Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIM System Tests: Windows EventID 4659 #642

Closed
Molter73 opened this issue Apr 3, 2020 · 0 comments · Fixed by #648
Closed

FIM System Tests: Windows EventID 4659 #642

Molter73 opened this issue Apr 3, 2020 · 0 comments · Fixed by #648
Assignees
@Molter73 @CamiRomero

Comments

@Molter73
Copy link
Contributor

Molter73 commented Apr 3, 2020

Related issue
wazuh/wazuh#4670

Description

Add a test for the deferred delete windows events (EventID 4659).

In order to detect this event, a Sending FIM event:... log message must be captured that has the event type deleted and does not have the audit field process_name to distinguish it from a regular delete generated by a Windows event with ID 4660.

Platforms

  • Windows
@Molter73 Molter73 self-assigned this Apr 3, 2020
@Molter73 Molter73 mentioned this issue Apr 7, 2020
Merged
@Molter73 Molter73 linked a pull request Apr 7, 2020 that will close this issue
Windows 4659 events tests #648
Merged
@bah07 bah07 added the FIM label Apr 15, 2020
@bah07 bah07 added this to the Sprint 110 - Core milestone Apr 15, 2020
@jotacarma90 jotacarma90 added core/fim and removed FIM labels Apr 20, 2020
@Molter73 Molter73 mentioned this issue Apr 29, 2020
Closed
10 tasks
@vikman90 vikman90 removed this from the Sprint 114 - Core milestone Jul 17, 2020
@damarisg damarisg mentioned this issue Nov 16, 2021
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Molter73 Molter73

@CamiRomero CamiRomero

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Windows 4659 events tests wazuh/wazuh-qa
8 participants
@damarisg @bah07 @vikman90 @Molter73 @jmv74211 @CamiRomero @jm404 @jotacarma90