_data_sample(self) -> str:
  cons.NLB_TYPE: NLBDataGenerator,
  cons.KMS_TYPE: KMSDataGenerator,
  cons.MACIE_TYPE: MacieDataGenerator,
+ cons.TRUSTED_ADVISOR_TYPE: TrustedAdvisorDataGenerator,
 }
 
 

tests/integration/test_aws/data/test_cases/basic_test_module/cases_defaults.yaml

@@ -69,3 +69,12 @@
  metadata:
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
+
+- name: trusted_advisor_defaults
+ description: Trusted Advisor default configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests

tests/integration/test_aws/data/test_cases/discard_regex_test_module/cases_discard_regex.yaml

@@ -125,3 +125,19 @@
  discard_regex: LOW
  found_logs: 3
  skipped_logs: 1
+
+- name: trusted_advisor_discard_regex
+ description: Trusted Advisor discard regex configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ DISCARD_FIELD: status
+ DISCARD_REGEX: ERROR
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ only_logs_after: 2022-NOV-20
+ discard_field: status
+ discard_regex: ERROR
+ found_logs: 3
+ skipped_logs: 1

tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_multiple_calls.yaml

@@ -55,3 +55,10 @@
  metadata:
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
+
+- name: trusted_advisor_only_logs_after_multiple_calls
+ description: Trusted Advisor only_logs_after multiple calls configurations
+ configuration_parameters:
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests

tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_with_only_logs_after.yaml

@@ -93,3 +93,15 @@
  bucket_name: wazuh-macie-integration-tests
  only_logs_after: 2022-NOV-20
  expected_results: 3
+
+- name: trusted_avisor_with_only_logs_after
+ description: Trusted Advisor only logs after configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ ONLY_LOGS_AFTER: 2022-NOV-20
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ only_logs_after: 2022-NOV-20
+ expected_results: 3

tests/integration/test_aws/data/test_cases/only_logs_after_test_module/cases_without_only_logs_after.yaml

@@ -77,3 +77,13 @@
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
  expected_results: 1
+
+- name: trusted_advisor_without_only_logs_after
+ description: Trusted Advisor only logs after configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ expected_results: 1

tests/integration/test_aws/data/test_cases/path_test_module/cases_path.yaml

@@ -309,3 +309,42 @@
  only_logs_after: 2022-NOV-20
  path: inexistent_prefix
  expected_results: 0
+
+- name: trusted_advisor_path_with_data
+ description: Trusted Advisor path configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ PATH: test_prefix
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ only_logs_after: 2022-NOV-20
+ path: test_prefix
+ expected_results: 1
+
+- name: trusted_advisor_path_without_data
+ description: Trusted Advisor path configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ PATH: empty_prefix
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ only_logs_after: 2022-NOV-20
+ path: empty_prefix
+ expected_results: 0
+
+- name: trusted_advisor_inexistent_path
+ description: Trusted Advisor path configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ PATH: inexistent_prefix
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests
+ only_logs_after: 2022-NOV-20
+ path: inexistent_prefix
+ expected_results: 0

tests/integration/test_aws/data/test_cases/remove_from_bucket_test_module/cases_remove_from_bucket.yaml

@@ -69,3 +69,12 @@
  metadata:
  bucket_type: custom
  bucket_name: wazuh-macie-integration-tests
+
+- name: trusted_advisor_remove_from_bucket
+ description: Trusted Advisor remove from bucket configurations
+ configuration_parameters:
+ BUCKET_TYPE: custom
+ BUCKET_NAME: wazuh-trusted-advisor-integration-tests
+ metadata:
+ bucket_type: custom
+ bucket_name: wazuh-trusted-advisor-integration-tests

tests/integration/test_aws/test_discard_regex.py

@@ -131,8 +131,8 @@ def test_discard_regex(
  timeout=T_20,
  callback=event_monitor.callback_detect_event_processed_or_skipped(pattern),
  error_message=(
- 'The AWS module did not show correct message about discard regex or ',
- 'did not process the expected amout of logs'
+ 'The AWS module did not show the correct message about discard regex or ',
+ 'did not process the expected amount of logs'
  ),
  accum_results=found_logs + skipped_logs
  ).result()