Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration tests: Improve Wazuh manager statistics #3112

Closed
9 tasks
TomasTurina opened this issue Jul 19, 2022 · 4 comments
Closed
9 tasks

Integration tests: Improve Wazuh manager statistics #3112

TomasTurina opened this issue Jul 19, 2022 · 4 comments
Assignees
@juliamagan
Labels
level/task Task issue test-development type/enhancement

Comments

@TomasTurina
Copy link
Member

TomasTurina commented Jul 19, 2022
edited

Target version Related issue Related PR
4.4 wazuh/wazuh#13099 wazuh/wazuh#13713

Description

In order to validate the changes of the branch https://github.com/wazuh/wazuh/tree/dev-state-counters, some tests are required.

As part of wazuh/wazuh#13099, the statistics of the Wazuh manager have been improved.

Now, global statistics in JSON format can be requested using the API for the following daemons:

  • wazuh-remoted
  • wazuh-analysisd
  • wazuh-db

Also, agent's related statistics can be requested for the following daemons:

  • wazuh-remoted
  • wazuh-analysisd

Information related to the fields of the JSON can be found here and here.

All requests must point to the following sockets:

  • wazuh-remoted -> queue/sockets/remote
  • wazuh-analysisd -> queue/sockets/analysis
  • wazuh-remoted -> queue/db/wdb

Information related to the fields of the JSON request/response can be found here.

Note: Requests to get the active configuration of these three daemons have also been moved to JSON format and should also be tested in this issue.

Configuration

No extra configuration is required.

Logs

No logs needed to verify.

Feature validation

Use the new API endpoints to retrieve and validate these counters/configurations.

Test cases

When consulting daemons statistics, note that this mechanism may not be exact for all counters, so the results may not always be exactly the same. It should be better to compare between ranges of expected values rather than exact values.

  • Verify that wazuh-remoted global state counters work as expected: generate different type of messages and validate counters.

  • Verify that wazuh-remoted agents state counters work as expected: generate different type of messages and validate counters, they should only display statistics of connected agents.

  • Verify that wazuh-remoted active configuration is retrieved as expected: compare it with the configuration located at the ossec.conf and internal_options.conf files. Allowed values for section: remote, internal, global.

  • Verify that wazuh-analysisd global state counters work as expected: generate different type of events and validate counters.

  • Verify that wazuh-analysisd agents state counters work as expected: generate different type of events and validate counters, they should only display statistics of connected agents.

  • Verify that wazuh-analysisd active configuration is retrieved as expected: compare it with the configuration located at the ossec.conf and internal_options.conf files. Allowed values for section: global, active_response, alerts, decoders, rules, internal, command, labels, rule_test.

  • Verify that wazuh-db global state counters work as expected: generate different type of queries and validate counters.

  • Verify that wazuh-db active configuration is retrieved as expected: compare it with the configuration located at the ossec.conf and internal_options.conf files. Allowed values for section: internal, wdb.

  • Fix integration tests that were broken with these changes:

FAILED test_logtest/test_configuration/test_get_configuration_sock.py::test_get_configuration_sock[get_configuration0]
FAILED test_logtest/test_configuration/test_get_configuration_sock.py::test_get_configuration_sock[get_configuration1]
FAILED test_logtest/test_configuration/test_get_configuration_sock.py::test_get_configuration_sock[get_configuration2]
FAILED test_logtest/test_configuration/test_get_configuration_sock.py::test_get_configuration_sock[get_configuration3]
FAILED test_logtest/test_configuration/test_get_configuration_sock.py::test_get_configuration_sock[get_configuration4]

...

FAILED test_remoted/test_agent_communication/test_request_agent_info.py::test_request[udp,tcp-disconnected]
FAILED test_remoted/test_agent_communication/test_request_agent_info.py::test_request[udp,tcp-get_config]
FAILED test_remoted/test_agent_communication/test_request_agent_info.py::test_request[udp,tcp-get_state]

...

