-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.3.6 - Release Candidate 1 - E2E UX tests - Windows events #3102
Comments
Emulation of ATT&CK techniques and detection with WazuhSetting up the lab environmentSysmon configurationMapping Sysmon rules with MITRE attack techniques
Atomic Red Team installationART Execution Framework and Atomics folder installation
Importing the ART module
Get details of a particular technique
Check/Get prerequisites of a technique
Run the test for a particular technique
Clean-up on completion of the test
Attack emulation with ART
|
Test that Windows data collection works out of the box. 🟢After enabling
|
Check that for the same Windows events, the alerts rule ID is the same as in previous version. 🟡How this was checkedUsing the same standard than previous Windows events check, a custom script that generates events has been used.
|
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
Test information
Test environments
4.3.5
wazuh-indexer
Production
wazuh-server
Production
wazuh-dashboard
Production
wazuh-agent
Production
4.3.6
wazuh-indexer
Development
wazuh-server
Development
wazuh-dashboard
Development
wazuh-agent
Development
Test description
Test report procedure
All test results must have one of the following statuses:
Any failing test must be properly addressed with a new issue, detailing the error and the possible cause.
An extended report of the test results must be attached as a zip or txt. Please attach any documents, screenshots or tables to the issue update with the results. This report can be used by the auditors to dig deeper into any possible failures and details.
Reported issues to review
Conclusions 🟡
All tests have been executed and the results can be found here.
All tests have passed and the fails have been reported or justified. I, therefore, conclude that this issue is finished and OK for this release candidate.
However, the events and rules have not changed since the previous check so the already reported issue persists:
Issues
Detected issues and previously reported
60012
and60015
never trigger if the event is classified by channel. wazuh#12977Auditors' validation
The definition of done for this one is the validation of the conclusions and the test results from all auditors.
All checks from below must be accepted in order to close this issue.
The text was updated successfully, but these errors were encountered: