From d7d0a2fb596e65c069449b98d01e504ca4b6cdd8 Mon Sep 17 00:00:00 2001 From: Juan Nicolas Asselle Date: Thu, 26 May 2022 13:29:07 +0000 Subject: [PATCH 1/4] Fix syscollector deltas IT - Make propper changes related to wazuh/wazuh#12550 - Enable analysisd syscollector event tests --- .../test_syscollector/test_syscollector_events.py | 2 +- .../data/agent/syscollector_deltas_messages.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py b/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py index 13a55c61d0..37ff093488 100644 --- a/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py +++ b/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py @@ -73,7 +73,7 @@ def get_configuration(request): # Tests -@pytest.mark.skip(reason='Temporarily disabled until merge this PR https://github.com/wazuh/wazuh/pull/10843') +# @pytest.mark.skip(reason='Temporarily disabled until merge this PR https://github.com/wazuh/wazuh/pull/10843') @pytest.mark.parametrize('test_case', list(test_cases), ids=[test_case['name'] for test_case in test_cases]) diff --git a/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml b/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml index 1420bdf3a0..a494fc6138 100644 --- a/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml +++ b/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml @@ -141,7 +141,7 @@ stage: 'insert package with invalid field type.' - input: 'agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' - output: 'ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps||0|||AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' + output: 'ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps|||||AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' stage: 'modify package.' - input: 'agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-1|NULL|NULL|1001|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa61b68678180d2debd374df900daa6fe35d73|' @@ -161,7 +161,7 @@ stage: 'delete package without enough fields.' - input: 'agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps||0|||AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' + output: 'ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps|||||AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' stage: 'delete package.' - input: 'agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' @@ -185,7 +185,7 @@ stage: 'insert osinfo with invalid field type.' - input: 'agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|1637071785021722800|mydisplayname|NULL|NULL|' - output: 'ok 2021/10/01 00:00:20|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||1637071785021722800|mydisplayname|||' + output: 'ok 2021/10/01 00:00:20|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||1637071785021722800|mydisplayname||' stage: 'modify osinfo.' - input: 'agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' From aea9b93b26260434f1a3445fa29a126d4de9d158 Mon Sep 17 00:00:00 2001 From: Juan Nicolas Asselle Date: Thu, 26 May 2022 20:17:17 +0000 Subject: [PATCH 2/4] Change IT to force empty field scenario --- .../test_syscollector/data/syscollector.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml b/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml index 0291c175d6..1cff46dd1d 100644 --- a/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml +++ b/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml @@ -6,22 +6,22 @@ test_case: - description: 'Process creation' - event_payload: '{"data":{"argvs":"180","checksum":"343ed10dc637334a7400d01b8a28deb8db5cba28","cmd":"sleep","egroup":"root","euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169,"priority":20,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:07","session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0,"suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"INSERTED","type":"dbsync_processes"}' + event_payload: '{"data":{"argvs":"180","checksum":"343ed10dc637334a7400d01b8a28deb8db5cba28","cmd":"","egroup":"root","euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169,"priority":20,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:07","session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0,"suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"INSERTED","type":"dbsync_processes"}' alert_expected_values: rule.id: '100301' - data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0","stime":"0","cmd":"sleep","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root","sgroup":"root","fgroup":"root","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"3"},"operation_type":"INSERTED"}' + data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0","stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root","sgroup":"root","fgroup":"root","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"3"},"operation_type":"INSERTED"}' - description: 'Process modification' event_payload: '{"data":{"checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f871","pid":"156102","processor":0,"scan_time":"2021/10/07 13:08:19","stime":72,"utime":54,"egroup":null,"rgroup":"NULL","fgroup":"piped|value"},"operation":"MODIFIED","type":"dbsync_processes"}' alert_expected_values: rule.id: '100302' - data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54","stime":"72","cmd":"sleep","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"0"},"operation_type":"MODIFIED"}' + data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"0"},"operation_type":"MODIFIED"}' - description: 'Process deletion' event_payload: '{"data":{"pid":"156102","scan_time":"2021/10/13 15:55:03"},"operation":"DELETED","type":"dbsync_processes"}' alert_expected_values: rule.id: '100303' - data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54","stime":"72","cmd":"sleep","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"0"},"operation_type":"DELETED"}' + data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"0"},"operation_type":"DELETED"}' - description: 'Port creation' event_payload: '{"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c712","inode":494908,"item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0,"process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"scan_time":"2021/10/13 14:40:02","state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"}' From c36f3e7f836b73a6251db795a42c2bfcea00b9a8 Mon Sep 17 00:00:00 2001 From: Dword Date: Tue, 21 Jun 2022 10:44:53 -0300 Subject: [PATCH 3/4] Changes based on PR review. --- .../test_analysisd/test_syscollector/test_syscollector_events.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py b/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py index 37ff093488..43db11318d 100644 --- a/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py +++ b/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py @@ -73,7 +73,6 @@ def get_configuration(request): # Tests -# @pytest.mark.skip(reason='Temporarily disabled until merge this PR https://github.com/wazuh/wazuh/pull/10843') @pytest.mark.parametrize('test_case', list(test_cases), ids=[test_case['name'] for test_case in test_cases]) From 144b5b045b360d08c91974d10a97b184264751c3 Mon Sep 17 00:00:00 2001 From: Juan Nicolas Asselle Date: Wed, 22 Jun 2022 17:51:35 +0000 Subject: [PATCH 4/4] Fix syscollector deltas IT coding style --- .../scripts/config/yaml_linter_config.yaml | 1 + .../test_syscollector/data/syscollector.yaml | 436 ++++++++---- .../test_syscollector_events.py | 3 +- .../agent/syscollector_deltas_messages.yaml | 634 ++++++++++-------- 4 files changed, 643 insertions(+), 431 deletions(-) diff --git a/.github/workflows/scripts/config/yaml_linter_config.yaml b/.github/workflows/scripts/config/yaml_linter_config.yaml index 87acf5b825..55f6560640 100644 --- a/.github/workflows/scripts/config/yaml_linter_config.yaml +++ b/.github/workflows/scripts/config/yaml_linter_config.yaml @@ -12,6 +12,7 @@ rules: quoted-strings: required: only-when-needed quote-type: any + ignore: syscollector_deltas_messages.yaml #https://github.com/adrienverge/yamllint/issues/275 trailing-spaces: {} braces: forbid: non-empty diff --git