FAILED test_wazuh_db/test_wazuhdb_getconfig.py::test_sync_agent_groups[/tmp/Test: Get config empty parameter]
FAILED test_wazuh_db/test_wazuhdb_getconfig.py::test_sync_agent_groups[/tmp/Test: Get config wrong parameter]
FAILED test_wazuh_db/test_wazuhdb_getconfig.py::test_sync_agent_groups[/tmp/Test: Get internal config]
FAILED test_wazuh_db/test_wazuhdb_getconfig.py::test_sync_agent_groups[/tmp/Test: Get wdb config]
@TomasTurina TomasTurina added this to the Development 4.4 milestone Jul 19, 2022
@TomasTurina TomasTurina mentioned this issue Jul 19, 2022
Merged
13 tasks
@jmv74211 jmv74211 removed their assignment Aug 9, 2022
mauromalara added a commit that referenced this issue Sep 1, 2022
@mauromalara
refactor(#3112): replace fixed timout by dynamic alert searching.
eb541ae 
Signed-off-by: Mauro Malara <mauro.malara@wazuh.com>
mauromalara added a commit that referenced this issue Sep 1, 2022
@mauromalara
feat(#3112): merge base branch into 3212-fix-osquery.
6b69a99 
Signed-off-by: Mauro Malara <mauro.malara@wazuh.com>
@mauromalara mauromalara mentioned this issue Sep 1, 2022
Merged
@juliamagan juliamagan self-assigned this Sep 6, 2022
@juliamagan juliamagan assigned juliamagan and unassigned juliamagan Sep 15, 2022
@juliamagan
Copy link
Member

juliamagan commented Sep 26, 2022
edited

For this development, the tests will be divided into three different modules. In addition, these tests will test both the API request and the sockets:

Manager statistics

In these tests, we will check the statistics of three daemons: wazuh-remoted, wazuh-analysisd and wazuh-db.

We should check:

  • The statistics format is correct, i.e., no missing or extra keys.
  • The generated events appear in the statistics
  • If the queue is full, discarded events appear.

Examples of the statistics obtained:

