Test Report

Result	Test	Duration
Failed	tests/end_to_end/test_basic_cases/test_brute_force/test_brute_force_rdp/test_brute_force_rdp.py::test_brute_force_rdp[rdp_brute_force]	34.91
configure_environment = None metadata = {'description': 'Check if the alert is generated when executing a brute force attack via RDP.', 'extra': {'mitre_technique': 'Brute Force'}, 'name': 'rdp_brute_force', 'rule.description': 'Multiple Windows logon failures.', ...} get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning') @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids) def test_brute_force_rdp(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events, clean_alerts_index): ''' description: Check that an alert is generated and indexed when a brute force attack is perfomed. test_phases: - Set a custom Wazuh configuration. - Run hydra command to attempt an invalid RDP connection and generate event. - Check in the alerts.json log that the expected alert has been triggered and get its timestamp. - Check that the obtained alert from alerts.json has been indexed. wazuh_min_version: 4.4.0 tier: 0 parameters: - configurate_environment: type: fixture brief: Set the wazuh configuration according to the configuration playbook. - metadata: type: dict brief: Wazuh configuration metadata. - get_dashboard_credentials: type: fixture brief: Get the wazuh dashboard credentials. - generate_events: type: fixture brief: Generate events that will trigger the alert according to the generate_events playbook. - clean_alerts_index: type: fixture brief: Delete obtained alerts.json and alerts index. assertions: - Verify that the alert has been triggered. - Verify that the same alert has been indexed. input_description: - The `configuration.yaml` file provides the module configuration for this test. - The `generate_events.yaml`file provides the function configuration for this test. ''' rule_id = metadata['rule.id'] rule_level = metadata['rule.level'] rule_description = metadata['rule.description'] rule_mitre_technique = metadata['extra']['mitre_technique'] timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+\|-]\d+' expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})","rule"\:{{"level"\:{rule_level},' \ fr'"description"\:"{rule_description}","id"\:"{rule_id}".' expected_indexed_alert = fr'."rule":."level": {rule_level},."description": "{rule_description}"' \ fr'."mitre":."{rule_mitre_technique}"."id": "{rule_id}".' # Check that alert has been raised and save timestamp > raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json, timeout=fw.T_5, error_message='The alert has not occurred').result() tests/end_to_end/test_basic_cases/test_brute_force/test_brute_force_rdp/test_brute_force_rdp.py:120: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd58f33100>, timeout = 5, callback = <function make_callback.<locals>.<lambda> at 0x7efd58edaf70>, accum_results = 1 update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred' def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0, error_message=''): """Start the queue monitoring until the stop method is called.""" if not self._continue: self._continue = True self._abort = False result = None while self._continue: if self._abort: self.stop() if error_message: logger.error(error_message) logger.error(f"Results accumulated: " f"{len(result) if isinstance(result, list) else 0}") logger.error(f"Results expected: {accum_results}") > raise TimeoutError(error_message) E TimeoutError: The alert has not occurred ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError -----------------------------Captured stdout setup------------------------------ PLAY [Configure local environment] ******************************************* TASK [Gathering Facts] ***************************************************** fatal: [localhost]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"failed": true, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}}, "msg": "The following modules failed to execute: ansible.legacy.setup\n"} PLAY RECAP ***************************************************************** localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [localhost] TASK [Attempt a RDP brute force attack] ************************************ failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.777847", "end": "2022-08-29 18:58:52.949521", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:51.171674", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:51\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:52", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:51", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:52"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:02.254199", "end": "2022-08-29 18:58:55.330980", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:53.076781", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:53\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:55", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:53", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:55"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.748222", "end": "2022-08-29 18:58:57.203447", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:55.455225", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:55\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:57", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:55", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:57"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:02.557894", "end": "2022-08-29 18:58:59.882067", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:57.324173", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:57\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:59", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:57", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:59"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.710405", "end": "2022-08-29 18:59:01.713459", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:00.003054", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:00\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:01", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:00", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:01"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.730446", "end": "2022-08-29 18:59:03.558430", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:01.827984", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:01\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:03", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:01", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:03"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.679974", "end": "2022-08-29 18:59:05.368671", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:03.688697", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:03\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:05", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:03", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:05"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.699616", "end": "2022-08-29 18:59:07.188948", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:05.489332", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:05\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:07", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:05", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:07"]} PLAY RECAP ******************************************************************* centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 ------------------------------Captured stderr call------------------------------ 2022-08-29 18:59:12,377 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 18:59:12,377 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 18:59:12,377 - wazuh_testing - ERROR - Results expected: 1 -------------------------------Captured log call-------------------------------- ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1
Failed	tests/end_to_end/test_basic_cases/test_suricata_integration/test_suricata_integration.py::test_suricata_integration[trigger_emerging_policy_rule]	165.43
configure_environment = None metadata = {'description': 'Test the detection of threats by monitoring network traffic. The test generates a specific web reques...trigger_emerging_policy_rule', 'rule.description': 'Suricata: Alert - GPL ATTACK_RESPONSE id check returned root', ...} get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning') @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids) def test_suricata_integration(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events, clean_alerts_index): ''' description: Check that an alert is generated when a specific web request is executed. test_phases: - Set a custom Wazuh configuration. - Execute a web request known to trip NIDS rules to generate the event. - Check in the alerts.json log that the expected alert has been triggered and get its timestamp. - Check that the obtained alert from alerts.json has been indexed. wazuh_min_version: 4.4.0 tier: 0 parameters: - configurate_environment: type: fixture brief: Set the wazuh configuration according to the configuration playbook. - metadata: type: dict brief: Wazuh configuration metadata. - get_dashboard_credentials: type: fixture brief: Get the wazuh dashboard credentials. - generate_events: type: fixture brief: Generate events that will trigger the alert according to the generate_events playbook. - clean_alerts_index: type: fixture brief: Delete obtained alerts.json and alerts index. assertions: - Verify that the alert has been triggered. - Verify that the same alert has been indexed. input_description: - The `configuration.yaml` file provides the module configuration for this test. - The `generate_events.yaml`file provides the function configuration for this test. ''' rule_level = metadata['rule.level'] rule_description = metadata['rule.description'] rule_id = metadata['rule.id'] data_hostname = metadata['extra']['data.hostname'] timestamp_regex = r'\d{4}-\d+-\d+T\d+:\d+:\d+\.\d+[+\|-]\d+' expected_alert_json = fr".timestamp.+({timestamp_regex}).+level.+{rule_level}.+description.+{rule_description}.+" \ fr"id.+{rule_id}.+hostname.+{data_hostname}" expected_indexed_alert = fr".hostname.{data_hostname}.+level.+{rule_level}.+description.+" \ fr"{rule_description}.+id.+{rule_id}" # Check that alert has been raised and save timestamp > raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json, timeout=fw.T_5, error_message='The alert has not occurred').result() tests/end_to_end/test_basic_cases/test_suricata_integration/test_suricata_integration.py:119: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd58f33af0>, timeout = 5, callback = <function make_callback.<locals>.<lambda> at 0x7efd58eeae50>, accum_results = 1 update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred' def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0, error_message=''): """Start the queue monitoring until the stop method is called.""" if not self._continue: self._continue = True self._abort = False result = None while self._continue: if self._abort: self.stop() if error_message: logger.error(error_message) logger.error(f"Results accumulated: " f"{len(result) if isinstance(result, list) else 0}") logger.error(f"Results expected: {accum_results}") > raise TimeoutError(error_message) E TimeoutError: The alert has not occurred ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError -----------------------------Captured stdout setup------------------------------ PLAY [Configure Ubuntu agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] TASK [Configure Wazuh to read Suricata logs file] ************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [ubuntu-agent] TASK [Restart wazuh-agent to apply the change] ***************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] TASK [Check if Suricata is installed] ************************************** changed: [ubuntu-agent] TASK [Add the repo to install Suricata] ************************************ skipping: [ubuntu-agent] TASK [Install Suricata] **************************************************** skipping: [ubuntu-agent] TASK [Enable and stop Suricata] ******************************************** changed: [ubuntu-agent] TASK [Change the default interface] **************************************** ok: [ubuntu-agent] TASK [Configure external network in Suricata] ****************************** ok: [ubuntu-agent] TASK [Configure rules path in Suricata] ************************************ ok: [ubuntu-agent] TASK [Configure live rule reloading] *************************************** ok: [ubuntu-agent] TASK [Clean Suricata logs] ************************************************* changed: [ubuntu-agent] TASK [Updating Suricata rules] ********************************************* changed: [ubuntu-agent] TASK [Start Suricata] ****************************************************** changed: [ubuntu-agent] TASK [Wait for Suricata to start completely] ******************************* ok: [ubuntu-agent] PLAY RECAP ***************************************************************** ubuntu-agent : ok=14 changed=8 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** fatal: [centos-manager]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "failed": true, "module_stderr": "Shared connection to 172.31.11.12 closed.\r\n", "module_stdout": "\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 0}}, "msg": "The following modules failed to execute: ansible.legacy.setup\n"} PLAY RECAP ***************************************************************** centos-manager : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 ------------------------------Captured stderr call------------------------------ 2022-08-29 19:31:19,037 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 19:31:19,037 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 19:31:19,038 - wazuh_testing - ERROR - Results expected: 1 -------------------------------Captured log call-------------------------------- ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1 ----------------------------Captured stdout teardown---------------------------- PLAY [Configure environment] *********************************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] TASK [Remove Wazuh logs configuration] ************************************* ok: [ubuntu-agent] TASK [Restart wazuh-agent to apply the change] ***************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] PLAY RECAP ******************************************************************* ubuntu-agent : ok=4 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Failed	tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/test_vulnerability_detector_linux.py::test_vulnerability_detector_linux[detect_vulnerability_ubuntu]	171.47
configure_environment = None metadata = {'description': 'Detect vim vulnerability', 'extra_vars': {'command': 'apt install -y vim=2:8.1.2269-1ubuntu5.7', 'eve... vulnerable vim package'}, 'name': 'detect_vulnerability_ubuntu', 'rule.description': 'CVE-2022-1621 affects vim', ...} get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning') @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids) def test_vulnerability_detector_linux(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events, clean_alerts_index): ''' description: Check that an alert is generated and indexed when a vulnerable package is present. test_phases: - Set a custom Wazuh configuration. - Install a vulnerable package to generate event. - Check in the alerts.json log that the expected alert has been triggered and get its timestamp. - Check that the obtained alert from alerts.json has been indexed. wazuh_min_version: 4.4.0 tier: 0 parameters: - configurate_environment: type: fixture brief: Set the wazuh configuration according to the configuration playbook. - metadata: type: dict brief: Wazuh configuration metadata. - get_dashboard_credentials: type: fixture brief: Get the wazuh dashboard credentials. - generate_events: type: fixture brief: Generate events that will trigger the alert according to the generate_events playbook. - clean_alerts_index: type: fixture brief: Delete obtained alerts.json and alerts index. assertions: - Verify that the alert has been triggered. - Verify that the same alert has been indexed. input_description: - The `configuration.yaml` file provides the module configuration for this test. - The `generate_events.yaml`file provides the function configuration for this test. ''' rule_level = metadata['rule.level'] rule_id = metadata['rule.id'] rule_description = metadata['rule.description'] timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+\|-]\d+' expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})",' \ fr'"rule"\:{{"level"\:{rule_level},' \ fr'"description"\:"{rule_description}","id"\:"{rule_id}".\}}' expected_indexed_alert = fr'."rule":."level": {rule_level},."description": "{rule_description}"' \ fr'."id": "{rule_id}".' \ fr'"timestamp": "({timestamp_regex})".' # Check that alert has been raised and save timestamp > raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json, error_message='The alert has not occurred').result() tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/test_vulnerability_detector_linux.py:123: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd58619640>, timeout = 20, callback = <function make_callback.<locals>.<lambda> at 0x7efd58ea5ca0>, accum_results = 1 update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred' def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0, error_message=''): """Start the queue monitoring until the stop method is called.""" if not self._continue: self._continue = True self._abort = False result = None while self._continue: if self._abort: self.stop() if error_message: logger.error(error_message) logger.error(f"Results accumulated: " f"{len(result) if isinstance(result, list) else 0}") logger.error(f"Results expected: {accum_results}") > raise TimeoutError(error_message) E TimeoutError: The alert has not occurred ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError -----------------------------Captured stdout setup------------------------------ PLAY [Configure Ubuntu agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] TASK [Enable the agent module to collect installed packages] *************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [ubuntu-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] PLAY [Configure manager environment] *************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate ossec.log] ************************************************** changed: [centos-manager] TASK [Enabled vulnerability detector module] ******************************* TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Wait until the feeds were downloaded and the first scan was completed] * ok: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 ubuntu-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] TASK [Install vulnerable vim package] ************************************** fatal: [ubuntu-agent]: FAILED! => {"changed": true, "cmd": "apt install -y vim=2:8.1.2269-1ubuntu5.7", "delta": "0:00:01.818967", "end": "2022-08-29 22:44:09.871919", "msg": "non-zero return code", "rc": 100, "start": "2022-08-29 22:44:08.052952", "stderr": "\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.\n\nE: Version '2:8.1.2269-1ubuntu5.7' for 'vim' was not found", "stderr_lines": ["", "WARNING: apt does not have a stable CLI interface. Use with caution in scripts.", "", "E: Version '2:8.1.2269-1ubuntu5.7' for 'vim' was not found"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nPackage vim is a virtual package provided by:\n vim-nox 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)\n vim-gtk3 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)\n vim-athena 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "Package vim is a virtual package provided by:", " vim-nox 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)", " vim-gtk3 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)", " vim-athena 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)"]} PLAY RECAP ***************************************************************** centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 ------------------------------Captured stderr call------------------------------ 2022-08-29 19:44:31,292 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 19:44:31,292 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 19:44:31,292 - wazuh_testing - ERROR - Results expected: 1 -------------------------------Captured log call-------------------------------- ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Ubuntu agent environment] ************************************ TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] TASK [Uninstall vim vulnerable package] ************************************ changed: [ubuntu-agent] TASK [Delete agent configuration] ****************************************** changed: [ubuntu-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [ubuntu-agent] PLAY RECAP ******************************************************************* ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Failed	tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/test_vulnerability_detection_windows.py::test_vulnerability_detector_windows[detect_vulnerability_windows]	222.89