a/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml b/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml index 1cff46dd1d..47387985c4 100644 --- a/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml +++ b/tests/integration/test_analysisd/test_syscollector/data/syscollector.yaml @@ -1,150 +1,292 @@ ---- - - name: 'Test syscollector events' - rule_file: 'syscollector_rules.xml' + name: Test syscollector events + rule_file: syscollector_rules.xml event_header: '(myhostname) any->syscollector:' test_case: - - - description: 'Process creation' - event_payload: '{"data":{"argvs":"180","checksum":"343ed10dc637334a7400d01b8a28deb8db5cba28","cmd":"","egroup":"root","euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169,"priority":20,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:07","session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0,"suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"INSERTED","type":"dbsync_processes"}' - alert_expected_values: - rule.id: '100301' - data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0","stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root","sgroup":"root","fgroup":"root","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"3"},"operation_type":"INSERTED"}' - - - description: 'Process modification' - event_payload: '{"data":{"checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f871","pid":"156102","processor":0,"scan_time":"2021/10/07 13:08:19","stime":72,"utime":54,"egroup":null,"rgroup":"NULL","fgroup":"piped|value"},"operation":"MODIFIED","type":"dbsync_processes"}' - alert_expected_values: - rule.id: '100302' - data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"0"},"operation_type":"MODIFIED"}' - - - description: 'Process deletion' - event_payload: '{"data":{"pid":"156102","scan_time":"2021/10/13 15:55:03"},"operation":"DELETED","type":"dbsync_processes"}' - alert_expected_values: - rule.id: '100303' - data: '{"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0","processor":"0"},"operation_type":"DELETED"}' - - - description: 'Port creation' - event_payload: '{"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c712","inode":494908,"item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0,"process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"scan_time":"2021/10/13 14:40:02","state":"listening","tx_queue":0},"operation":"INSERTED","type":"dbsync_ports"}' - alert_expected_values: - rule.id: '100311' - data: '{"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340","remote_ip":"0.0.0.0","remote_port":"0","tx_queue":"0","rx_queue":"0","inode":"494908","state":"listening","pid":"0"},"operation_type":"INSERTED"}' - - - description: 'Port modification' - event_payload: '{"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908,"local_ip":"0.0.0.0","local_port":34340,"protocol":"tcp","scan_time":"2021/10/13 14:40:30","tx_queue":1000,"state":"NULL","remote_ip":"piped|value"},"operation":"MODIFIED","type":"dbsync_ports"}' - alert_expected_values: - rule.id: '100312' - data: '{"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340","remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908","state":"NULL","pid":"0"},"operation_type":"MODIFIED"}' - - - description: 'Port deletion' - event_payload: '{"data":{"inode":494908,"local_ip":"0.0.0.0","local_port":34340,"protocol":"tcp","scan_time":"2021/10/13 14:40:43"},"operation":"DELETED","type":"dbsync_ports"}' - alert_expected_values: - rule.id: '100313' - data: '{"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340","remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908","state":"NULL","pid":"0"},"operation_type":"DELETED"}' - - - description: 'Osinfo creation' - event_payload: '{"data":{"checksum":"1634140017886803554","architecture":"x86_64","hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601","os_display_version":"test"},"operation":"INSERTED","type":"dbsync_osinfo"}' - alert_expected_values: - rule.id: '100321' - data: '{"type":"dbsync_osinfo","os":{"hostname":"UBUNTU","architecture":"x86_64","name":"Microsoft Windows 7","version":"6.1.7601","major":"6","minor":"1","build":"7601","os_release":"sp1","display_version":"test"},"operation_type":"INSERTED"}' - - - description: 'Osinfo modification' - event_payload: '{"data":{"checksum":"1634140017886803555", "os_name":"Microsoft Windows 7","os_build":"7602","scan_time":"2021/10/13 14:41:43"},"operation":"MODIFIED","type":"dbsync_osinfo"}' - alert_expected_values: - rule.id: '100322' - data: '{"type":"dbsync_osinfo","os":{"hostname":"UBUNTU","architecture":"x86_64","name":"Microsoft Windows 7","version":"6.1.7601","major":"6","minor":"1","build":"7602","os_release":"sp1","display_version":"test"},"operation_type":"MODIFIED"}' - - - description: 'Hwinfo creation' - event_payload: '{"data":{"scan_time":"2021/10/13 14:41:43","board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54},"operation":"INSERTED","type":"dbsync_hwinfo"}' - alert_expected_values: - rule.id: '100331' - data: '{"type":"dbsync_hwinfo","hardware":{"serial":"Intel Corporation","cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"2","cpu_mhz":"2904","ram_total":"4972208","ram_free":"2257872","ram_usage":"54"},"operation_type":"INSERTED"}' - - - description: 'Hwinfo modification' - event_payload: '{"data":{"scan_time":"2021/10/13 14:42:43","board_serial":"Intel Corporation","checksum":"af7b22eef8f5e06c04af4db49c9f8d1d2896391a","ram_usage":99},"operation":"MODIFIED","type":"dbsync_hwinfo"}' - alert_expected_values: - rule.id: '100332' - data: '{"type":"dbsync_hwinfo","hardware":{"serial":"Intel Corporation","cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"2","cpu_mhz":"2904.0","ram_total":"4972208","ram_free":"2257872","ram_usage":"99"},"operation_type":"MODIFIED"}' - - - description: 'Package creation' - event_payload: '{"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67568","description":"Qt 5 OpenGL module","format":"deb","groups":"libs","item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5","priority":"optional","scan_time":"2021/10/13 15:10:49","size":572,"source":"qtbase-opensource-src","vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1"},"operation":"INSERTED","type":"dbsync_packages"}' - alert_expected_values: - rule.id: '100341' - data: '{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"optional","size":"572","vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src","description":"Qt 5 OpenGL module"},"operation_type":"INSERTED"}' - - - description: 'Package modification' - event_payload: '{"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569","name":"libqt5opengl5","priority":"important","scan_time":"2021/10/13 15:11:50","version":"5.12.8+dfsg-0ubuntu1"},"operation":"MODIFIED","type":"dbsync_packages"}' - alert_expected_values: - rule.id: '100342' - data: '{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important","size":"572","vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src","description":"Qt 5 OpenGL module"},"operation_type":"MODIFIED"}' - - - description: 'Package deletion' - event_payload: '{"data":{"architecture":"amd64","name":"libqt5opengl5","scan_time":"2021/10/13 15:14:35","version":"5.12.8+dfsg-0ubuntu1"},"operation":"DELETED","type":"dbsync_packages"}' - alert_expected_values: - rule.id: '100343' - data: '{"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important","size":"572","vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src","description":"Qt 5 OpenGL module"},"operation_type":"DELETED"}' - - - description: 'Network interface creation' - event_payload: '{"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b7","item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","mac":"92:27:3b:ee:11:96","mtu":1500,"name":"dummy0","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"scan_time":"2021/10/13 18:32:06","state":"down","tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_iface"}' - alert_expected_values: - rule.id: '100351' - data: '{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down","mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"0","tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"INSERTED"}' - - - description: 