wazuh-remoted 
{
    "error": 0,
    "data": {
        "uptime": 123456777,
        "timestamp": 123456789,
        "name": "wazuh-remoted",
        "metrics": {
            "bytes": {
                "received": 456789, // Bytes received from agents
                "sent": 123456 // Bytes sent to agents
            },
            "keys_reload_count": 5, // Number of times keys were reloaded into memory
            "messages": {
                "received_breakdown": {
                    "control": 545, // Control messages received from agents
                    "control_breakdown": {
                        "keepalive": 309, // Keepalive messages from agents
                        "request": 121, // Request messages (for example, WPK responses) from agents 
                        "shutdown": 10, // Shutdown messages from agents
                        "startup": 105 // Startup messages from agents
                    },
                    "dequeued_after": 12, // Messages dequeued after newer messages (counter < current counter)
                    "discarded": 71, // Messages discarded because the received queue was full
                    "event": 689, // Event messages (syscheck, syscollector, logcollector, etc.) received from agents
                    "ping": 115, // Ping messages received
                    "unknown": 19 // Not recognized messages
                },
                "sent_breakdown": {
                    "ack": 229, // ACK messages (response to keepalive, startup and shutdown) sent to agents
                    "ar": 15, // Active response messages sent to agents
                    "discarded": 1, // Messages discarded because the send queue was full
                    "request": 15, // Request messages (for example, WPK chunks) sent to agents 
                    "sca": 2, // SCA messages sent to agents
                    "shared": 80 // Shared configuration messages (merged.mg) sent to agents
                }
            },
            "queues": {
                "received": {
                    "size": 131072, // Size of received messages queue
                    "usage": 156 // Current usage of the received queue (count)
                }
            },
            "tcp_sessions": 100 // Current active TCP sessions (agents)
        }
    },
    "message": "ok"
}
wazuh-analysisd 
{
    "error": 0,
    "data": {
        "uptime": 123456777,
        "timestamp": 123456789,
        "name": "wazuh-analysisd",
        "metrics": {
            "bytes": {
                "received": 456789 // Bytes received from agents and local modules
            },
            "eps": {
                "available_credits": 29, // Available credits to process events in the current timeframe
                "events_dropped": 5, // Events discarded because the EPS limit was reached and queues were full
                "seconds_over_limit": 558 // Time in seconds the EPS limit was exceeded
            },
            "events": {
                "processed": 1286, // Total processed events (analyzed by rules)
                "received": 1514, // Total received events from agents and local modules
                "received_breakdown": {
                    "decoded_breakdown": {
                        "agent": 1, // Events coming from agentd
                        "agentless": 0, // Events coming from agentlessd
                        "dbsync": 154, // Synchronization events
                        "integrations_breakdown": {
                            "virustotal": 1 // Events coming from VirusTotal integration
                        },
                        "modules_breakdown": {
                            "aws": 39, // Events coming from AWS module
                            "azure": 14, // Events coming from Azure module
                            "ciscat": 22, // Events coming from CIS-CAT module
                            "command": 5, // Events coming from command module
                            "docker": 39, // Events coming from Docker module
                            "gcp": 12, // Events coming from GCP module
                            "github": 44, // Events coming from GitHub module
                            "logcollector_breakdown": {
                                "eventchannel": 37, // EventChannel events collected by logcollector
                                "eventlog": 15, // EventLog events collected by logcollector
                                "macos": 36, // MacOS events collected by logcollector
                                "others": 55 // Other events collected by logcollector
                            },
                            "office365": 6, // Events coming from Office365 module
                            "oscap": 0, // Events coming from OSCAP module
                            "osquery": 12, // Events coming from OSQuery module
                            "rootcheck": 25, // Events coming from rootcheck (syscheckd)
                            "sca": 68, // Events coming from SCA module
                            "syscheck": 514, // Events coming from syscheckd
                            "syscollector": 320, // Events coming from syscollector module
                            "upgrade": 10, // Events coming from upgrade agent module (upgrade responses)
                            "vulnerability": 14 // Events coming from vulnerability detector module
                        },
                        "monitor": 2, // Events coming from monitord
                        "remote": 2, // Events coming from remoted
                        "syslog": 3 // Events coming from syslog remoted
                    },
                    "dropped_breakdown": {
                        "agent": 0, // Events discarded from agentd because the queue was full
                        "agentless": 0, // Events discarded from agentless because the queue was full
                        "dbsync": 2, // Synchronization events discarded because the queue was full
                        "integrations_breakdown": {