configure_environment = None metadata = {'description': 'Detect Mozilla Firefox vulnerability', 'extra_vars': {'command': 'Invoke-WebRequest -Uri "{{ s3_url }...me': 'detect_vulnerability_windows', 'rule.description': 'CVE-2021-30547 affects Mozilla Firefox \\(x64 en-US\\)', ...} get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None @pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning') @pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids) def test_vulnerability_detector_windows(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events, clean_alerts_index): ''' description: Check that an alert is generated and indexed when a vulnerable package is present. test_phases: - Set a custom Wazuh configuration. - Install a vulnerable package to generate event. - Check in the alerts.json log that the expected alert has been triggered and get its timestamp. - Check that the obtained alert from alerts.json has been indexed. wazuh_min_version: 4.4.0 tier: 0 parameters: - configurate_environment: type: fixture brief: Set the wazuh configuration according to the configuration playbook. - metadata: type: dict brief: Wazuh configuration metadata. - get_dashboard_credentials: type: fixture brief: Get the wazuh dashboard credentials. - generate_events: type: fixture brief: Generate events that will trigger the alert according to the generate_events playbook. - clean_alerts_index: type: fixture brief: Delete obtained alerts.json and alerts index. assertions: - Verify that the alert has been triggered. - Verify that the same alert has been indexed. input_description: - The `configuration.yaml` file provides the module configuration for this test. - The `generate_events.yaml`file provides the function configuration for this test. ''' rule_level = metadata['rule.level'] rule_id = metadata['rule.id'] rule_description = metadata['rule.description'] timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+\|-]\d+' expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})",' \ fr'"rule"\:{{"level"\:{rule_level},' \ fr'"description"\:"{rule_description}","id"\:"{rule_id}".\}}' expected_indexed_alert = fr'."rule":."level": {rule_level},."description": "{rule_description}"' \ fr'."id": "{rule_id}".' \ fr'"timestamp": "({timestamp_regex})".' # Check that alert has been raised and save timestamp > raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json, error_message='The alert has not occurred').result() tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/test_vulnerability_detection_windows.py:124: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results, ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results, _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd5860e8b0>, timeout = 20, callback = <function make_callback.<locals>.<lambda> at 0x7efd5861a3a0>, accum_results = 1 update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred' def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0, error_message=''): """Start the queue monitoring until the stop method is called.""" if not self._continue: self._continue = True self._abort = False result = None while self._continue: if self._abort: self.stop() if error_message: logger.error(error_message) logger.error(f"Results accumulated: " f"{len(result) if isinstance(result, list) else 0}") logger.error(f"Results expected: {accum_results}") > raise TimeoutError(error_message) E TimeoutError: The alert has not occurred ../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError -----------------------------Captured stdout setup------------------------------ PLAY [Configure Windows agent environment] ********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Create temp folder] ************************************************** changed: [windows-agent] TASK [Copy ossec.conf] ***************************************************** changed: [windows-agent] TASK [Enable the agent module to collect installed packages (Windows)] ***** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** changed: [windows-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] PLAY [Configure manager environment] *************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate file ossec.log] ********************************************* changed: [centos-manager] TASK [Enable vulnerability detector module] ******************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Wait until the feeds were downloaded and the first scan was completed] * ok: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Install vulnerable Mozilla package] ********************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Waiting for vulnerability scan, alert reporting and indexing] ******** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ------------------------------Captured stderr call------------------------------ 2022-08-29 19:48:28,875 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 19:48:28,875 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 19:48:28,875 - wazuh_testing - ERROR - Results expected: 1 -------------------------------Captured log call-------------------------------- ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Uninstall Mozilla Firefox vulnerable package] ************************ changed: [windows-agent] TASK [Restore ossec.conf without changes] ********************************** changed: [windows-agent] TASK [Delete C:\temp folder] *********************************************** changed: [windows-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] PLAY RECAP ******************************************************************* windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_audit/test_audit.py::test_audit[ping_google]	135.57
-----------------------------Captured stdout setup------------------------------ PLAY [localhost] ************************************************************* TASK [Gathering Facts] ***************************************************** ok: [localhost] TASK [Generate a general validation playbook] ****************************** changed: [localhost] PLAY RECAP ***************************************************************** localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 PLAY [General validation phase] ******************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] ok: [centos-manager] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Set flag and informative variable] ******************** ok: [centos-manager] ok: [windows-agent] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Check default Python version (Linux)] ***************** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [host_checker : Get Python version (Windows)] ************************* skipping: [centos-manager] skipping: [centos-agent] skipping: [ubuntu-agent] changed: [windows-agent] TASK [host_checker : Check default Python version (Windows)] *************** skipping: [centos-manager] skipping: [ubuntu-agent] skipping: [windows-agent] skipping: [centos-agent] TASK [host_checker : Check OS (Linux)] ************************************* skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [host_checker : Check OS (Windows)] *********************************** skipping: [windows-agent] skipping: [centos-manager] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Get Wazuh installation] ********************************************** TASK [service_controller : Get installation type] ************************** skipping: [windows-agent] changed: [centos-manager] changed: [ubuntu-agent] changed: [centos-agent] TASK [host_checker : Populate services facts] ****************************** skipping: [windows-agent] ok: [centos-manager] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Check the status of Wazuh components (Manager)] ******* skipping: [centos-manager] => (item=wazuh-manager.service) skipping: [centos-manager] => (item=wazuh-indexer.service) skipping: [centos-manager] => (item=filebeat.service) skipping: [centos-agent] => (item=wazuh-manager.service) skipping: [centos-agent] => (item=wazuh-indexer.service) skipping: [centos-agent] => (item=filebeat.service) skipping: [windows-agent] => (item=wazuh-manager.service) skipping: [windows-agent] => (item=wazuh-indexer.service) skipping: [windows-agent] => (item=filebeat.service) skipping: [ubuntu-agent] => (item=wazuh-manager.service) skipping: [ubuntu-agent] => (item=wazuh-indexer.service) skipping: [ubuntu-agent] => (item=filebeat.service) TASK [host_checker : set_fact] ********************************************* skipping: [centos-manager] skipping: [windows-agent] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Check the status of Wazuh Agent] ********************** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Get Wazuh installation] ********************************************** TASK [service_controller : Get installation type] ************************** skipping: [windows-agent] changed: [centos-manager] changed: [ubuntu-agent] changed: [centos-agent] TASK [host_checker : Run filebeat test] ************************************ skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] changed: [centos-manager] TASK [host_checker : Check the connection between Filebeat and Wazuh Indexer] * skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Get Wazuh installation] ************************************************ TASK [service_controller : Get installation type] ************************** skipping: [windows-agent] changed: [centos-manager] changed: [ubuntu-agent] changed: [centos-agent] TASK [host_checker : Test connection with Wazuh Indexer] ******************* skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] fatal: [centos-manager -> localhost]: FAILED! => {"changed": false, "msg": "The shell action failed to execute in the expected time frame (3) and was terminated"} ...ignoring TASK [host_checker : Check the connection between Controller node and Wazuh Indexer] * skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [host_checker : set_fact] *********************************************** ok: [centos-manager] ok: [windows-agent] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Verify if any check have failed] ********************** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] PLAY RECAP ***************************************************************** centos-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 centos-manager : ok=9 changed=4 unreachable=0 failed=0 skipped=11 rescued=0 ignored=1 ubuntu-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 windows-agent : ok=4 changed=1 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0 PLAY [Configure manager environment] *************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Get euid] ************************************************************ changed: [centos-manager] TASK [Create wazuh audit rules file] *************************************** changed: [centos-manager] TASK [Delete previous audit rules] ***************************************** changed: [centos-manager] TASK [Load audit rules] **************************************************** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Ping google] ********************************************************* changed: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Delete wazuh audit rules file] *************************************** changed: [centos-manager] TASK [Delete audit rules] ************************************************** changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_aws_infrastructure_monitoring/test_aws_infrastructure_monitoring.py::test_aws_infrastructure_monitoring[CloudTrail service]	259.88
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure the aws-s3 wodle] ****************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Install boto3 python package (script dependency)] ******************** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Run the script using python3 (create S3 bucket)] ********************* changed: [centos-manager] TASK [Wait for the alert to be generated] ********************************** ok: [centos-manager] TASK [Wait for alerts to be indexed] *************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=6 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Remove the aws-s3 wodle block] *************************************** changed: [centos-manager] TASK [Delete the created bucket using the AWS API] ************************* changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_brute_force/test_brute_force_ssh/test_brute_force_ssh.py::test_brute_force_ssh[ssh_brute_force]	45.14
-----------------------------Captured stdout setup------------------------------ { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [localhost] TASK [Attempt a SSH brute force attack] ************************************ changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) TASK [Wait for alert] ****************************************************** ok: [localhost] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_detecting_suspicious_binaries/test_detecting_suspicious_binaries.py::test_detecting_suspicious_binaries[detect_trojaned_file]	86.98
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Create a copy of the system binary] ********************************** changed: [centos-manager] TASK [Replace the content of the system binary with the trojan script] ***** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Restart manager] ***************************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Restore the system binary] ******************************************* changed: [centos-manager] TASK [Delete the system binary copy] *************************************** changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_pull]	92.62
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure the docker-listener module] ******************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Force systemd to reread configs] ************************************* ok: [centos-manager] TASK [Check if Docker is installed or not on CentOS] *********************** changed: [centos-manager] TASK [Install Docker using the convenience script] ************************* skipping: [centos-manager] TASK [Stop Docker to avoid errors and start it] **************************** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=7 changed=5 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Run 'docker pull nginx'] ********************************************* changed: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_run]	45.95
-----------------------------Captured stdout setup------------------------------ PLAY [Generate events] ******************************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Run 'docker run -d -P --name nginx_container nginx'] ***************** changed: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_exec]	47.32
-----------------------------Captured stdout setup------------------------------ PLAY [Generate events] ******************************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Run 'docker exec -d nginx_container /bin/bash'] ********************** changed: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_rm]	81.53
-----------------------------Captured stdout setup------------------------------ PLAY [Generate events] ******************************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Run 'docker stop `docker ps -a -q` && docker rm `docker ps -a -q`'] ** changed: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Delete the docker-listener module configuration] ********************* changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_emotet/test_emotet.py::test_emotet[emotet_attack]	202.87
-----------------------------Captured stdout setup------------------------------ PLAY [Configure Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Enable auto logon] *************************************************** ok: [windows-agent] TASK [Reboot Windows] ****************************************************** changed: [windows-agent] TASK [Disable Windows Defender] ******************************************** changed: [windows-agent] TASK [Create temp folder] ************************************************** changed: [windows-agent] TASK [Download PSTools] **************************************************** changed: [windows-agent] TASK [Unzip PSTools] ******************************************************* changed: [windows-agent] TASK [Copy ossec.conf] ***************************************************** changed: [windows-agent] TASK [Download sysmon] ***************************************************** changed: [windows-agent] TASK [Unzip sysmon] ******************************************************** changed: [windows-agent] TASK [Download Sysmon configuration file] ********************************** changed: [windows-agent] TASK [Install sysmon] ****************************************************** changed: [windows-agent] TASK [Configure Wazuh to collect Sysmon events] **************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** changed: [windows-agent] TASK [Download trigger_emotet.exe] ***************************************** changed: [windows-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] PLAY [Configure manager environment] *************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure local rules] *********************************************** TASK [manage_wazuh_configurations : Configure local rules] ***************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 windows-agent : ok=15 changed=13 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Execute trigger-emotet.exe] ****************************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert] ****************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Restore ossec.conf without changes] ********************************** changed: [windows-agent] TASK [Uninstall Sysmon] **************************************************** changed: [windows-agent] TASK [Kill trigger-emotet.exe] ********************************************* changed: [windows-agent] TASK [Delete C:\temp folder] *********************************************** changed: [windows-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] TASK [Enable Windows Defender] ********************************************* changed: [windows-agent] PLAY RECAP ******************************************************************* windows-agent : ok=7 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[create_file_linux]	89.05
-----------------------------Captured stdout setup------------------------------ PLAY [Configure Linux agent environment] ************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Create directory to monitor] ***************************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [Add directory to syscheck configuration] ***************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Restart Wazuh] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] skipping: [ubuntu-agent] PLAY RECAP ***************************************************************** centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Create a file into the monitored folder] ***************************** changed: [centos-agent] changed: [ubuntu-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[modify_file_linux]	41.61
-----------------------------Captured stdout setup------------------------------ PLAY [Clean alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Modify a file from the monitored folder] ***************************** changed: [centos-agent] changed: [ubuntu-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[delete_file_linux]	75.51
-----------------------------Captured stdout setup------------------------------ PLAY [Clean alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete a file from the monitored folder] ***************************** changed: [ubuntu-agent] changed: [centos-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Linux agent environment] ************************************* TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Delete syscheck configuration] *************************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [Delete folder] ******************************************************* changed: [ubuntu-agent] changed: [centos-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] skipping: [ubuntu-agent] PLAY RECAP ******************************************************************* centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_fim/test_fim_windows/test_fim_windows.py::test_fim_windows[create_file_windows]	86.97
-----------------------------Captured stdout setup------------------------------ PLAY [Configure Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Create directory to monitor] ***************************************** changed: [windows-agent] TASK [Add directory to syscheck configuration] ***************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** changed: [windows-agent] TASK [Truncate ossec.log] ************************************************** changed: [windows-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] TASK [Wait for whodata start] ********************************************** ok: [windows-agent] PLAY RECAP ***************************************************************** windows-agent : ok=6 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Create a file into the monitored folder] ***************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_fim/test_fim_windows/test_fim_windows.py::test_fim_windows[modify_file_windows]	39.38