'Network interface modification' - event_payload: '{"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8","name":"dummy0","type":"ethernet","rx_bytes":1000,"scan_time":"2021/10/13 18:33:06"},"operation":"MODIFIED","type":"dbsync_network_iface"}' - alert_expected_values: - rule.id: '100352' - data: '{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down","mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000","tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"MODIFIED"}' - - - description: 'Network protocol creation' - event_payload: '{"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2c4e","gateway":" ","dhcp":"enabled","iface":"dummy0","item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"INSERTED","type":"dbsync_network_protocol"}' - alert_expected_values: - rule.id: '100361' - data: '{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":" ","dhcp":"enabled"}},"operation_type":"INSERTED"}' - - - description: 'Network protocol modification' - event_payload: '{"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2c4a","gateway":"10.0.0.2","iface":"dummy0","scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"MODIFIED","type":"dbsync_network_protocol"}' - alert_expected_values: - rule.id: '100362' - data: '{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"MODIFIED"}' - - - description: 'Network protocol deletion' - event_payload: '{"data":{"iface":"dummy0","scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"DELETED","type":"dbsync_network_protocol"}' - alert_expected_values: - rule.id: '100363' - data: '{"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"DELETED"}' - - - description: 'Network interface deletion' - event_payload: '{"data":{"adapter":null,"name":"dummy0","scan_time":"2021/10/13 18:53:53","type":"ethernet"},"operation":"DELETED","type":"dbsync_network_iface"}' - alert_expected_values: - rule.id: '100353' - data: '{"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down","mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000","tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"DELETED"}' - - - description: 'Network address creation' - event_payload: '{"data":{"address":"192.168.100.12","broadcast":"192.168.100.255","checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f2873f","dhcp":"unknown","iface":"enp0s3","item_id":"7b4e5f1da50834d71d895a3065a3bb098a0b8a5c","metric":"100","netmask":"255.255.255.0","proto":0,"scan_time":"2021/10/13 16:46:37"},"operation":"INSERTED","type":"dbsync_network_address"}' - alert_expected_values: - rule.id: '100371' - data: '{"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12","netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"INSERTED"}' - - - description: 'Network address modification' - event_payload: '{"data":{"address":"192.168.100.12","checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f28aaa","iface":"enp0s3","metric":"90","proto":0,"scan_time":"2021/10/13 16:46:67"},"operation":"MODIFIED","type":"dbsync_network_address"}' - alert_expected_values: - rule.id: '100372' - data: '{"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12","netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"MODIFIED"}' - - - description: 'Network address deletion' - event_payload: '{"data":{"address":"192.168.100.12","iface":"enp0s3","proto":0,"scan_time":"2021/10/13 16:48:17"},"operation":"DELETED","type":"dbsync_network_address"}' - alert_expected_values: - rule.id: '100373' - data: '{"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12","netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"DELETED"}' - - - description: 'Hotfix creation' - event_payload: '{"data":{"checksum":"ded25e55c93121675adcb8d429dc586cbb351e3a","hotfix":"KB5005539","scan_time":"2021/10/14 02:24:18"},"operation":"INSERTED","type":"dbsync_hotfixes"}' - alert_expected_values: - rule.id: '100381' - data: '{"type":"dbsync_hotfixes","hotfix":"KB5005539","operation_type":"INSERTED"}' - - - description: 'Hotfix deletion' - event_payload: '{"data":{"hotfix":"KB5005539","scan_time":"2021/10/14 02:40:41"},"operation":"DELETED","type":"dbsync_hotfixes"}' - alert_expected_values: - rule.id: '100383' - data: '{"type":"dbsync_hotfixes","hotfix":"KB5005539","operation_type":"DELETED"}' + - + description: Process creation + event_payload: >- + {"data":{"argvs":"180","checksum":"343ed10dc637334a7400d01b8a28deb8db5cba28","cmd":"","egroup":"root", + "euser":"root","fgroup":"root","name":"sleep","nice":0,"nlwp":1,"pgrp":116167,"pid":"156102","ppid":116169, + "priority":20,"processor":3,"resident":129,"rgroup":"root","ruser":"root","scan_time":"2021/10/13 14:57:07", + "session":116167,"sgroup":"root","share":114,"size":2019,"start_time":5799612,"state":"S","stime":0, + "suser":"root","tgid":156102,"tty":0,"utime":0,"vm_size":8076},"operation":"INSERTED", + "type":"dbsync_processes"} + alert_expected_values: + rule.id: '100301' + data: >- + {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"0", + "stime":"0","args":"180","euser":"root","ruser":"root","suser":"root","egroup":"root","rgroup":"root", + "sgroup":"root","fgroup":"root","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129", + "share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0", + "processor":"3"},"operation_type":"INSERTED"} + - + description: Process modification + event_payload: >- + {"data":{"checksum":"45cb0637a5b43ed1a819ac6cb4cf4d6d4f15f871","pid":"156102","processor":0, + "scan_time":"2021/10/07 13:08:19","stime":72,"utime":54,"egroup":null,"rgroup":"NULL","fgroup":"piped|value"}, + "operation":"MODIFIED","type":"dbsync_processes"} + alert_expected_values: + rule.id: '100302' + data: >- + {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169", + "utime":"54","stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL", + "sgroup":"root","fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076", + "resident":"129","share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1", + "tgid":"156102","tty":"0","processor":"0"},"operation_type":"MODIFIED"} + - + description: Process deletion + event_payload: >- + {"data":{"pid":"156102","scan_time":"2021/10/13 15:55:03"},"operation":"DELETED","type":"dbsync_processes"} + alert_expected_values: + rule.id: '100303' + data: >- + {"type":"dbsync_processes","process":{"pid":"156102","name":"sleep","state":"S","ppid":"116169","utime":"54", + "stime":"72","args":"180","euser":"root","ruser":"root","suser":"root","rgroup":"NULL","sgroup":"root", + "fgroup":"piped|value","priority":"20","nice":"0","size":"2019","vm_size":"8076","resident":"129", + "share":"114","start_time":"5799612","pgrp":"116167","session":"116167","nlwp":"1","tgid":"156102","tty":"0", + "processor":"0"},"operation_type":"DELETED"} + - + description: Port creation + event_payload: >- + {"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c712","inode":494908, + "item_id":"e2c92964ad145a635139f6318057506e386e00a3","local_ip":"0.0.0.0","local_port":34340,"pid":0, + "process":null,"protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0, + "scan_time":"2021/10/13 14:40:02","state":"listening","tx_queue":0},"operation":"INSERTED", + "type":"dbsync_ports"} + alert_expected_values: + rule.id: '100311' + data: >- + {"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340", + "remote_ip":"0.0.0.0","remote_port":"0","tx_queue":"0","rx_queue":"0","inode":"494908","state":"listening", + "pid":"0"},"operation_type":"INSERTED"} + - + description: Port modification + event_payload: >- + {"data":{"checksum":"eff13e52290143eb5b5b9b8c191902609f37c713","inode":494908,"local_ip":"0.0.0.0", + "local_port":34340,"protocol":"tcp","scan_time":"2021/10/13 14:40:30","tx_queue":1000,"state":"NULL", + "remote_ip":"piped|value"},"operation":"MODIFIED","type":"dbsync_ports"} + alert_expected_values: + rule.id: '100312' + data: >- + {"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340", + "remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908","state":"NULL", + "pid":"0"},"operation_type":"MODIFIED"} + - + description: Port deletion + event_payload: >- + {"data":{"inode":494908,"local_ip":"0.0.0.0","local_port":34340,"protocol":"tcp", + "scan_time":"2021/10/13 14:40:43"},"operation":"DELETED","type":"dbsync_ports"} + alert_expected_values: + rule.id: '100313' + data: >- + {"type":"dbsync_ports","port":{"protocol":"tcp","local_ip":"0.0.0.0","local_port":"34340", + "remote_ip":"piped|value","remote_port":"0","tx_queue":"1000","rx_queue":"0","inode":"494908", + "state":"NULL","pid":"0"},"operation_type":"DELETED"} + - + description: Osinfo creation + event_payload: >- + {"data":{"checksum":"1634140017886803554","architecture":"x86_64","hostname":"UBUNTU","os_build":"7601", + "os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601", + "os_display_version":"test"},"operation":"INSERTED","type":"dbsync_osinfo"} + alert_expected_values: + rule.id: '100321' + data: >- + {"type":"dbsync_osinfo","os":{"hostname":"UBUNTU","architecture":"x86_64","name":"Microsoft Windows 7", + "version":"6.1.7601","major":"6","minor":"1","build":"7601","os_release":"sp1","display_version":"test"}, + "operation_type":"INSERTED"} + - + description: Osinfo modification + event_payload: >- + {"data":{"checksum":"1634140017886803555", "os_name":"Microsoft Windows 7","os_build":"7602", + "scan_time":"2021/10/13 14:41:43"},"operation":"MODIFIED","type":"dbsync_osinfo"} + alert_expected_values: + rule.id: '100322' + data: >- + {"type":"dbsync_osinfo","os":{"hostname":"UBUNTU","architecture":"x86_64","name":"Microsoft Windows 7", + "version":"6.1.7601","major":"6","minor":"1","build":"7602","os_release":"sp1","display_version":"test"}, + "operation_type":"MODIFIED"} + - + description: Hwinfo creation + event_payload: >- + {"data":{"scan_time":"2021/10/13 14:41:43","board_serial":"Intel Corporation", + "checksum":"af7b22eef8f5e06c04af4db49c9f8d1d28963918","cpu_MHz":2904,"cpu_cores":2, + "cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","ram_free":2257872,"ram_total":4972208,"ram_usage":54}, + "operation":"INSERTED","type":"dbsync_hwinfo"} + alert_expected_values: + rule.id: '100331' + data: >- + {"type":"dbsync_hwinfo","hardware":{"serial":"Intel Corporation", + "cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"2","cpu_mhz":"2904","ram_total":"4972208", + "ram_free":"2257872","ram_usage":"54"},"operation_type":"INSERTED"} + - + description: Hwinfo modification + event_payload: >- + {"data":{"scan_time":"2021/10/13 14:42:43","board_serial":"Intel Corporation", + "checksum":"af7b22eef8f5e06c04af4db49c9f8d1d2896391a","ram_usage":99},"operation":"MODIFIED", + "type":"dbsync_hwinfo"} + alert_expected_values: + rule.id: '100332' + data: >- + {"type":"dbsync_hwinfo","hardware":{"serial":"Intel Corporation", + "cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz","cpu_cores":"2","cpu_mhz":"2904.0","ram_total":"4972208", + "ram_free":"2257872","ram_usage":"99"},"operation_type":"MODIFIED"} + - + description: Package creation + event_payload: >- + {"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67568", + "description":"Qt 5 OpenGL module","format":"deb","groups":"libs", + "item_id":"caa4868d177fbebc5b145a2a92497ebcf566838a","multiarch":"same","name":"libqt5opengl5", + "priority":"optional","scan_time":"2021/10/13 15:10:49","size":572,"source":"qtbase-opensource-src", + "vendor":"Ubuntu Developers ","version":"5.12.8+dfsg-0ubuntu1"}, + "operation":"INSERTED","type":"dbsync_packages"} + alert_expected_values: + rule.id: '100341' + data: >- + {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"optional", + "size":"572","vendor":"Ubuntu Developers ", + "version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src", + "description":"Qt 5 OpenGL module"},"operation_type":"INSERTED"} + - + description: Package modification + event_payload: >- + {"data":{"architecture":"amd64","checksum":"1c1bf8bbc20caef77010f960461cc20fb9c67569","name":"libqt5opengl5", + "priority":"important","scan_time":"2021/10/13 15:11:50","version":"5.12.8+dfsg-0ubuntu1"}, + "operation":"MODIFIED","type":"dbsync_packages"} + alert_expected_values: + rule.id: '100342' + data: >- + {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important", + "size":"572","vendor":"Ubuntu Developers ", + "version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src", + "description":"Qt 5 OpenGL module"},"operation_type":"MODIFIED"} + - + description: Package deletion + event_payload: >- + {"data":{"architecture":"amd64","name":"libqt5opengl5","scan_time":"2021/10/13 15:14:35", + "version":"5.12.8+dfsg-0ubuntu1"},"operation":"DELETED","type":"dbsync_packages"} + alert_expected_values: + rule.id: '100343' + data: >- + {"type":"dbsync_packages","program":{"format":"deb","name":"libqt5opengl5","priority":"important", + "size":"572","vendor":"Ubuntu Developers ", + "version":"5.12.8+dfsg-0ubuntu1","architecture":"amd64","multiarch":"same","source":"qtbase-opensource-src", + "description":"Qt 5 OpenGL module"},"operation_type":"DELETED"} + - + description: Network interface creation + event_payload: >- + {"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b7", + "item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","mac":"92:27:3b:ee:11:96","mtu":1500,"name":"dummy0", + "rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"scan_time":"2021/10/13 18:32:06","state":"down", + "tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0,"type":"ethernet"},"operation":"INSERTED", + "type":"dbsync_network_iface"} + alert_expected_values: + rule.id: '100351' + data: >- + {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down", + "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"0", + "tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"INSERTED"} + - + description: Network interface modification + event_payload: >- + {"data":{"adapter":null,"checksum":"ce57e9ae697de4e427b67fea0d28c25e130249b8","name":"dummy0", + "type":"ethernet","rx_bytes":1000,"scan_time":"2021/10/13 18:33:06"},"operation":"MODIFIED", + "type":"dbsync_network_iface"} + alert_expected_values: + rule.id: '100352' + data: >- + {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down", + "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000", + "tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"MODIFIED"} + - + description: Network protocol creation + event_payload: >- + {"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2c4e","gateway":" ","dhcp":"enabled","iface":"dummy0", + "item_id":"7ca46dd4c59f73c36a44ee5ebb0d0a37db4187a9","scan_time":"2021/10/13 18:32:06","type":"ethernet"}, + "operation":"INSERTED","type":"dbsync_network_protocol"} + alert_expected_values: + rule.id: '100361' + data: >- + {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet","gateway":" ", + "dhcp":"enabled"}},"operation_type":"INSERTED"} + - + description: Network protocol modification + event_payload: >- + {"data":{"checksum":"3d8855caa85501d22b40fa6616c0670f206b2c4a","gateway":"10.0.0.2","iface":"dummy0", + "scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"MODIFIED","type":"dbsync_network_protocol"} + alert_expected_values: + rule.id: '100362' + data: >- + {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet", + "gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"MODIFIED"} + - + description: Network protocol deletion + event_payload: >- + {"data":{"iface":"dummy0","scan_time":"2021/10/13 18:32:06","type":"ethernet"},"operation":"DELETED", + "type":"dbsync_network_protocol"} + alert_expected_values: + rule.id: '100363' + data: >- + {"type":"dbsync_network_protocol","netinfo":{"proto":{"iface":"dummy0","type":"ethernet", + "gateway":"10.0.0.2","dhcp":"enabled"}},"operation_type":"DELETED"} + - + description: Network interface deletion + event_payload: >- + {"data":{"adapter":null,"name":"dummy0","scan_time":"2021/10/13 18:53:53","type":"ethernet"}, + "operation":"DELETED","type":"dbsync_network_iface"} + alert_expected_values: + rule.id: '100353' + data: >- + {"type":"dbsync_network_iface","netinfo":{"iface":{"name":"dummy0","type":"ethernet","state":"down", + "mtu":"1500","mac":"92:27:3b:ee:11:96","tx_packets":"0","rx_packets":"0","tx_bytes":"0","rx_bytes":"1000", + "tx_errors":"0","rx_errors":"0","tx_dropped":"0","rx_dropped":"0"}},"operation_type":"DELETED"} + - + description: Network address creation + event_payload: >- + {"data":{"address":"192.168.100.12","broadcast":"192.168.100.255", + "checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f2873f","dhcp":"unknown","iface":"enp0s3", + "item_id":"7b4e5f1da50834d71d895a3065a3bb098a0b8a5c","metric":"100","netmask":"255.255.255.0","proto":0, + "scan_time":"2021/10/13 16:46:37"},"operation":"INSERTED","type":"dbsync_network_address"} + alert_expected_values: + rule.id: '100371' + data: >- + {"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12", + "netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"INSERTED"} + - + description: Network address modification + event_payload: >- + {"data":{"address":"192.168.100.12","checksum":"ec5e14340b8ced5b39cbcfa9abecbfdbd1f28aaa","iface":"enp0s3", + "metric":"90","proto":0,"scan_time":"2021/10/13 16:46:67"},"operation":"MODIFIED", + "type":"dbsync_network_address"} + alert_expected_values: + rule.id: '100372' + data: >- + {"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12", + "netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"MODIFIED"} + - + description: Network address deletion + event_payload: >- + {"data":{"address":"192.168.100.12","iface":"enp0s3","proto":0,"scan_time":"2021/10/13 16:48:17"}, + "operation":"DELETED","type":"dbsync_network_address"} + alert_expected_values: + rule.id: '100373' + data: >- + {"type":"dbsync_network_address","netinfo":{"addr":{"iface":"enp0s3","proto":"0","address":"192.168.100.12", + "netmask":"255.255.255.0","broadcast":"192.168.100.255"}},"operation_type":"DELETED"} + - + description: Hotfix creation + event_payload: >- + {"data":{"checksum":"ded25e55c93121675adcb8d429dc586cbb351e3a","hotfix":"KB5005539", + "scan_time":"2021/10/14 02:24:18"},"operation":"INSERTED","type":"dbsync_hotfixes"} + alert_expected_values: + rule.id: '100381' + data: >- + {"type":"dbsync_hotfixes","hotfix":"KB5005539","operation_type":"INSERTED"} + - + description: Hotfix deletion + event_payload: >- + {"data":{"hotfix":"KB5005539","scan_time":"2021/10/14 02:40:41"},"operation":"DELETED", + "type":"dbsync_hotfixes"} + alert_expected_values: + rule.id: '100383' + data: '{"type":"dbsync_hotfixes","hotfix":"KB5005539","operation_type":"DELETED"}' diff --git a/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py b/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py index 43db11318d..172a9b5b1f 100644 --- a/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py +++ b/tests/integration/test_analysisd/test_syscollector/test_syscollector_events.py @@ -38,7 +38,8 @@ - Ubuntu Bionic references: - - https://documentation.wazuh.com/current/user-manual/capabilities/syscollector.html#using-syscollector-information-to-trigger-alerts + - https://documentation.wazuh.com/current/user-manual/capabilities/syscollector.html\ + #using-syscollector-information-to-trigger-alerts ''' import os import yaml diff --git a/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml b/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml index a494fc6138..d6faf31dae 100644 --- a/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml +++ b/tests/integration/test_wazuh_db/data/agent/syscollector_deltas_messages.yaml @@ -1,297 +1,365 @@ ---- - - name: 'miscellaneous' - description: 'Test successfull and err while dealing with deltas' + name: miscellaneous + description: Test successfull and err while dealing with deltas test_case: - - - input: 'agent 001 dbsync this_table_doesnot_exist test NULL' - output: 'err' - stage: 'invalid table.' - - - input: 'agent 001 dbsync' - output: "err Invalid DB query syntax, near 'dbsync'" - stage: 'missing table.' - - - input: 'agent 001 dbsync ports' - output: "err Invalid dbsync query syntax, near 'ports'" - stage: 'missing operation.' - - - input: 'agent 001 dbsync ports CUSTOMOPERATION' - output: "err Invalid dbsync query syntax, near 'ports'" - stage: 'invalid operation.' + - + input: agent 001 dbsync this_table_doesnot_exist test NULL + output: err + stage: invalid table. + - + input: agent 001 dbsync + output: err Invalid DB query syntax, near 'dbsync' + stage: missing table. + - + input: agent 001 dbsync ports + output: err Invalid dbsync query syntax, near 'ports' + stage: missing operation. + - + input: agent 001 dbsync ports CUSTOMOPERATION + output: err Invalid dbsync query syntax, near 'ports' + stage: invalid operation. - - name: 'ports' - description: 'Test successfull and err while dealing with ports deltas' + name: ports + description: Test successfull and err while dealing with ports deltas test_case: - - - input: 'agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|2323|0.0.0.0|0|0|0|9915982|NULL|0|NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|65daafcf10313a3804ad1caf7f36fdc2a0bf600c|' - output: 'ok ' - stage: 'insert port.' - - - input: 'agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|2323|0.0.0.0|0|0|0|9915982|NULL|0|NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|65daafcf10313a3804ad1caf7f36fdc2a0bf600c|' - output: 'err' - stage: 'insert duplicated port.' - - - input: 'agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|2323|0.0.0.0|0|0|0|9915982|NULL|0|NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|' - output: 'err' - stage: 'insert port without enough fields.' - - - input: 'agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|-1|0.0.0.0|0|0|0|9915982|NULL|0|NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|65daafcf10313a3804ad1caf7f36fdc2a0bf600c|' - output: 'err' - stage: 'insert port with invalid field type.' - - - input: 'agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|NULL|NULL|NULL|aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|' - output: 'ok 2021/10/01 00:00:20|udp|172.28.128.3|2323|0.0.0.0|0|0|5001|9915982||0||aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|' - stage: 'modify port.' - - - input: 'agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|udp|172.28.128.3|2323|_NULL_|NULL|NULL|5001|9915982|NULL|NULL|NULL|aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|' - output: 'ok 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|0|0|5001|9915982||0||aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|' - stage: 'modify port from value to NULL string.' - - - input: 'agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|NULL|' - output: 'err' - stage: 'modify port without enough fields.' - - - input: 'agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|tcp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|NULL|NULL|NULL|aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|' - output: 'err' - stage: 'modify nonexistent port.' - - - input: 'agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|tcp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|NULL|pid|NULL|NULL|NULL|' - output: 'err' - stage: 'modify port with invalid field type.' - - - input: 'agent 001 dbsync ports DELETED NULL|udp|172.28.128.3|2323|NULL|NULL|NULL|NULL|9915982|' - output: 'err' - stage: 'delete port without enough fields.' - - - input: 'agent 001 dbsync ports DELETED NULL|udp|172.28.128.3|2323|NULL|NULL|NULL|NULL|9915982|NULL|NULL|NULL|NULL|NULL|' - output: 'ok 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|0|0|5001|9915982||0||aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|' - stage: 'delete port.' - - - input: 'agent 001 dbsync ports DELETED NULL|udp|172.28.128.3|2323|NULL|NULL|NULL|NULL|9915982|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'delete already deleted port.' + - + input: "agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|2323|0.0.0.0|0|0|0|9915982|NULL|0|\ + NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|65daafcf10313a3804ad1caf7f36fdc2a0bf600c|" + output: 'ok ' + stage: insert port. + - + input: "agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|2323|0.0.0.0|0|0|0|9915982|NULL|0|\ + NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|65daafcf10313a3804ad1caf7f36fdc2a0bf600c|" + output: err + stage: insert duplicated port. + - + input: "agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|2323|0.0.0.0|0|0|0|9915982|NULL|\ + 0|NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|" + output: err + stage: insert port without enough fields. + - + input: "agent 001 dbsync ports INSERTED 2021/10/01 00:00:00|udp|172.28.128.3|-1|0.0.0.0|0|0|0|9915982|NULL|0|\ + NULL|260dd8c746ffab4eff64c34591f241736bfb0fa0|65daafcf10313a3804ad1caf7f36fdc2a0bf600c|" + output: err + stage: insert port with invalid field type. + - + input: "agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|\ + NULL|NULL|NULL|aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|" + output: "ok 2021/10/01 00:00:20|udp|172.28.128.3|2323|0.0.0.0|0|0|5001|9915982||0||\ + aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|" + stage: modify port. + - + input: "agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|udp|172.28.128.3|2323|_NULL_|NULL|NULL|5001|9915982|\ + NULL|NULL|NULL|aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|" + output: "ok 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|0|0|5001|9915982||0||\ + aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|" + stage: modify port from value to NULL string. + - + input: agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|NULL| + output: err + stage: modify port without enough fields. + - + input: "agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|tcp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|\ + NULL|NULL|NULL|aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|" + output: err + stage: modify nonexistent port. + - + input: "agent 001 dbsync ports MODIFIED 2021/10/01 00:00:20|tcp|172.28.128.3|2323|NULL|NULL|NULL|5001|9915982|\ + NULL|pid|NULL|NULL|NULL|" + output: err + stage: modify port with invalid field type. + - + input: agent 001 dbsync ports DELETED NULL|udp|172.28.128.3|2323|NULL|NULL|NULL|NULL|9915982| + output: err + stage: delete port without enough fields. + - + input: "agent 001 dbsync ports DELETED NULL|udp|172.28.128.3|2323|NULL|NULL|NULL|NULL|9915982|NULL|NULL|NULL|\ + NULL|NULL|" + output: "ok 2021/10/01 00:00:20|udp|172.28.128.3|2323|NULL|0|0|5001|9915982||0||\ + aaaaa8c746ffab4eff64c34591f241736bfb0fa0|aaaaacf10313a3804ad1caf7f36fdc2a0bf600c|" + stage: delete port. + - + input: "agent 001 dbsync ports DELETED NULL|udp|172.28.128.3|2323|NULL|NULL|NULL|NULL|9915982|NULL|NULL|NULL|\ + NULL|NULL|" + output: err + stage: delete already deleted port. - - name: 'processes' - description: 'Test successfull and err while dealing with processes deltas' + name: processes + description: Test successfull and err while dealing with processes deltas test_case: - - - input: 'agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|89688b8b6aab34a626629d1de406699c60e06be3|' - output: 'ok ' - stage: 'insert process.' - - - input: 'agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|' - output: 'err' - stage: 'insert process without enough fields.' - - - input: 'agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|89688b8b6aab34a626629d1de406699c60e06be3|' - output: 'err' - stage: 'insert duplicated process.' - - - input: 'agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|8076|129|114|2828728|pgrp|session|nlwp|tgid|tty|processor|NULL|' - output: 'err' - stage: 'insert process with invalid field type.' - - - input: 'agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999999|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa8b8b6aab34a626629d1de406699c60e06be3|' - output: 'ok 2021/10/01 00:00:20|999999|sleep|R|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|aaaa8b8b6aab34a626629d1de406699c60e06be3|' - stage: 'modify process.' - - - input: 'agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999999|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|processor|aaaa8b8b6aab34a626629d1de406699c60e06be3|' - output: 'err' - stage: 'modify process with invalid field type.' - - - input: 'agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999999|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'modify process without enough fields.' - - - input: 'agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999998|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa8b8b6aab34a626629d1de406699c60e06be3|' - output: 'err' - stage: 'modify nonexistent process.' - - - input: 'agent 001 dbsync processes DELETED NULL|999999|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'delete process without enough fields.' - - - input: 'agent 001 dbsync processes DELETED NULL|999999|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'ok 2021/10/01 00:00:20|999999|sleep|R|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|aaaa8b8b6aab34a626629d1de406699c60e06be3|' - stage: 'delete process.' - - - input: 'agent 001 dbsync processes DELETED NULL|999999|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'delete already deleted process.' + - + input: "agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|\ + root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|\ + 89688b8b6aab34a626629d1de406699c60e06be3|" + output: 'ok ' + stage: insert process. + - + input: "agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|\ + root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|" + output: err + stage: insert process without enough fields. + - + input: "agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|\ + root|root|root|root|20|0|2019|8076|129|114|2828728|2774|2774|1|139540|0|3|\ + 89688b8b6aab34a626629d1de406699c60e06be3|" + output: err + stage: insert duplicated process. + - + input: "agent 001 dbsync processes INSERTED 2021/10/01 00:00:00|999999|sleep|S|2776|0|0|sleep|180|root|root|root|\ + root|root|root|root|20|0|2019|8076|129|114|2828728|pgrp|session|nlwp|tgid|tty|processor|NULL|" + output: err + stage: insert process with invalid field type. + - + input: "agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999999|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + aaaa8b8b6aab34a626629d1de406699c60e06be3|" + output: "ok 2021/10/01 00:00:20|999999|sleep|R|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|\ + 8076|129|114|2828728|2774|2774|1|139540|0|3|aaaa8b8b6aab34a626629d1de406699c60e06be3|" + stage: modify process. + - + input: "agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999999|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|processor|\ + aaaa8b8b6aab34a626629d1de406699c60e06be3|" + output: err + stage: modify process with invalid field type. + - + input: "agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999999|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: err + stage: modify process without enough fields. + - + input: "agent 001 dbsync processes MODIFIED 2021/10/01 00:00:20|999998|NULL|R|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + aaaa8b8b6aab34a626629d1de406699c60e06be3|" + output: err + stage: modify nonexistent process. + - + input: "agent 001 dbsync processes DELETED NULL|999999|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: err + stage: delete process without enough fields. + - + input: "agent 001 dbsync processes DELETED NULL|999999|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: "ok 2021/10/01 00:00:20|999999|sleep|R|2776|0|0|sleep|180|root|root|root|root|root|root|root|20|0|2019|\ + 8076|129|114|2828728|2774|2774|1|139540|0|3|aaaa8b8b6aab34a626629d1de406699c60e06be3|" + stage: delete process. + - + input: "agent 001 dbsync processes DELETED NULL|999999|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: err + stage: delete already deleted process. - - name: 'packages' - description: 'Test successfull and err while dealing with packages deltas' + name: packages + description: Test successfull and err while dealing with packages deltas test_case: - - - input: 'agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|deb|test-wazuh-1|optional|x11|223|Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|' - output: 'ok ' - stage: 'insert package.' - - - input: 'agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|deb|test-wazuh-1|optional|x11|223|Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|' - output: 'err' - stage: 'insert package without enough fields.' - - - input: 'agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|deb|test-wazuh-1|optional|x11|223|Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|' - output: 'err' - stage: 'insert duplicated package.' - - - input: 'agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|nonexistentpkg|test-wazuh-1|optional|x11|size|Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|' - output: 'err' - stage: 'insert package with invalid field type.' - - - input: 'agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' - output: 'ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps|||||AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' - stage: 'modify package.' - - - input: 'agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-1|NULL|NULL|1001|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa61b68678180d2debd374df900daa6fe35d73|' - output: 'err' - stage: 'modify package without enough fields.' - - - input: 'agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-2|NULL|NULL|1001|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|' - output: 'err' - stage: 'modify nonexistent packages.' - - - input: 'agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-1|NULL|NULL|size|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'modify package with invalid field type.' - - - input: 'agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|' - output: 'err' - stage: 'delete package without enough fields.' - - - input: 'agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps|||||AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|' - stage: 'delete package.' - - - input: 'agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'delete already deleted package.' + - + input: "agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|deb|test-wazuh-1|optional|x11|223|\ + Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|\ + NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|" + output: 'ok ' + stage: insert package. + - + input: "agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|deb|test-wazuh-1|optional|x11|223|\ + Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|\ + NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|" + output: err + stage: insert package without enough fields. + - + input: "agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|deb|test-wazuh-1|optional|x11|223|\ + Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|\ + NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|" + output: err + stage: insert duplicated package. + - + input: "agent 001 dbsync packages INSERTED 2021/10/01 00:00:00|nonexistentpkg|test-wazuh-1|optional|x11|size|\ + Ubuntu Developers |NULL|1.1.1-2|all|foreign|NULL|Base X bitmaps|\ + NULL|NULL|NULL|NULL|024a61b68678180d2debd374df900daa6fe35d73|759e5ea454e47141b5c6a8afefd6bd08e87057f9|" + output: err + stage: insert package with invalid field type. + - + input: "agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|NULL|NULL|NULL|NULL|\ + 1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|AAAa61b68678180d2debd374df900daa6fe35d73|\ + AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|" + output: "ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|\ + Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps|||||\ + AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|" + stage: modify package. + - + input: "agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-1|NULL|NULL|1001|NULL|NULL|\ + 1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa61b68678180d2debd374df900daa6fe35d73|" + output: err + stage: modify package without enough fields. + - + input: "agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-2|NULL|NULL|1001|NULL|NULL|\ + 1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|aaaa61b68678180d2debd374df900daa6fe35d73|\ + 759e5ea454e47141b5c6a8afefd6bd08e87057f9|" + output: err + stage: modify nonexistent packages. + - + input: "agent 001 dbsync packages MODIFIED 2021/10/01 00:00:20|NULL|test-wazuh-1|NULL|NULL|size|NULL|NULL|\ + 1.1.1-2|all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: err + stage: modify package with invalid field type. + - + input: "agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|\ + all|NULL|NULL|" + output: err + stage: delete package without enough fields. + - + input: "agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|\ + all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: "ok 2021/10/01 00:00:20|deb|test-wazuh-1|mandatory|x11|223|\ + Ubuntu Developers ||1.1.1-2|all|foreign||Base X bitmaps|||||\ + AAAa61b68678180d2debd374df900daa6fe35d73|AAAe5ea454e47141b5c6a8afefd6bd08e87057f9|" + stage: delete package. + - + input: "agent 001 dbsync packages DELETED 2021/10/01 00:00:30|NULL|test-wazuh-1|NULL|NULL|NULL|NULL|NULL|1.1.1-2|\ + all|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|" + output: err + stage: delete already deleted package. - - name: 'osinfo' - description: 'Test successfull and err while dealing with osinfo deltas' + name: osinfo + description: Test successfull and err while dealing with osinfo deltas test_case: - - - input: 'agent 001 dbsync osinfo INSERTED 2021/10/01 00:00:00|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||1637071785021722196||||' - output: 'ok ' - stage: 'insert osinfo.' - - - input: 'agent 001 dbsync osinfo INSERTED 2021/10/01 00:00:00|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||' - output: 'err' - stage: 'insert osinfo without enough fields.' - - - input: 'agent 001 dbsync osinfo INSERTED 2021/10/01 00:00:00|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||||||' - output: 'err' - stage: 'insert osinfo with invalid field type.' - - - input: 'agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|1637071785021722800|mydisplayname|NULL|NULL|' - output: 'ok 2021/10/01 00:00:20|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||1637071785021722800|mydisplayname||' - stage: 'modify osinfo.' - - - input: 'agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - stage: 'modify osinfo without enough fields.' - - - input: 'agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu-nonexistent|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|1637071785021722800|mydisplayname|NULL|NULL|' - output: 'err' - stage: 'modify nonexistent osinfo.' - - - input: 'agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL||mydisplayname|NULL|NULL|' - output: 'err' - stage: 'modify osinfo with invalid field type.' - - - input: 'agent 001 dbsync osinfo DELETED NULL|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|' - output: 'err' - ignore: 'yes' - stage: 'delete osinfo without enough fields.' - - - input: 'agent 001 dbsync osinfo DELETED NULL|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - ignore: 'yes' - stage: 'delete osinfo.' + - + input: "agent 001 dbsync osinfo INSERTED 2021/10/01 00:00:00|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|\ + focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||\ + 1637071785021722196||||" + output: 'ok ' + stage: insert osinfo. + - + input: "agent 001 dbsync osinfo INSERTED 2021/10/01 00:00:00|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)\ + |focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||" + output: err + stage: insert osinfo without enough fields. + - + input: "agent 001 dbsync osinfo INSERTED 2021/10/01 00:00:00|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|\ + focal|20|04|1||ubuntu|Linux|5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||||||" + output: err + stage: insert osinfo with invalid field type. + - + input: "agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|1637071785021722800|mydisplayname|NULL|NULL|" + output: "ok 2021/10/01 00:00:20|wazuh-dev|x86_64|Ubuntu|20.04.1 LTS (Focal Fossa)|focal|20|04|1||ubuntu|Linux|\ + 5.4.0-42-generic|#46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020||1637071785021722800|mydisplayname||" + stage: modify osinfo. + - + input: "agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|" + output: err + stage: modify osinfo without enough fields. + - + input: "agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu-nonexistent|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|NULL|NULL|1637071785021722800|mydisplayname|NULL|NULL|" + output: err + stage: modify nonexistent osinfo. + - + input: "agent 001 dbsync osinfo MODIFIED 2021/10/01 00:00:20|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL||mydisplayname|NULL|NULL|" + output: err + stage: modify osinfo with invalid field type. + - + input: agent 001 dbsync osinfo DELETED NULL|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL| + output: err + ignore: 'yes' + stage: delete osinfo without enough fields. + - + input: "agent 001 dbsync osinfo DELETED NULL|NULL|NULL|Ubuntu|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|NULL|\ + NULL|NULL|NULL|NULL|NULL|" + output: err + ignore: 'yes' + stage: delete osinfo. - - name: 'hwinfo' - description: 'Test successfull and err while dealing with hwinfo deltas' + name: hwinfo + description: Test successfull and err while dealing with hwinfo deltas test_case: - - - input: 'agent 001 dbsync hwinfo INSERTED 2021/10/01 00:00:00|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|8|1697.0|7957428|138384|99|78793071d887ba34f60a67da99c4068a93a92f30|' - output: 'ok ' - stage: 'insert hwinfo.' - - - input: 'agent 001 dbsync hwinfo INSERTED 2021/10/01 00:00:00|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|8|1697.0|7957428|138384|99|' - output: 'err' - stage: 'insert hwinfo without enough fields.' - - - input: 'agent 001 dbsync hwinfo INSERTED 2021/10/01 00:00:00|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|-8|1697.0|ram_total|138384|99|78793071d887ba34f60a67da99c4068a93a92f30|' - output: 'err' - stage: 'insert hwinfo with invalid field type.' - - - input: 'agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|0|NULL|NULL|NULL|NULL|NULL|50|78793071d887ba34f60a67da99c4068a93aaaaaa|' - output: 'ok 2021/10/01 00:00:20|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|8|1697.0|7957428|138384|50|78793071d887ba34f60a67da99c4068a93aaaaaa|' - stage: 'modify hwinfo.' - - - input: 'agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|0|NULL|NULL|NULL|NULL|NULL|50|' - output: 'err' - stage: 'modify hwinfo without enough fields.' - - - input: 'agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|0|NULL|NULL|NULL|NULL|ram_usage|110|78793071d887ba34f60a67da99c4068a93aaaaaa|' - output: 'err' - stage: 'modify hwinfo with invalid field type.' - - - input: 'agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|1|NULL|NULL|NULL|NULL|NULL|50|78793071d887ba34f60a67da99c4068a93aaaaaa|' - output: 'err' - stage: 'modify nonexistent hwinfo.' - - - input: 'agent 001 dbsync hwinfo DELETED 2021/10/01 NULL|0|NULL|NULL|NULL|' - output: 'err' - ignore: 'yes' - stage: 'delete hwinfo without enough fields.' - - - input: 'agent 001 dbsync hwinfo DELETED 2021/10/01 NULL|0|NULL|NULL|NULL|NULL|NULL|NULL|NULL|' - output: 'err' - ignore: 'yes' - stage: 'delete hwinfo.' + - + input: "agent 001 dbsync hwinfo INSERTED 2021/10/01 00:00:00|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|8|\ + 1697.0|7957428|138384|99|78793071d887ba34f60a67da99c4068a93a92f30|" + output: 'ok ' + stage: insert hwinfo. + - + input: "agent 001 dbsync hwinfo INSERTED 2021/10/01 00:00:00|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|8|\ + 1697.0|7957428|138384|99|" + output: err + stage: insert hwinfo without enough fields. + - + input: "agent 001 dbsync hwinfo INSERTED 2021/10/01 00:00:00|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|-8|\ + 1697.0|ram_total|138384|99|78793071d887ba34f60a67da99c4068a93a92f30|" + output: err + stage: insert hwinfo with invalid field type. + - + input: "agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|0|NULL|NULL|NULL|NULL|NULL|50|\ + 78793071d887ba34f60a67da99c4068a93aaaaaa|" + output: "ok 2021/10/01 00:00:20|0|AMD Ryzen 7 PRO 4750U with Radeon Graphics|8|1697.0|7957428|138384|50|\ + 78793071d887ba34f60a67da99c4068a93aaaaaa|" + stage: modify hwinfo. + - + input: agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|0|NULL|NULL|NULL|NULL|NULL|50| + output: err + stage: modify hwinfo without enough fields. + - + input: "agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|0|NULL|NULL|NULL|NULL|ram_usage|110|\ + 78793071d887ba34f60a67da99c4068a93aaaaaa|" + output: err + stage: modify hwinfo with invalid field type. + - + input: "agent 001 dbsync hwinfo MODIFIED 2021/10/01 00:00:20|1|NULL|NULL|NULL|NULL|NULL|50|\ + 78793071d887ba34f60a67da99c4068a93aaaaaa|" + output: err + stage: modify nonexistent hwinfo. + - + input: agent 001 dbsync hwinfo DELETED 2021/10/01 NULL|0|NULL|NULL|NULL| + output: err + ignore: 'yes' + stage: delete hwinfo without enough fields. + - + input: agent 001 dbsync hwinfo DELETED 2021/10/01 NULL|0|NULL|NULL|NULL|NULL|NULL|NULL|NULL| + output: err + ignore: 'yes' + stage: delete hwinfo. - - name: 'hotfixes' - description: 'Test successfull and err while dealing with hotfixes deltas' + name: hotfixes + description: Test successfull and err while dealing with hotfixes deltas test_case: - - - input: 'agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|test-checksum|' - output: 'ok ' - stage: 'insert hotfix.' - - - input: 'agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|' - output: 'err' - stage: 'insert hotfix without enough fields.' - - - input: 'agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|test-checksum|' - output: 'err' - stage: 'insert duplicated hotfix.' - - - input: 'agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|NULL|' - output: 'err' - stage: 'insert hotfix with invalid field type.' - - - input: 'agent 001 dbsync hotfixes MODIFIED 2021/10/01 00:00:20|KBTEST|test-checksum|' - output: 'ok 2021/10/01 00:00:20|KBTEST|test-checksum|' - stage: 'modify hotfix.' - - - input: 'agent 001 dbsync hotfixes MODIFIED 2021/10/01 00:00:20|KBTEST|' - output: 'err' - stage: 'modify hotfix without enough fields.' - - - input: 'agent 001 dbsync hotfixes MODIFIED 2021/10/01 00:00:35|KBTEST-NONEXISTENT|test-checksum|' - output: 'err' - stage: 'modify nonexistent hotfix.' - - - input: 'agent 001 dbsync hotfixes DELETED NULL|KBTEST|' - output: 'err' - stage: 'delete hotfix without enough fields.' - - - input: 'agent 001 dbsync hotfixes DELETED NULL|KBTEST|NULL|' - output: 'ok 2021/10/01 00:00:20|KBTEST|test-checksum|' - stage: 'delete hotfix.' - - - input: 'agent 001 dbsync hotfixes DELETED NULL|KBTEST|NULL|' - output: 'err' - stage: 'delete already deleted hotfix.' + - + input: agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|test-checksum| + output: 'ok ' + stage: insert hotfix. + - + input: agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST| + output: err + stage: insert hotfix without enough fields. + - + input: agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|test-checksum| + output: err + stage: insert duplicated hotfix. + - + input: agent 001 dbsync hotfixes INSERTED 2021/10/01 00:00:00|KBTEST|NULL| + output: err + stage: insert hotfix with invalid field type. + - + input: agent 001 dbsync hotfixes MODIFIED 2021/10/01 00:00:20|KBTEST|test-checksum| + output: ok 2021/10/01 00:00:20|KBTEST|test-checksum| + stage: modify hotfix. + - + input: agent 001 dbsync hotfixes MODIFIED 2021/10/01 00:00:20|KBTEST| + output: err + stage: modify hotfix without enough fields. + - + input: agent 001 dbsync hotfixes MODIFIED 2021/10/01 00:00:35|KBTEST-NONEXISTENT|test-checksum| + output: err + stage: modify nonexistent hotfix. + - + input: agent 001 dbsync hotfixes DELETED NULL|KBTEST| + output: err + stage: delete hotfix without enough fields. + - + input: agent 001 dbsync hotfixes DELETED NULL|KBTEST|NULL| + output: ok 2021/10/01 00:00:20|KBTEST|test-checksum| + stage: delete hotfix. + - + input: agent 001 dbsync hotfixes DELETED NULL|KBTEST|NULL| + output: err + stage: delete already deleted hotfix.