                            "virustotal": 1 // Events discarded from VirusTotal integration because the queue was full
                        },
                        "modules_breakdown": {
                            "aws": 5, // Events discarded from AWS module because the queue was full
                            "azure": 2, // Events discarded from Azure module because the queue was full
                            "ciscat": 1, // Events discarded from CIS-CAT module because the queue was full
                            "command": 0, // Events discarded from command module because the queue was full
                            "docker": 3, // Events discarded from Docker module because the queue was full
                            "gcp": 0, // Events discarded from GCP module because the queue was full
                            "github": 1, // Events discarded from GitHub module because the queue was full
                            "logcollector_breakdown": {
                                "eventchannel": 3, // EventChannel events collected by logcollector discarded because the queue was full
                                "eventlog": 0, // EvelLog events collected by logcollector discarded because the queue was full
                                "macos": 2, // MacOS events collected by logcollector discarded because the queue was full
                                "others": 8 // Other events collected by logcollector discarded because the queue was full
                            },
                            "office365": 0, // Events discarded from Office365 module because the queue was full
                            "oscap": 0, // Events discarded from OSCAP module because the queue was full
                            "osquery": 0, // Events discarded from OSQuery module because the queue was full
                            "rootcheck": 1, // Events discarded from rootcheck module because the queue was full
                            "sca": 2, // Events discarded from SCA module because the queue was full
                            "syscheck": 6, // Events discarded from syscheck module because the queue was full
                            "syscollector": 4, // Events discarded from syscollector module because the queue was full
                            "upgrade": 0, // Events discarded from upgrade agent module because the queue was full
                            "vulnerability": 0 // Events discarded from vulnerability detector module because the queue was full
                        },
                        "monitor": 0, // Events discarded from monitord because the queue was full
                        "remote": 0, // Events discarded from remoted because the queue was full
                        "syslog": 1 // Events discarded from syslog remoted because the queue was full
                    }
                },
                "written_breakdown": {
                    "alerts": 269, // Alerts written in alerts log file
                    "archives": 1286, // Alerts written in archives log file
                    "firewall": 15, // Alerts written in firewall log file
                    "fts": 4, // Alerts written in FTS queue file
                    "stats": 22 // Alerts written in stats files
                }
            },
            "queues": {
                "alerts": {
                    "size": 16384, // Size of alerts messages queue
                    "usage": 12 // Current usage of the alerts queue (percentage)
                },
                "archives": {
                    "size": 16384, // Size of archives messages queue
                    "usage": 18 // Current usage of the archives queue (percentage)
                },
                "dbsync": {
                    "size": 16384, // Size of dbsync messages queue
                    "usage": 56 // Current usage of the dbsync queue (percentage)
                },
                "eventchannel": {
                    "size": 16384, // Size of eventchannel messages queue
                    "usage": 0 // Current usage of the eventchannel queue (percentage)
                },
                "firewall": {
                    "size": 16384, // Size of firewall messages queue
                    "usage": 0 // Current usage of the firewall queue (percentage)
                },
                "fts": {
                    "size": 16384, // Size of FTS messages queue
                    "usage": 0 // Current usage of the FTS queue (percentage)
                },
                "hostinfo": {
                    "size": 16384, // Size of hostinfo messages queue
                    "usage": 0 // Current usage of the hostinfo queue (percentage)
                },
                "others": {
                    "size": 16384, // Size of other events messages queue
                    "usage": 39 // Current usage of the other events queue (percentage)
                },
                "processed": {
                    "size": 16384, // Size of processed messages queue (to be analyzed by rules)
                    "usage": 105 // Current usage of the processed queue (percentage)
                },
                "rootcheck": {
                    "size": 16384, // Size of rootcheck messages queue
                    "usage": 3 // Current usage of the rootcheck queue (percentage)
                },
                "sca": {
                    "size": 16384, // Size of SCA messages queue
                    "usage": 5 // Current usage of the SCA queue (percentage)
                },
                "stats": {
                    "size": 16384, // Size of stats messages queue
                    "usage": 0 // Current usage of the stats queue (percentage)
                },
                "syscheck": {
                    "size": 16384, // Size of syscheck messages queue
                    "usage": 35 // Current usage of the syscheck queue (percentage)
                },
                "syscollector": {