-----------------------------Captured stdout setup------------------------------ PLAY [Clean alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Modify a file from the monitored folder] ***************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_fim/test_fim_windows/test_fim_windows.py::test_fim_windows[delete_file_windows]	57.04
-----------------------------Captured stdout setup------------------------------ PLAY [Clean alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Delete a file from the monitored folder] ***************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Wait for alert to be generated] ************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Delete syscheck configuration] *************************************** changed: [windows-agent] TASK [Delete directory to monitor (Windows)] ******************************* changed: [windows-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] PLAY RECAP ******************************************************************* windows-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_ip_reputation/test_ip_reputation.py::test_ip_reputation[ip_reputation_active_response]	174.89
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Install apache] ****************************************************** changed: [centos-manager] TASK [Start apache] ******************************************************** changed: [centos-manager] TASK [Download Alienvault IP set] ****************************************** changed: [centos-manager] TASK [Download script to convert from ipset format to cdblist format] ****** changed: [centos-manager] TASK [Add the attacker IP to the list] ************************************* changed: [centos-manager] TASK [Convert .ipset to .cdb using script] ********************************* changed: [centos-manager] TASK [Remove the .ipset file and the script] ******************************* changed: [centos-manager] TASK [Assign the right permissions and owner to the file] ****************** changed: [centos-manager] TASK [Configure ossec.conf] ************************************************ TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Configure local rules] *********************************************** TASK [manage_wazuh_configurations : Configure local rules] ***************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY [Configure Windows agent environment] ********************************* TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Add hostname to hosts file] ****************************************** changed: [windows-agent] PLAY RECAP ***************************************************************** centos-manager : ok=13 changed=12 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Access Apache web server] ******************************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Waiting for alert] *************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Uninstall apache] **************************************************** changed: [centos-manager] TASK [Delete added rules] ************************************************** changed: [centos-manager] TASK [Delete the ossec.conf configuration] ********************************* changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY [Cleanup Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Delete syscheck configuration] *************************************** changed: [windows-agent] PLAY RECAP ******************************************************************* centos-manager : ok=6 changed=5 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_osquery_integration/test_osquery_integration.py::test_osquery_integration[low_free_memory]	204.00
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Check if Osquery is installed or not on CentOS] ********************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": ["systemctl", "status", "osqueryd", "--no-pager"], "delta": "0:00:00.011411", "end": "2022-08-29 22:18:50.704517", "msg": "non-zero return code", "rc": 3, "start": "2022-08-29 22:18:50.693106", "stderr": "", "stderr_lines": [], "stdout": "● osqueryd.service - The osquery Daemon\n Loaded: loaded (/usr/lib/systemd/system/osqueryd.service; disabled; vendor preset: disabled)\n Active: inactive (dead)", "stdout_lines": ["● osqueryd.service - The osquery Daemon", " Loaded: loaded (/usr/lib/systemd/system/osqueryd.service; disabled; vendor preset: disabled)", " Active: inactive (dead)"]} ...ignoring TASK [Install Osquery on CentOS] ******************************************* skipping: [centos-manager] TASK [Configure Osquery] *************************************************** changed: [centos-manager] TASK [Configure the Osquery module] **************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Start Osquery] ******************************************************* changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Check if stress is installed or not on CentOS] *********************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": ["rpm", "-q", "stress"], "delta": "0:00:00.008624", "end": "2022-08-29 22:19:31.182220", "msg": "non-zero return code", "rc": 1, "start": "2022-08-29 22:19:31.173596", "stderr": "", "stderr_lines": [], "stdout": "package stress is not installed", "stdout_lines": ["package stress is not installed"]} ...ignoring TASK [Install stress] ****************************************************** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=9 changed=8 unreachable=0 failed=0 skipped=4 rescued=0 ignored=2 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Truncate osquery results file] *************************************** changed: [centos-manager] TASK [Stress system memory] ************************************************ changed: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Delete Osquery configuration file] *********************************** changed: [centos-manager] TASK [Delete the Osquery module configuration] ***************************** changed: [centos-manager] TASK [Stop Osquery] ******************************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Uninstall stress] **************************************************** changed: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=7 changed=6 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_shellshock_attack_detection/test_shellshock_attack_detection.py::test_shellshock_attack_detection[shellshock_attack]	126.72
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure a localfile instance to collect the logs from Apache] ****** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] TASK [Check if Firewalld is installed on CentOS] *************************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": "systemctl status firewalld --no-pager", "delta": "0:00:00.009196", "end": "2022-08-29 22:22:43.256229", "msg": "non-zero return code", "rc": 4, "start": "2022-08-29 22:22:43.247033", "stderr": "Unit firewalld.service could not be found.", "stderr_lines": ["Unit firewalld.service could not be found."], "stdout": "", "stdout_lines": []} ...ignoring TASK [Stop Firewalld if it's installed and active] ************************* skipping: [centos-manager] TASK [Check if Apache is installed or not on CentOS] *********************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": "systemctl status httpd --no-pager", "delta": "0:00:00.008678", "end": "2022-08-29 22:22:47.286366", "msg": "non-zero return code", "rc": 4, "start": "2022-08-29 22:22:47.277688", "stderr": "Unit httpd.service could not be found.", "stderr_lines": ["Unit httpd.service could not be found."], "stdout": "", "stdout_lines": []} ...ignoring TASK [Install Apache Server on CentOS] ************************************* changed: [centos-manager] TASK [Start Apache] ******************************************************** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=8 changed=7 unreachable=0 failed=0 skipped=4 rescued=0 ignored=2 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Shellshock attack] *************************************************** changed: [centos-manager] TASK [Wait for alerts to be generated] ************************************* ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Delete localfile configuration] ************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_slack_integration/test_slack_integration.py::test_slack_integration[slack_integration_brute_force_attack]	164.49
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Set the Slack integration block] ************************************* TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate integrations log] ******************************************* changed: [centos-manager] TASK [Attempt a brute force SSH attack] ************************************ changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) TASK [Wait for the alert to be generated] ********************************** Pausing for 5 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [centos-manager] TASK [Check if the alert has been sent to Slack] *************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] TASK [Run the script using python3 (Get messages from Slack channel)] ****** changed: [centos-manager] TASK [Get Slack messages log] ********************************************** changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=8 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Clean added host] **************************************************** changed: [centos-manager] TASK [Remove the Slack integration block] ********************************** ok: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ******************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_sql_injection/test_sql_injection.py::test_sql_injection[sql_injection]	130.02
-----------------------------Captured stdout setup------------------------------ PLAY [Configure CentOS agent environment] ************************************ TASK [Gathering Facts] ***************************************************** ok: [centos-agent] TASK [Install apache] ****************************************************** changed: [centos-agent] TASK [Start apache] ******************************************************** changed: [centos-agent] TASK [Configure agent to monitor the Apache access logs] ******************* TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-agent] TASK [Restart agent] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] PLAY RECAP ***************************************************************** centos-agent : ok=6 changed=5 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [localhost] TASK [Run SQL injection] *************************************************** changed: [localhost] TASK [Wait for alert] ****************************************************** ok: [localhost] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup CentOS agent environment] ************************************ TASK [Gathering Facts] ***************************************************** ok: [centos-agent] TASK [Delete localfile configuration] ************************************** changed: [centos-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] PLAY RECAP ******************************************************************* centos-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_unauthorized_processes_detection/test_unauthorized_processes_detection.py::test_unauthorized_processes_detection[netcat]	265.61
-----------------------------Captured stdout setup------------------------------ PLAY [Configure Linux agent environment] ************************************* TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Configure agent to get a list of running processes] ****************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Install netcat (CentOS)] ********************************************* skipping: [ubuntu-agent] ok: [centos-agent] TASK [Install netcat (Ubuntu)] ********************************************* skipping: [centos-agent] ok: [ubuntu-agent] PLAY [Configure manager environment] *************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure local rules] *********************************************** TASK [manage_wazuh_configurations : Configure local rules] ***************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ***************************************************************** centos-agent : ok=5 changed=3 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=3 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Run netcat] ********************************************************** fatal: [centos-agent]: FAILED! => {"changed": false, "msg": "The command action failed to execute in the expected time frame (30) and was terminated"} ...ignoring fatal: [ubuntu-agent]: FAILED! => {"changed": false, "msg": "The command action failed to execute in the expected time frame (30) and was terminated"} ...ignoring TASK [Wait for alert] ****************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Kill netcat] ********************************************************* changed: [ubuntu-agent] changed: [centos-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-agent : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1 centos-manager : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Linux agent environment] ************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete agent configuration] ****************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Restart wazuh-agent] ************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] skipping: [ubuntu-agent] PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Delete added rules] ************************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *********************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ******************************************************************* centos-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_virustotal_integration/test_virustotal_integration.py::test_virustotal_integration[remove_malicious_file]	206.47
-----------------------------Captured stdout setup------------------------------ PLAY [Configure manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure Virustotal integration and active response] **************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-manager] TASK [Configure local rules virustotal integration] ************************ TASK [manage_wazuh_configurations : Configure local rules] ***************** changed: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] TASK [Restart manager] ***************************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY [Configure CentOS agent environment] ********************************** TASK [Gathering Facts] ***************************************************** ok: [centos-agent] TASK [Configure syscheck] ************************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** skipping: [centos-agent] TASK [Add active response script] ****************************************** changed: [centos-agent] TASK [Install jq] ********************************************************** changed: [centos-agent] TASK [Change remove-threat.sh owner and permissions] *********************** changed: [centos-agent] TASK [Restart agent] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] PLAY RECAP ***************************************************************** centos-agent : ok=7 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 centos-manager : ok=6 changed=5 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-agent] TASK [Download malicious file] ********************************************* changed: [centos-agent] TASK [Wait for alert] ****************************************************** ok: [centos-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ******************************************************************* centos-agent : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_virustotal_integration/test_virustotal_integration.py::test_virustotal_integration[harmless_file]	152.37
-----------------------------Captured stdout setup------------------------------ PLAY [Generate events] ******************************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-agent] TASK [Create harmless file] ************************************************ changed: [centos-agent] TASK [Wait for alert] ****************************************************** ok: [centos-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-agent : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup manager environment] ***************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Delete Virustotal integration and active response configuration] ***** changed: [centos-manager] TASK [Delete local rules virus total integration] ************************** changed: [centos-manager] TASK [Restart manager] ***************************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY [Cleanup agent environment] ******************************************* TASK [Gathering Facts] ***************************************************** ok: [centos-agent] TASK [Delete syscheck configuration] *************************************** changed: [centos-agent] TASK [Delete active response script] *************************************** ok: [centos-agent] TASK [Delete created file] ************************************************* changed: [centos-agent] TASK [Restart agent] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-agent] PLAY RECAP ******************************************************************* centos-agent : ok=6 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
Passed	tests/end_to_end/test_basic_cases/test_windows_defender/test_windows_defender.py::test_windows_defender[detect_windows_defender_disable]	121.68
-----------------------------Captured stdout setup------------------------------ PLAY [TConfigure Windows agent environment] ********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Create temp folder] ************************************************** changed: [windows-agent] TASK [Copy ossec.conf] ***************************************************** changed: [windows-agent] TASK [Enable the agent to collect Windows Defender logs] ******************* TASK [manage_wazuh_configurations : Configure ossec.conf linux] ************ skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ********** changed: [windows-agent] TASK [Restart agent] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] PLAY [Configure manager environment] *************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Configure local rules] *********************************************** TASK [manage_wazuh_configurations : Configure local rules] ***************** changed: [centos-manager] TASK [Restart manager] ***************************************************** TASK [manage_wazuh : Get installation type] ******************************** changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ********************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** skipping: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] *************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Truncate alert.json] ************************************************* TASK [manage_alerts : Truncate file] *************************************** changed: [centos-manager] PLAY [Generate events] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Disable Windows Defender] ******************************************** changed: [windows-agent] PLAY [Get alerts file] ***************************************************** TASK [Gathering Facts] ***************************************************** ok: [centos-manager] TASK [Waiting for alert] *************************************************** ok: [centos-manager] TASK [Get alert json] ****************************************************** TASK [manage_alerts : Get alerts.json] ************************************* changed: [centos-manager] PLAY RECAP ***************************************************************** centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ----------------------------Captured stdout teardown---------------------------- PLAY [Cleanup Windows agent environment] *********************************** TASK [Gathering Facts] ***************************************************** ok: [windows-agent] TASK [Restore ossec.conf without changes] ********************************** changed: [windows-agent] TASK [Delete C:\temp folder] *********************************************** changed: [windows-agent] TASK [Enable Windows Defender] ********************************************* changed: [windows-agent] TASK [Restart agent] ******************************************************* TASK [manage_wazuh : Get installation type] ******************************** skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ********************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *********************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ***************************** changed: [windows-agent] PLAY RECAP ******************************************************************* windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0