                    "size": 16384, // Size of syscollector messages queue
                    "usage": 15 // Current usage of the syscollector queue (percentage)
                },
                "upgrade": {
                    "size": 16384, // Size of upgrade messages queue
                    "usage": 1 // Current usage of the upgrade queue (percentage)
                }
            }
        }
    },
    "message": "ok"
}
wazuh-db 
{
    "error": 0,
    "data": {
        "uptime": 123456777,
        "timestamp": 123456789,
        "name": "wazuh-db",
        "metrics": {
            "queries": {
                "received": 1463,
                "received_breakdown": {
                    "agent": 780,
                    "agent_breakdown": {
                        "db": {
                            "begin": 28,
                            "close": 33,
                            "commit": 4,
                            "remove": 12,
                            "sql": 31
                        },
                        "tables": {
                            "ciscat": {
                                "ciscat": 0
                            },
                            "rootcheck": {
                                "rootcheck": 6
                            },
                            "sca": {
                                "sca": 96
                            },
                            "sync": {
                                "dbsync": 46
                            },
                            "syscheck": {
                                "fim_file": 86,
                                "fim_registry": 3,
                                "syscheck": 9
                            },
                            "syscollector": {
                                "syscollector_hotfixes": 1,
                                "syscollector_hwinfo": 5,
                                "syscollector_network_address": 15,
                                "syscollector_network_iface": 19,
                                "syscollector_network_protocol": 14,
                                "syscollector_osinfo": 5,
                                "syscollector_packages": 20,
                                "syscollector_ports": 56,
                                "syscollector_processes": 105,
                                "deprecated": {
                                    "hardware": 1,
                                    "hotfix": 5,
                                    "netaddr": 8,
                                    "netinfo": 2,
                                    "netproto": 3,
                                    "osinfo": 1,
                                    "package": 23,
                                    "port": 21,
                                    "process": 63
                                }
                            },
                            "vulnerability": {
                                "vuln_cves": 39
                            }
                        }
                    },
                    "global": 600,
                    "global_breakdown": {
                        "db": {
                            "backup": 1,
                            "sql": 15
                        },
                        "tables": {
                            "agent": {
                                "delete-agent": 3,
                                "disconnect-agents": 8,
                                "find-agent": 4,
                                "get-agent-info": 9,
                                "get-agents-by-connection-status": 26,
                                "get-all-agents": 7,
                                "get-groups-integrity": 13,
                                "insert-agent": 49,
                                "reset-agents-connection": 1,
                                "select-agent-group": 11,
                                "select-agent-name": 19,
                                "set-agent-groups": 10,
                                "sync-agent-groups-get": 15,
                                "sync-agent-info-get": 1,
                                "sync-agent-info-set": 4,
                                "update-agent-data": 62,
                                "update-agent-name": 12,
                                "update-connection-status": 26,
                                "update-keepalive": 88
                            },
                            "belongs": {
                                "get-group-agents": 8,
                                "select-group-belong": 14
                            },
                            "group": {
                                "delete-group": 12,
                                "find-group": 4,
                                "insert-agent-group": 38,
                                "select-groups": 96
                            },
                            "labels": {
                                "get-labels": 26
                            }
                        }
                    },
                    "mitre": 32,
                    "mitre_breakdown": {
                        "db": {
                            "sql": 30
                        }
                    },
                    "task": 22,
                    "task_breakdown": {
                        "db": {
                            "sql": 3
                        },
                        "tables": {
                            "tasks": {
                                "delete_old": 0,
                                "set_timeout": 1,
                                "upgrade": 2,
                                "upgrade_cancel_tasks": 0,
                                "upgrade_custom": 5,
                                "upgrade_get_status": 3,
                                "upgrade_result": 1,
                                "upgrade_update_status": 5
                            }
                        }
                    },