Result

Test

Duration

Links

Failed

tests/end_to_end/test_basic_cases/test_brute_force/test_brute_force_rdp/test_brute_force_rdp.py::test_brute_force_rdp[rdp_brute_force]

34.91

configure_environment = None
metadata = {'description': 'Check if the alert is generated when executing a brute force attack via RDP.', 'extra': {'mitre_technique': 'Brute Force'}, 'name': 'rdp_brute_force', 'rule.description': 'Multiple Windows logon failures.', ...}
get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None

@pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
@pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
def test_brute_force_rdp(configure_environment, metadata, get_dashboard_credentials, get_manager_ip, generate_events,
clean_alerts_index):
'''
description: Check that an alert is generated and indexed when a brute force attack is perfomed.

test_phases:
- Set a custom Wazuh configuration.
- Run hydra command to attempt an invalid RDP connection and generate event.
- Check in the alerts.json log that the expected alert has been triggered and get its timestamp.
- Check that the obtained alert from alerts.json has been indexed.

wazuh_min_version: 4.4.0

tier: 0

parameters:
- configurate_environment:
type: fixture
brief: Set the wazuh configuration according to the configuration playbook.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- get_dashboard_credentials:
type: fixture
brief: Get the wazuh dashboard credentials.
- generate_events:
type: fixture
brief: Generate events that will trigger the alert according to the generate_events playbook.
- clean_alerts_index:
type: fixture
brief: Delete obtained alerts.json and alerts index.

assertions:
- Verify that the alert has been triggered.
- Verify that the same alert has been indexed.

input_description:
- The `configuration.yaml` file provides the module configuration for this test.
- The `generate_events.yaml`file provides the function configuration for this test.
'''
rule_id = metadata['rule.id']
rule_level = metadata['rule.level']
rule_description = metadata['rule.description']
rule_mitre_technique = metadata['extra']['mitre_technique']
timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+'

expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})","rule"\:{{"level"\:{rule_level},' \
fr'"description"\:"{rule_description}","id"\:"{rule_id}".*'

expected_indexed_alert = fr'.*"rule":.*"level": {rule_level},.*"description": "{rule_description}"' \
fr'.*"mitre":.*"{rule_mitre_technique}".*"id": "{rule_id}".*'

# Check that alert has been raised and save timestamp
> raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
timeout=fw.T_5, error_message='The alert has not occurred').result()

tests/end_to_end/test_basic_cases/test_brute_force/test_brute_force_rdp/test_brute_force_rdp.py:120:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event
result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start
self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd58f33100>, timeout = 5, callback = <function make_callback.<locals>.<lambda> at 0x7efd58edaf70>, accum_results = 1
update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred'

def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
error_message=''):
"""Start the queue monitoring until the stop method is called."""
if not self._continue:
self._continue = True
self._abort = False
result = None

while self._continue:
if self._abort:
self.stop()
if error_message:
logger.error(error_message)
logger.error(f"Results accumulated: "
f"{len(result) if isinstance(result, list) else 0}")
logger.error(f"Results expected: {accum_results}")
> raise TimeoutError(error_message)
E TimeoutError: The alert has not occurred

../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
-----------------------------Captured stdout setup------------------------------
PLAY [Configure local environment] ********************************************* TASK [Gathering Facts] ********************************************************* fatal: [localhost]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"failed": true, "module_stderr": "sudo: a password is required\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}}, "msg": "The following modules failed to execute: ansible.legacy.setup\n"} PLAY RECAP ********************************************************************* localhost : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [localhost] TASK [Attempt a RDP brute force attack] **************************************** failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.777847", "end": "2022-08-29 18:58:52.949521", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:51.171674", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:51\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:52", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:51", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:52"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:02.254199", "end": "2022-08-29 18:58:55.330980", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:53.076781", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:53\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:55", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:53", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:55"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.748222", "end": "2022-08-29 18:58:57.203447", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:55.455225", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:55\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:57", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:55", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:57"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:02.557894", "end": "2022-08-29 18:58:59.882067", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:58:57.324173", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:57\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:59", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:58:57", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:58:59"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.710405", "end": "2022-08-29 18:59:01.713459", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:00.003054", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:00\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:01", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:00", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:01"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.730446", "end": "2022-08-29 18:59:03.558430", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:01.827984", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:01\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:03", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:01", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:03"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.679974", "end": "2022-08-29 18:59:05.368671", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:03.688697", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:03\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:05", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:03", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:05"]} failed: [localhost] (item=test_user) => {"ansible_loop_var": "item", "changed": true, "cmd": "hydra -l test_user -p invalid_password rdp://172.31.11.36", "delta": "0:00:01.699616", "end": "2022-08-29 18:59:07.188948", "failed_when_result": true, "item": "test_user", "msg": "", "rc": 0, "start": "2022-08-29 18:59:05.489332", "stderr": "[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover\n[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)", "stderr_lines": ["[WARNING] rdp servers often don't like many connections, use -t 1 or -t 4 to reduce the number of parallel connections and -W 1 or -W 3 to wait between connection to allow the server to recover", "[INFO] Reduced number of tasks to 4 (rdp does not like many parallel connections)"], "stdout": "Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.\n\nHydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:05\n[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.\n[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task\n[DATA] attacking rdp://172.31.11.36:3389/\n1 of 1 target completed, 0 valid passwords found\nHydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:07", "stdout_lines": ["Hydra v9.0 (c) 2019 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.", "", "Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2022-08-29 18:59:05", "[WARNING] the rdp module is experimental. Please test, report - and if possible, fix.", "[DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task", "[DATA] attacking rdp://172.31.11.36:3389/", "1 of 1 target completed, 0 valid passwords found", "Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2022-08-29 18:59:07"]} PLAY RECAP ********************************************************************* centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
------------------------------Captured stderr call------------------------------
2022-08-29 18:59:12,377 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 18:59:12,377 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 18:59:12,377 - wazuh_testing - ERROR - Results expected: 1
-------------------------------Captured log call--------------------------------
ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1

Failed

tests/end_to_end/test_basic_cases/test_suricata_integration/test_suricata_integration.py::test_suricata_integration[trigger_emerging_policy_rule]

165.43

configure_environment = None
metadata = {'description': 'Test the detection of threats by monitoring network traffic. The test generates a specific web reques...trigger_emerging_policy_rule', 'rule.description': 'Suricata: Alert - GPL ATTACK_RESPONSE id check returned root', ...}
get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None

@pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
@pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
def test_suricata_integration(configure_environment, metadata, get_dashboard_credentials, get_manager_ip,
generate_events, clean_alerts_index):
'''
description: Check that an alert is generated when a specific web request is executed.

test_phases:
- Set a custom Wazuh configuration.
- Execute a web request known to trip NIDS rules to generate the event.
- Check in the alerts.json log that the expected alert has been triggered and get its timestamp.
- Check that the obtained alert from alerts.json has been indexed.

wazuh_min_version: 4.4.0

tier: 0

parameters:
- configurate_environment:
type: fixture
brief: Set the wazuh configuration according to the configuration playbook.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- get_dashboard_credentials:
type: fixture
brief: Get the wazuh dashboard credentials.
- generate_events:
type: fixture
brief: Generate events that will trigger the alert according to the generate_events playbook.
- clean_alerts_index:
type: fixture
brief: Delete obtained alerts.json and alerts index.

assertions:
- Verify that the alert has been triggered.
- Verify that the same alert has been indexed.

input_description:
- The `configuration.yaml` file provides the module configuration for this test.
- The `generate_events.yaml`file provides the function configuration for this test.
'''
rule_level = metadata['rule.level']
rule_description = metadata['rule.description']
rule_id = metadata['rule.id']
data_hostname = metadata['extra']['data.hostname']
timestamp_regex = r'\d{4}-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+'

expected_alert_json = fr".*timestamp.+({timestamp_regex}).+level.+{rule_level}.+description.+{rule_description}.+" \
fr"id.+{rule_id}.+hostname.+{data_hostname}"
expected_indexed_alert = fr".*hostname.*{data_hostname}.+level.+{rule_level}.+description.+" \
fr"{rule_description}.+id.+{rule_id}"

# Check that alert has been raised and save timestamp
> raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
timeout=fw.T_5, error_message='The alert has not occurred').result()

tests/end_to_end/test_basic_cases/test_suricata_integration/test_suricata_integration.py:119:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event
result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start
self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd58f33af0>, timeout = 5, callback = <function make_callback.<locals>.<lambda> at 0x7efd58eeae50>, accum_results = 1
update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred'

def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
error_message=''):
"""Start the queue monitoring until the stop method is called."""
if not self._continue:
self._continue = True
self._abort = False
result = None

while self._continue:
if self._abort:
self.stop()
if error_message:
logger.error(error_message)
logger.error(f"Results accumulated: "
f"{len(result) if isinstance(result, list) else 0}")
logger.error(f"Results expected: {accum_results}")
> raise TimeoutError(error_message)
E TimeoutError: The alert has not occurred

../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
-----------------------------Captured stdout setup------------------------------
PLAY [Configure Ubuntu agent environment] ************************************** TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] TASK [Configure Wazuh to read Suricata logs file] ****************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [ubuntu-agent] TASK [Restart wazuh-agent to apply the change] ********************************* TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [ubuntu-agent] TASK [Check if Suricata is installed] ****************************************** changed: [ubuntu-agent] TASK [Add the repo to install Suricata] **************************************** skipping: [ubuntu-agent] TASK [Install Suricata] ******************************************************** skipping: [ubuntu-agent] TASK [Enable and stop Suricata] ************************************************ changed: [ubuntu-agent] TASK [Change the default interface] ******************************************** ok: [ubuntu-agent] TASK [Configure external network in Suricata] ********************************** ok: [ubuntu-agent] TASK [Configure rules path in Suricata] **************************************** ok: [ubuntu-agent] TASK [Configure live rule reloading] ******************************************* ok: [ubuntu-agent] TASK [Clean Suricata logs] ***************************************************** changed: [ubuntu-agent] TASK [Updating Suricata rules] ************************************************* changed: [ubuntu-agent] TASK [Start Suricata] ********************************************************** changed: [ubuntu-agent] TASK [Wait for Suricata to start completely] *********************************** ok: [ubuntu-agent] PLAY RECAP ********************************************************************* ubuntu-agent : ok=14 changed=8 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* fatal: [centos-manager]: FAILED! => {"ansible_facts": {}, "changed": false, "failed_modules": {"ansible.legacy.setup": {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"}, "failed": true, "module_stderr": "Shared connection to 172.31.11.12 closed.\r\n", "module_stdout": "\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 0}}, "msg": "The following modules failed to execute: ansible.legacy.setup\n"} PLAY RECAP ********************************************************************* centos-manager : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
------------------------------Captured stderr call------------------------------
2022-08-29 19:31:19,037 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 19:31:19,037 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 19:31:19,038 - wazuh_testing - ERROR - Results expected: 1
-------------------------------Captured log call--------------------------------
ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1
----------------------------Captured stdout teardown----------------------------
PLAY [Configure environment] *************************************************** TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] TASK [Remove Wazuh logs configuration] ***************************************** ok: [ubuntu-agent] TASK [Restart wazuh-agent to apply the change] ********************************* TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [ubuntu-agent] PLAY RECAP ********************************************************************* ubuntu-agent : ok=4 changed=2 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Failed

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/test_vulnerability_detector_linux.py::test_vulnerability_detector_linux[detect_vulnerability_ubuntu]

171.47

configure_environment = None
metadata = {'description': 'Detect vim vulnerability', 'extra_vars': {'command': 'apt install -y vim=2:8.1.2269-1ubuntu5.7', 'eve... vulnerable vim package'}, 'name': 'detect_vulnerability_ubuntu', 'rule.description': 'CVE-2022-1621 affects vim', ...}
get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None

@pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
@pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
def test_vulnerability_detector_linux(configure_environment, metadata, get_dashboard_credentials, get_manager_ip,
generate_events, clean_alerts_index):
'''
description: Check that an alert is generated and indexed when a vulnerable package is present.

test_phases:
- Set a custom Wazuh configuration.
- Install a vulnerable package to generate event.
- Check in the alerts.json log that the expected alert has been triggered and get its timestamp.
- Check that the obtained alert from alerts.json has been indexed.

wazuh_min_version: 4.4.0

tier: 0

parameters:
- configurate_environment:
type: fixture
brief: Set the wazuh configuration according to the configuration playbook.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- get_dashboard_credentials:
type: fixture
brief: Get the wazuh dashboard credentials.
- generate_events:
type: fixture
brief: Generate events that will trigger the alert according to the generate_events playbook.
- clean_alerts_index:
type: fixture
brief: Delete obtained alerts.json and alerts index.

assertions:
- Verify that the alert has been triggered.
- Verify that the same alert has been indexed.

input_description:
- The `configuration.yaml` file provides the module configuration for this test.
- The `generate_events.yaml`file provides the function configuration for this test.
'''
rule_level = metadata['rule.level']
rule_id = metadata['rule.id']
rule_description = metadata['rule.description']
timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+'

expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})",' \
fr'"rule"\:{{"level"\:{rule_level},' \
fr'"description"\:"{rule_description}","id"\:"{rule_id}".*\}}'

expected_indexed_alert = fr'.*"rule":.*"level": {rule_level},.*"description": "{rule_description}"' \
fr'.*"id": "{rule_id}".*' \
fr'"timestamp": "({timestamp_regex})".*'

# Check that alert has been raised and save timestamp
> raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
error_message='The alert has not occurred').result()