                    "wazuhdb": 5,
                    "wazuhdb_breakdown": {
                        "db": {
                            "remove": 4
                        }
                    }
                }
            },
            "time": {
                "execution": 18334,
                "execution_breakdown": {
                    "agent": 9514,
                    "agent_breakdown": {
                        "db": {
                            "begin": 498,
                            "close": 232,
                            "commit": 121,
                            "remove": 322,
                            "sql": 715
                        },
                        "tables": {
                            "ciscat": {
                                "ciscat": 0
                            },
                            "rootcheck": {
                                "rootcheck": 122
                            },
                            "sca": {
                                "sca": 965
                            },
                            "sync": {
                                "dbsync": 785
                            },
                            "syscheck": {
                                "fim_file": 1452,
                                "fim_registry": 365,
                                "syscheck": 79
                            },
                            "syscollector": {
                                "syscollector_hotfixes": 35,
                                "syscollector_hwinfo": 158,
                                "syscollector_network_address": 222,
                                "syscollector_network_iface": 406,
                                "syscollector_network_protocol": 209,
                                "syscollector_osinfo": 200,
                                "syscollector_packages": 506,
                                "syscollector_ports": 336,
                                "syscollector_processes": 683,
                                "deprecated": {
                                    "hardware": 5,
                                    "hotfix": 18,
                                    "netaddr": 49,
                                    "netinfo": 6,
                                    "netproto": 32,
                                    "osinfo": 5,
                                    "package": 329,
                                    "port": 95,
                                    "process": 199
                                }
                            },
                            "vulnerability": {
                                "vuln_cves": 365
                            }
                        }
                    },
                    "global": 7704,
                    "global_breakdown": {
                        "db": {
                            "backup": 105,
                            "sql": 236
                        },
                        "tables": {
                            "agent": {
                                "delete-agent": 22,
                                "disconnect-agents": 232,
                                "find-agent": 100,
                                "get-agent-info": 25,
                                "get-agents-by-connection-status": 695,
                                "get-all-agents": 36,
                                "get-groups-integrity": 147,
                                "insert-agent": 695,
                                "reset-agents-connection": 6,
                                "select-agent-group": 325,
                                "select-agent-name": 126,
                                "set-agent-groups": 109,
                                "sync-agent-groups-get": 215,
                                "sync-agent-info-get": 95,
                                "sync-agent-info-set": 39,
                                "update-agent-data": 436,
                                "update-agent-name": 232,
                                "update-connection-status": 123,
                                "update-keepalive": 965
                            },
                            "belongs": {
                                "get-group-agents": 66,
                                "select-group-belong": 189
                            },
                            "group": {
                                "delete-group": 318,
                                "find-group": 187,
                                "insert-agent-group": 459,
                                "select-groups": 1012
                            },
                            "labels": {
                                "get-labels": 509
                            }
                        }
                    },
                    "mitre": 419,
                    "mitre_breakdown": {
                        "db": {
                            "sql": 419
                        }
                    },
                    "task": 204,
                    "task_breakdown": {
                        "db": {
                            "sql": 29
                        },
                        "tables": {
                            "tasks": {
                                "delete_old": 0,
                                "set_timeout": 7,
                                "upgrade": 7,
                                "upgrade_cancel_tasks": 0,
                                "upgrade_custom": 19,
                                "upgrade_get_status": 35,
                                "upgrade_result": 9,
                                "upgrade_update_status": 98
                            }
                        }
                    },
                    "wazuhdb": 493,
                    "wazuhdb_breakdown": {
                        "db": {
                            "remove": 493
                        }
                    }
                }
            }
        }
    },
    "message": "ok"
}