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_linux/test_vulnerability_detector_linux.py:123:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event
result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start
self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd58619640>, timeout = 20, callback = <function make_callback.<locals>.<lambda> at 0x7efd58ea5ca0>, accum_results = 1
update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred'

def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
error_message=''):
"""Start the queue monitoring until the stop method is called."""
if not self._continue:
self._continue = True
self._abort = False
result = None

while self._continue:
if self._abort:
self.stop()
if error_message:
logger.error(error_message)
logger.error(f"Results accumulated: "
f"{len(result) if isinstance(result, list) else 0}")
logger.error(f"Results expected: {accum_results}")
> raise TimeoutError(error_message)
E TimeoutError: The alert has not occurred

../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
-----------------------------Captured stdout setup------------------------------
PLAY [Configure Ubuntu agent environment] ************************************** TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] TASK [Enable the agent module to collect installed packages] ******************* TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [ubuntu-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [ubuntu-agent] PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate ossec.log] ****************************************************** changed: [centos-manager] TASK [Enabled vulnerability detector module] *********************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] TASK [Wait until the feeds were downloaded and the first scan was completed] *** ok: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 ubuntu-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] TASK [Install vulnerable vim package] ****************************************** fatal: [ubuntu-agent]: FAILED! => {"changed": true, "cmd": "apt install -y vim=2:8.1.2269-1ubuntu5.7", "delta": "0:00:01.818967", "end": "2022-08-29 22:44:09.871919", "msg": "non-zero return code", "rc": 100, "start": "2022-08-29 22:44:08.052952", "stderr": "\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.\n\nE: Version '2:8.1.2269-1ubuntu5.7' for 'vim' was not found", "stderr_lines": ["", "WARNING: apt does not have a stable CLI interface. Use with caution in scripts.", "", "E: Version '2:8.1.2269-1ubuntu5.7' for 'vim' was not found"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nPackage vim is a virtual package provided by:\n vim-nox 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)\n vim-gtk3 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)\n vim-athena 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "Package vim is a virtual package provided by:", " vim-nox 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)", " vim-gtk3 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)", " vim-athena 2:8.2.3995-1ubuntu2 (= 2:8.2.3995-1ubuntu2)"]} PLAY RECAP ********************************************************************* centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
------------------------------Captured stderr call------------------------------
2022-08-29 19:44:31,292 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 19:44:31,292 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 19:44:31,292 - wazuh_testing - ERROR - Results expected: 1
-------------------------------Captured log call--------------------------------
ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Ubuntu agent environment] **************************************** TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] TASK [Uninstall vim vulnerable package] **************************************** changed: [ubuntu-agent] TASK [Delete agent configuration] ********************************************** changed: [ubuntu-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [ubuntu-agent] PLAY RECAP ********************************************************************* ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Failed

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/test_vulnerability_detection_windows.py::test_vulnerability_detector_windows[detect_vulnerability_windows]

222.89

configure_environment = None
metadata = {'description': 'Detect Mozilla Firefox vulnerability', 'extra_vars': {'command': 'Invoke-WebRequest -Uri "{{ s3_url }...me': 'detect_vulnerability_windows', 'rule.description': 'CVE-2021-30547 affects Mozilla Firefox \\(x64 en-US\\)', ...}
get_dashboard_credentials = {'password': 'admin', 'user': 'admin'}, get_manager_ip = '172.31.11.12', generate_events = None, clean_alerts_index = None

@pytest.mark.filterwarnings('ignore::urllib3.exceptions.InsecureRequestWarning')
@pytest.mark.parametrize('metadata', configuration_metadata, ids=cases_ids)
def test_vulnerability_detector_windows(configure_environment, metadata, get_dashboard_credentials, get_manager_ip,
generate_events, clean_alerts_index):
'''
description: Check that an alert is generated and indexed when a vulnerable package is present.

test_phases:
- Set a custom Wazuh configuration.
- Install a vulnerable package to generate event.
- Check in the alerts.json log that the expected alert has been triggered and get its timestamp.
- Check that the obtained alert from alerts.json has been indexed.

wazuh_min_version: 4.4.0

tier: 0

parameters:
- configurate_environment:
type: fixture
brief: Set the wazuh configuration according to the configuration playbook.
- metadata:
type: dict
brief: Wazuh configuration metadata.
- get_dashboard_credentials:
type: fixture
brief: Get the wazuh dashboard credentials.
- generate_events:
type: fixture
brief: Generate events that will trigger the alert according to the generate_events playbook.
- clean_alerts_index:
type: fixture
brief: Delete obtained alerts.json and alerts index.

assertions:
- Verify that the alert has been triggered.
- Verify that the same alert has been indexed.

input_description:
- The `configuration.yaml` file provides the module configuration for this test.
- The `generate_events.yaml`file provides the function configuration for this test.
'''
rule_level = metadata['rule.level']
rule_id = metadata['rule.id']
rule_description = metadata['rule.description']
timestamp_regex = r'\d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+'

expected_alert_json = fr'\{{"timestamp":"({timestamp_regex})",' \
fr'"rule"\:{{"level"\:{rule_level},' \
fr'"description"\:"{rule_description}","id"\:"{rule_id}".*\}}'

expected_indexed_alert = fr'.*"rule":.*"level": {rule_level},.*"description": "{rule_description}"' \
fr'.*"id": "{rule_id}".*' \
fr'"timestamp": "({timestamp_regex})".*'

# Check that alert has been raised and save timestamp
> raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
error_message='The alert has not occurred').result()

tests/end_to_end/test_basic_cases/test_vulnerability_detector/test_vulnerability_detector_windows/test_vulnerability_detection_windows.py:124:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
../../.local/lib/python3.8/site-packages/wazuh_testing/event_monitor.py:36: in check_event
result = file_monitor.start(timeout=timeout, update_position=update_position, accum_results=accum_results,
../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:201: in start
self._result = monitor.start(timeout=timeout, callback=callback, accum_results=accum_results,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <wazuh_testing.tools.monitoring.QueueMonitor object at 0x7efd5860e8b0>, timeout = 20, callback = <function make_callback.<locals>.<lambda> at 0x7efd5861a3a0>, accum_results = 1
update_position = True, timeout_extra = 0, error_message = 'The alert has not occurred'

def start(self, timeout=-1, callback=_callback_default, accum_results=1, update_position=True, timeout_extra=0,
error_message=''):
"""Start the queue monitoring until the stop method is called."""
if not self._continue:
self._continue = True
self._abort = False
result = None

while self._continue:
if self._abort:
self.stop()
if error_message:
logger.error(error_message)
logger.error(f"Results accumulated: "
f"{len(result) if isinstance(result, list) else 0}")
logger.error(f"Results expected: {accum_results}")
> raise TimeoutError(error_message)
E TimeoutError: The alert has not occurred

../../.local/lib/python3.8/site-packages/wazuh_testing/tools/monitoring.py:469: TimeoutError
-----------------------------Captured stdout setup------------------------------
PLAY [Configure Windows agent environment] ************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Create temp folder] ****************************************************** changed: [windows-agent] TASK [Copy ossec.conf] ********************************************************* changed: [windows-agent] TASK [Enable the agent module to collect installed packages (Windows)] ********* TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** changed: [windows-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate file ossec.log] ************************************************* changed: [centos-manager] TASK [Enable vulnerability detector module] ************************************ TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] TASK [Wait until the feeds were downloaded and the first scan was completed] *** ok: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Install vulnerable Mozilla package] ************************************** changed: [windows-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Waiting for vulnerability scan, alert reporting and indexing] ************ ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
------------------------------Captured stderr call------------------------------
2022-08-29 19:48:28,875 - wazuh_testing - ERROR - The alert has not occurred 2022-08-29 19:48:28,875 - wazuh_testing - ERROR - Results accumulated: 0 2022-08-29 19:48:28,875 - wazuh_testing - ERROR - Results expected: 1
-------------------------------Captured log call--------------------------------
ERROR wazuh_testing:monitoring.py:465 The alert has not occurred ERROR wazuh_testing:monitoring.py:466 Results accumulated: 0 ERROR wazuh_testing:monitoring.py:468 Results expected: 1
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Windows agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Uninstall Mozilla Firefox vulnerable package] **************************** changed: [windows-agent] TASK [Restore ossec.conf without changes] ************************************** changed: [windows-agent] TASK [Delete C:\temp folder] *************************************************** changed: [windows-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] PLAY RECAP ********************************************************************* windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_audit/test_audit.py::test_audit[ping_google]

135.57

-----------------------------Captured stdout setup------------------------------
PLAY [localhost] *************************************************************** TASK [Gathering Facts] ********************************************************* ok: [localhost] TASK [Generate a general validation playbook] ********************************** changed: [localhost] PLAY RECAP ********************************************************************* localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 PLAY [General validation phase] ************************************************ TASK [Gathering Facts] ********************************************************* ok: [windows-agent] ok: [centos-manager] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Set flag and informative variable] ************************ ok: [centos-manager] ok: [windows-agent] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Check default Python version (Linux)] ********************* skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [host_checker : Get Python version (Windows)] ***************************** skipping: [centos-manager] skipping: [centos-agent] skipping: [ubuntu-agent] changed: [windows-agent] TASK [host_checker : Check default Python version (Windows)] ******************* skipping: [centos-manager] skipping: [ubuntu-agent] skipping: [windows-agent] skipping: [centos-agent] TASK [host_checker : Check OS (Linux)] ***************************************** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [host_checker : Check OS (Windows)] *************************************** skipping: [windows-agent] skipping: [centos-manager] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Get Wazuh installation] ************************************************** TASK [service_controller : Get installation type] ****************************** skipping: [windows-agent] changed: [centos-manager] changed: [ubuntu-agent] changed: [centos-agent] TASK [host_checker : Populate services facts] ********************************** skipping: [windows-agent] ok: [centos-manager] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Check the status of Wazuh components (Manager)] *********** skipping: [centos-manager] => (item=wazuh-manager.service) skipping: [centos-manager] => (item=wazuh-indexer.service) skipping: [centos-manager] => (item=filebeat.service) skipping: [centos-agent] => (item=wazuh-manager.service) skipping: [centos-agent] => (item=wazuh-indexer.service) skipping: [centos-agent] => (item=filebeat.service) skipping: [windows-agent] => (item=wazuh-manager.service) skipping: [windows-agent] => (item=wazuh-indexer.service) skipping: [windows-agent] => (item=filebeat.service) skipping: [ubuntu-agent] => (item=wazuh-manager.service) skipping: [ubuntu-agent] => (item=wazuh-indexer.service) skipping: [ubuntu-agent] => (item=filebeat.service) TASK [host_checker : set_fact] ************************************************* skipping: [centos-manager] skipping: [windows-agent] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Check the status of Wazuh Agent] ************************** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Get Wazuh installation] ************************************************** TASK [service_controller : Get installation type] ****************************** skipping: [windows-agent] changed: [centos-manager] changed: [ubuntu-agent] changed: [centos-agent] TASK [host_checker : Run filebeat test] **************************************** skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] changed: [centos-manager] TASK [host_checker : Check the connection between Filebeat and Wazuh Indexer] *** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Get Wazuh installation] ************************************************** TASK [service_controller : Get installation type] ****************************** skipping: [windows-agent] changed: [centos-manager] changed: [ubuntu-agent] changed: [centos-agent] TASK [host_checker : Test connection with Wazuh Indexer] *********************** skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] fatal: [centos-manager -> localhost]: FAILED! => {"changed": false, "msg": "The shell action failed to execute in the expected time frame (3) and was terminated"} ...ignoring TASK [host_checker : Check the connection between Controller node and Wazuh Indexer] *** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] TASK [host_checker : set_fact] ************************************************* ok: [centos-manager] ok: [windows-agent] ok: [centos-agent] ok: [ubuntu-agent] TASK [host_checker : Verify if any check have failed] ************************** skipping: [centos-manager] skipping: [windows-agent] skipping: [centos-agent] skipping: [ubuntu-agent] PLAY RECAP ********************************************************************* centos-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 centos-manager : ok=9 changed=4 unreachable=0 failed=0 skipped=11 rescued=0 ignored=1 ubuntu-agent : ok=8 changed=3 unreachable=0 failed=0 skipped=12 rescued=0 ignored=0 windows-agent : ok=4 changed=1 unreachable=0 failed=0 skipped=16 rescued=0 ignored=0 PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Get euid] **************************************************************** changed: [centos-manager] TASK [Create wazuh audit rules file] ******************************************* changed: [centos-manager] TASK [Delete previous audit rules] ********************************************* changed: [centos-manager] TASK [Load audit rules] ******************************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] TASK [Ping google] ************************************************************* changed: [centos-manager] TASK [Wait for alert to be generated] ****************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Delete wazuh audit rules file] ******************************************* changed: [centos-manager] TASK [Delete audit rules] ****************************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_aws_infrastructure_monitoring/test_aws_infrastructure_monitoring.py::test_aws_infrastructure_monitoring[CloudTrail service]

259.88

-----------------------------Captured stdout setup------------------------------
PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Configure the aws-s3 wodle] ********************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] TASK [Install boto3 python package (script dependency)] ************************ changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] TASK [Run the script using python3 (create S3 bucket)] ************************* changed: [centos-manager] TASK [Wait for the alert to be generated] ************************************** ok: [centos-manager] TASK [Wait for alerts to be indexed] ******************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=6 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Remove the aws-s3 wodle block] ******************************************* changed: [centos-manager] TASK [Delete the created bucket using the AWS API] ***************************** changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_brute_force/test_brute_force_ssh/test_brute_force_ssh.py::test_brute_force_ssh[ssh_brute_force]

45.14

-----------------------------Captured stdout setup------------------------------
{ "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [localhost] TASK [Attempt a SSH brute force attack] **************************************** changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) changed: [localhost] => (item=test_user) TASK [Wait for alert] ********************************************************** ok: [localhost] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_detecting_suspicious_binaries/test_detecting_suspicious_binaries.py::test_detecting_suspicious_binaries[detect_trojaned_file]

86.98

Passed

tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_pull]

92.62

Passed

tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_run]

45.95

Passed

tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_exec]

47.32

Passed

tests/end_to_end/test_basic_cases/test_docker_monitoring/test_docker_monitoring.py::test_docker_monitoring[docker_rm]

81.53

Passed

tests/end_to_end/test_basic_cases/test_emotet/test_emotet.py::test_emotet[emotet_attack]

202.87

-----------------------------Captured stdout setup------------------------------
PLAY [Configure Windows agent environment] ************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Enable auto logon] ******************************************************* ok: [windows-agent] TASK [Reboot Windows] ********************************************************** changed: [windows-agent] TASK [Disable Windows Defender] ************************************************ changed: [windows-agent] TASK [Create temp folder] ****************************************************** changed: [windows-agent] TASK [Download PSTools] ******************************************************** changed: [windows-agent] TASK [Unzip PSTools] *********************************************************** changed: [windows-agent] TASK [Copy ossec.conf] ********************************************************* changed: [windows-agent] TASK [Download sysmon] ********************************************************* changed: [windows-agent] TASK [Unzip sysmon] ************************************************************ changed: [windows-agent] TASK [Download Sysmon configuration file] ************************************** changed: [windows-agent] TASK [Install sysmon] ********************************************************** changed: [windows-agent] TASK [Configure Wazuh to collect Sysmon events] ******************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** changed: [windows-agent] TASK [Download trigger_emotet.exe] ********************************************* changed: [windows-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Configure local rules] *************************************************** TASK [manage_wazuh_configurations : Configure local rules] ********************* changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 windows-agent : ok=15 changed=13 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Execute trigger-emotet.exe] ********************************************** changed: [windows-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Wait for alert] ********************************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Windows agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Restore ossec.conf without changes] ************************************** changed: [windows-agent] TASK [Uninstall Sysmon] ******************************************************** changed: [windows-agent] TASK [Kill trigger-emotet.exe] ************************************************* changed: [windows-agent] TASK [Delete C:\temp folder] *************************************************** changed: [windows-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] TASK [Enable Windows Defender] ************************************************* changed: [windows-agent] PLAY RECAP ********************************************************************* windows-agent : ok=7 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[create_file_linux]

89.05

Passed

tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[modify_file_linux]

41.61

Passed

tests/end_to_end/test_basic_cases/test_fim/test_fim_linux/test_fim_linux.py::test_fim_linux[delete_file_linux]

75.51

-----------------------------Captured stdout setup------------------------------
PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete a file from the monitored folder] ********************************* changed: [ubuntu-agent] changed: [centos-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Wait for alert to be generated] ****************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Linux agent environment] ***************************************** TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] ok: [centos-agent] TASK [Delete syscheck configuration] ******************************************* changed: [ubuntu-agent] changed: [centos-agent] TASK [Delete folder] *********************************************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] skipping: [ubuntu-agent] PLAY RECAP ********************************************************************* centos-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_fim/test_fim_windows/test_fim_windows.py::test_fim_windows[create_file_windows]

86.97

Passed

tests/end_to_end/test_basic_cases/test_fim/test_fim_windows/test_fim_windows.py::test_fim_windows[modify_file_windows]

39.38

Passed

tests/end_to_end/test_basic_cases/test_fim/test_fim_windows/test_fim_windows.py::test_fim_windows[delete_file_windows]

57.04

-----------------------------Captured stdout setup------------------------------
PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Delete a file from the monitored folder] ********************************* changed: [windows-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Wait for alert to be generated] ****************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Windows agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Delete syscheck configuration] ******************************************* changed: [windows-agent] TASK [Delete directory to monitor (Windows)] *********************************** changed: [windows-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] PLAY RECAP ********************************************************************* windows-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_ip_reputation/test_ip_reputation.py::test_ip_reputation[ip_reputation_active_response]

174.89

-----------------------------Captured stdout setup------------------------------
PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Install apache] ********************************************************** changed: [centos-manager] TASK [Start apache] ************************************************************ changed: [centos-manager] TASK [Download Alienvault IP set] ********************************************** changed: [centos-manager] TASK [Download script to convert from ipset format to cdblist format] ********** changed: [centos-manager] TASK [Add the attacker IP to the list] ***************************************** changed: [centos-manager] TASK [Convert .ipset to .cdb using script] ************************************* changed: [centos-manager] TASK [Remove the .ipset file and the script] *********************************** changed: [centos-manager] TASK [Assign the right permissions and owner to the file] ********************** changed: [centos-manager] TASK [Configure ossec.conf] **************************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Configure local rules] *************************************************** TASK [manage_wazuh_configurations : Configure local rules] ********************* changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY [Configure Windows agent environment] ************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Add hostname to hosts file] ********************************************** changed: [windows-agent] PLAY RECAP ********************************************************************* centos-manager : ok=13 changed=12 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Access Apache web server] ************************************************ changed: [windows-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Waiting for alert] ******************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Uninstall apache] ******************************************************** changed: [centos-manager] TASK [Delete added rules] ****************************************************** changed: [centos-manager] TASK [Delete the ossec.conf configuration] ************************************* changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY [Cleanup Windows agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Delete syscheck configuration] ******************************************* changed: [windows-agent] PLAY RECAP ********************************************************************* centos-manager : ok=6 changed=5 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_osquery_integration/test_osquery_integration.py::test_osquery_integration[low_free_memory]

204.00

-----------------------------Captured stdout setup------------------------------
PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Check if Osquery is installed or not on CentOS] ************************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": ["systemctl", "status", "osqueryd", "--no-pager"], "delta": "0:00:00.011411", "end": "2022-08-29 22:18:50.704517", "msg": "non-zero return code", "rc": 3, "start": "2022-08-29 22:18:50.693106", "stderr": "", "stderr_lines": [], "stdout": "● osqueryd.service - The osquery Daemon\n Loaded: loaded (/usr/lib/systemd/system/osqueryd.service; disabled; vendor preset: disabled)\n Active: inactive (dead)", "stdout_lines": ["● osqueryd.service - The osquery Daemon", " Loaded: loaded (/usr/lib/systemd/system/osqueryd.service; disabled; vendor preset: disabled)", " Active: inactive (dead)"]} ...ignoring TASK [Install Osquery on CentOS] *********************************************** skipping: [centos-manager] TASK [Configure Osquery] ******************************************************* changed: [centos-manager] TASK [Configure the Osquery module] ******************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Start Osquery] *********************************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] TASK [Check if stress is installed or not on CentOS] *************************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": ["rpm", "-q", "stress"], "delta": "0:00:00.008624", "end": "2022-08-29 22:19:31.182220", "msg": "non-zero return code", "rc": 1, "start": "2022-08-29 22:19:31.173596", "stderr": "", "stderr_lines": [], "stdout": "package stress is not installed", "stdout_lines": ["package stress is not installed"]} ...ignoring TASK [Install stress] ********************************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=9 changed=8 unreachable=0 failed=0 skipped=4 rescued=0 ignored=2 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] TASK [Truncate osquery results file] ******************************************* changed: [centos-manager] TASK [Stress system memory] **************************************************** changed: [centos-manager] TASK [Wait for alerts to be generated] ***************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Delete Osquery configuration file] *************************************** changed: [centos-manager] TASK [Delete the Osquery module configuration] ********************************* changed: [centos-manager] TASK [Stop Osquery] ************************************************************ changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] TASK [Uninstall stress] ******************************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=7 changed=6 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_shellshock_attack_detection/test_shellshock_attack_detection.py::test_shellshock_attack_detection[shellshock_attack]

126.72

-----------------------------Captured stdout setup------------------------------
PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Configure a localfile instance to collect the logs from Apache] ********** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] TASK [Check if Firewalld is installed on CentOS] ******************************* fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": "systemctl status firewalld --no-pager", "delta": "0:00:00.009196", "end": "2022-08-29 22:22:43.256229", "msg": "non-zero return code", "rc": 4, "start": "2022-08-29 22:22:43.247033", "stderr": "Unit firewalld.service could not be found.", "stderr_lines": ["Unit firewalld.service could not be found."], "stdout": "", "stdout_lines": []} ...ignoring TASK [Stop Firewalld if it's installed and active] ***************************** skipping: [centos-manager] TASK [Check if Apache is installed or not on CentOS] *************************** fatal: [centos-manager]: FAILED! => {"changed": true, "cmd": "systemctl status httpd --no-pager", "delta": "0:00:00.008678", "end": "2022-08-29 22:22:47.286366", "msg": "non-zero return code", "rc": 4, "start": "2022-08-29 22:22:47.277688", "stderr": "Unit httpd.service could not be found.", "stderr_lines": ["Unit httpd.service could not be found."], "stdout": "", "stdout_lines": []} ...ignoring TASK [Install Apache Server on CentOS] ***************************************** changed: [centos-manager] TASK [Start Apache] ************************************************************ changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=8 changed=7 unreachable=0 failed=0 skipped=4 rescued=0 ignored=2 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] TASK [Shellshock attack] ******************************************************* changed: [centos-manager] TASK [Wait for alerts to be generated] ***************************************** ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Delete localfile configuration] ****************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_slack_integration/test_slack_integration.py::test_slack_integration[slack_integration_brute_force_attack]

164.49

-----------------------------Captured stdout setup------------------------------
PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Set the Slack integration block] ***************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate integrations log] *********************************************** changed: [centos-manager] TASK [Attempt a brute force SSH attack] **************************************** changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) changed: [centos-manager] => (item=not-a-user) TASK [Wait for the alert to be generated] ************************************** Pausing for 5 seconds (ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort) ok: [centos-manager] TASK [Check if the alert has been sent to Slack] ******************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] TASK [Run the script using python3 (Get messages from Slack channel)] ********** changed: [centos-manager] TASK [Get Slack messages log] ************************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=8 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Clean added host] ******************************************************** changed: [centos-manager] TASK [Remove the Slack integration block] ************************************** ok: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_sql_injection/test_sql_injection.py::test_sql_injection[sql_injection]

130.02

-----------------------------Captured stdout setup------------------------------
PLAY [Configure CentOS agent environment] ************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] TASK [Install apache] ********************************************************** changed: [centos-agent] TASK [Start apache] ************************************************************ changed: [centos-agent] TASK [Configure agent to monitor the Apache access logs] *********************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-agent] TASK [Restart agent] *********************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=6 changed=5 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [localhost] TASK [Run SQL injection] ******************************************************* changed: [localhost] TASK [Wait for alert] ********************************************************** ok: [localhost] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 localhost : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup CentOS agent environment] **************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] TASK [Delete localfile configuration] ****************************************** changed: [centos-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_unauthorized_processes_detection/test_unauthorized_processes_detection.py::test_unauthorized_processes_detection[netcat]

265.61

-----------------------------Captured stdout setup------------------------------
PLAY [Configure Linux agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] ok: [centos-agent] TASK [Configure agent to get a list of running processes] ********************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [Install netcat (CentOS)] ************************************************* skipping: [ubuntu-agent] ok: [centos-agent] TASK [Install netcat (Ubuntu)] ************************************************* skipping: [centos-agent] ok: [ubuntu-agent] PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Configure local rules] *************************************************** TASK [manage_wazuh_configurations : Configure local rules] ********************* changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=5 changed=3 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=5 changed=3 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [ubuntu-agent] ok: [centos-agent] TASK [Run netcat] ************************************************************** fatal: [centos-agent]: FAILED! => {"changed": false, "msg": "The command action failed to execute in the expected time frame (30) and was terminated"} ...ignoring fatal: [ubuntu-agent]: FAILED! => {"changed": false, "msg": "The command action failed to execute in the expected time frame (30) and was terminated"} ...ignoring TASK [Wait for alert] ********************************************************** ok: [ubuntu-agent] ok: [centos-agent] TASK [Kill netcat] ************************************************************* changed: [ubuntu-agent] changed: [centos-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1 centos-manager : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ubuntu-agent : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=1
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Linux agent environment] ***************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] ok: [ubuntu-agent] TASK [Delete agent configuration] ********************************************** changed: [centos-agent] changed: [ubuntu-agent] TASK [Restart wazuh-agent] ***************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] skipping: [ubuntu-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [ubuntu-agent] changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] skipping: [ubuntu-agent] PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Delete added rules] ****************************************************** changed: [centos-manager] TASK [Restart wazuh-manager] *************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 ubuntu-agent : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_virustotal_integration/test_virustotal_integration.py::test_virustotal_integration[remove_malicious_file]

206.47

-----------------------------Captured stdout setup------------------------------
PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Configure Virustotal integration and active response] ******************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-manager] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-manager] TASK [Configure local rules virustotal integration] **************************** TASK [manage_wazuh_configurations : Configure local rules] ********************* changed: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] TASK [Restart manager] ********************************************************* TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY [Configure CentOS agent environment] ************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] TASK [Configure syscheck] ****************************************************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** changed: [centos-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** skipping: [centos-agent] TASK [Add active response script] ********************************************** changed: [centos-agent] TASK [Install jq] ************************************************************** changed: [centos-agent] TASK [Change remove-threat.sh owner and permissions] *************************** changed: [centos-agent] TASK [Restart agent] *********************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=7 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 centos-manager : ok=6 changed=5 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-agent] TASK [Download malicious file] ************************************************* changed: [centos-agent] TASK [Wait for alert] ********************************************************** ok: [centos-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_virustotal_integration/test_virustotal_integration.py::test_virustotal_integration[harmless_file]

152.37

-----------------------------Captured stdout setup------------------------------
PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-agent] TASK [Create harmless file] **************************************************** changed: [centos-agent] TASK [Wait for alert] ********************************************************** ok: [centos-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-agent : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 centos-manager : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup manager environment] ********************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Delete Virustotal integration and active response configuration] ********* changed: [centos-manager] TASK [Delete local rules virus total integration] ****************************** changed: [centos-manager] TASK [Restart manager] ********************************************************* TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY [Cleanup agent environment] *********************************************** TASK [Gathering Facts] ********************************************************* ok: [centos-agent] TASK [Delete syscheck configuration] ******************************************* changed: [centos-agent] TASK [Delete active response script] ******************************************* ok: [centos-agent] TASK [Delete created file] ***************************************************** changed: [centos-agent] TASK [Restart agent] *********************************************************** TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [centos-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** changed: [centos-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-agent] PLAY RECAP ********************************************************************* centos-agent : ok=6 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 centos-manager : ok=5 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0

Passed

tests/end_to_end/test_basic_cases/test_windows_defender/test_windows_defender.py::test_windows_defender[detect_windows_defender_disable]

121.68

-----------------------------Captured stdout setup------------------------------
PLAY [TConfigure Windows agent environment] ************************************ TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Create temp folder] ****************************************************** changed: [windows-agent] TASK [Copy ossec.conf] ********************************************************* changed: [windows-agent] TASK [Enable the agent to collect Windows Defender logs] *********************** TASK [manage_wazuh_configurations : Configure ossec.conf linux] **************** skipping: [windows-agent] TASK [manage_wazuh_configurations : Configure ossec.conf windows] ************** changed: [windows-agent] TASK [Restart agent] *********************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] PLAY [Configure manager environment] ******************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Configure local rules] *************************************************** TASK [manage_wazuh_configurations : Configure local rules] ********************* changed: [centos-manager] TASK [Restart manager] ********************************************************* TASK [manage_wazuh : Get installation type] ************************************ changed: [centos-manager] TASK [manage_wazuh : Restart manager service on linux] ************************* changed: [centos-manager] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [centos-manager] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* skipping: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=4 changed=3 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0 windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } { "ansible_connection": "ssh", "ansible_host": "172.31.11.12", "ansible_ssh_common_args": "-o StrictHostKeyChecking=no", "ansible_ssh_private_key_file": "/home/belen/ephemeral.pem", "ansible_user": "qa", "aws_access_key_id": "AKIA6B6B4XJHMKALDJGT", "aws_region": "us-east-1", "aws_secret_access_key": "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", "bucket_name": "aws-cloudtrail-logs-966237403726-09245154", "dashboard_password": "admin", "dashboard_user": "admin", "s3_url": "https://s3.amazonaws.com/ci.wazuh.com/qa/testing_files/end_to_end", "slack_channel": "C03EZKLR682", "slack_token": "xoxb-746532534132-3509688290194-ITgoGLhy542RzfE7p2FxVHVN", "virustotal_key": "3e4db70c621cd9dd9e3400254297eea03215987facca9931a42dcb86ffb8aa78", "web_hook_url": "https://hooks.slack.com/services/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" } PLAY [Clean alerts file] ******************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Truncate alert.json] ***************************************************** TASK [manage_alerts : Truncate file] ******************************************* changed: [centos-manager] PLAY [Generate events] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Disable Windows Defender] ************************************************ changed: [windows-agent] PLAY [Get alerts file] ********************************************************* TASK [Gathering Facts] ********************************************************* ok: [centos-manager] TASK [Waiting for alert] ******************************************************* ok: [centos-manager] TASK [Get alert json] ********************************************************** TASK [manage_alerts : Get alerts.json] ***************************************** changed: [centos-manager] PLAY RECAP ********************************************************************* centos-manager : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 windows-agent : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
----------------------------Captured stdout teardown----------------------------
PLAY [Cleanup Windows agent environment] *************************************** TASK [Gathering Facts] ********************************************************* ok: [windows-agent] TASK [Restore ossec.conf without changes] ************************************** changed: [windows-agent] TASK [Delete C:\temp folder] *************************************************** changed: [windows-agent] TASK [Enable Windows Defender] ************************************************* changed: [windows-agent] TASK [Restart agent] *********************************************************** TASK [manage_wazuh : Get installation type] ************************************ skipping: [windows-agent] TASK [manage_wazuh : Restart manager service on linux] ************************* skipping: [windows-agent] TASK [manage_wazuh : Restart agent service on linux] *************************** skipping: [windows-agent] TASK [manage_wazuh : Restart wazuh on Windows] ********************************* changed: [windows-agent] PLAY RECAP ********************************************************************* windows-agent : ok=5 changed=4 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0

Packages	{"pluggy": "0.13.1", "py": "1.10.0", "pytest": "6.2.2"}
Platform	Linux-5.15.0-46-generic-x86_64-with-glibc2.29
Plugins	{"ansible-playbook": "0.4.1", "html": "3.1.1", "metadata": "2.0.1", "testinfra": "5.0.0"}
Python	3.8.10

3166-T15-R2-e2e-belenvaldivia.html

Environment

Summary

Results