Agent statistics

In these tests, we will check the statistics of three daemons: wazuh-remoted and wazuh-analysisd.

We should check:

  • The format of the statistics is correct, i.e., no missing or extra keys.
  • The generated events appear in the statistics
  • If the queue is full, discarded events appear.

Examples of the statistics obtained:

wazuh-remoted 
{
    "error": 0,
    "data": {
        "timestamp": 123456789,
        "name": "wazuh-remoted",
        "agents": [
            {
                "uptime": 123456777,
                "id": 15, // Agent ID
                "metrics": {
                    "messages": {
                        "received_breakdown": {
                            "control": 545, // Control messages received from agent
                            "control_breakdown": {
                                "keepalive": 309, // Keepalive messages from agent
                                "request": 121, // Request messages (for example, WPK responses) from agent
                                "shutdown": 10, // Shutdown messages from agent
                                "startup": 105 // Startup messages from agent
                            },
                            "event": 689 // Event messages (syscheck, syscollector, logcollector, etc.) received from agent
                        },
                        "sent_breakdown": {
                            "ack": 229, // ACK messages (response to keepalive, startup and shutdown) sent to agent
                            "ar": 15, // Active response messages sent to agent
                            "discarded": 1, // Messages discarded because the send queue was full (for this agent)
                            "request": 15, // Request messages (for example, WPK chunks) sent to agent
                            "sca": 2, // SCA messages sent to agent
                            "shared": 80 // Shared configuration messages (merged.mg) sent to agent
                        }
                    }
                }
            },
            {
                "uptime": 123456779,
                "id": 18, // Agent ID
                "metrics": {
                    // Daemon metrics of agent
                }
            }
        ]
    },
    "message": "ok"
}
wazuh-analysisd 
{
    "error": 0,
    "data": {
        "timestamp": 123456789,
        "name": "wazuh-analysisd",
        "agents": [
            {
                "uptime": 123456777,
                "id": 15, // Agent ID
                "metrics": {
                    "events": {
                        "processed": 1286, // Total processed events (analyzed by rules) from agent
                        "received_breakdown": {
                            "decoded_breakdown": {
                                "agent": 1, // Events coming from agentd (this agent)
                                "dbsync": 154, // Synchronization events (this agent)
                                "integrations_breakdown": {
                                    "virustotal": 1 // Events coming from VirusTotal (this agent)
                                },
                                "modules_breakdown": {
                                    "aws": 39, // Events coming from AWS module (this agent)
                                    "azure": 14, // Events coming from Azure module (this agent)
                                    "ciscat": 22, // Events coming from CIS-CAT module (this agent)
                                    "command": 5, // Events coming from command module (this agent)
                                    "docker": 39, // Events coming from Docker module (this agent)
                                    "gcp": 12, // Events coming from GCP module (this agent)
                                    "github": 44, // Events coming from GitHub module (this agent)
                                    "logcollector_breakdown": {
                                        "eventchannel": 37, // EventChannel events collected by logcollector (this agent)
                                        "eventlog": 15, // EventLog events collected by logcollector (this agent)
                                        "macos": 36, // MacOS events collected by logcollector (this agent)
                                        "others": 55 // Other events collected by logcollector (this agent)
                                    },
                                    "office365": 6, // Events coming from Office365 module (this agent)
                                    "oscap": 0, // Events coming from OSCAP module (this agent)
                                    "osquery": 12, // Events coming from OSQuery module (this agent)
                                    "rootcheck": 25, // Events coming from rootcheck (this agent)
                                    "sca": 68, // Events coming from SCA module (this agent)
                                    "syscheck": 514, // Events coming from syscheckd (this agent)
                                    "syscollector": 320, // Events coming from syscollector module (this agent)
                                    "upgrade": 10, // Events coming from upgrade agent module (this agent)
                                    "vulnerability": 14 // Events coming from vulnerability detector (this agent)
                                },
                                "monitor": 2, // Events coming from monitord (this agent)
                                "remote": 2 // Events coming from remoted (this agent)
                            }
                        },
                        "written_breakdown": {
                            "alerts": 269, // Alerts written in alerts log file (this agent)
                            "archives": 1286, // Alerts written in archives log file (this agent)
                            "firewall": 15 // Alerts written in firewall log file (this agent)
                        }
                    }
                }
            },
            {
                "uptime": 123456779,
                "id": 18, // Agent ID
                "metrics": {
                    // Daemon metrics of agent
                }
            }
        ]
    },
    "message": "ok"
}

Get configuration

We must request and check the configuration of the three daemons. We will test to obtain both the default configuration and a custom configuration.

To get this configuration, we must specify the section:

  • wazuh-remoted:

    • remote
    • internal
    • global

  • wazuh-analysisd:

    • active_response
    • alerts
    • decoders
    • rules
    • command
    • labels
    • rule_test
    • internal
    • global

  • wazuh-db:

    • wdb
    • internal

@juliamagan
Copy link
Member

Update 11/10/2022

After trying to implement the test as a system test, it has been decided that it will be an integration test using the agent simulator, although we will not be able to cover all types of events until we update this simulator.

The behavior of the simulator has been studied and tested to see how it can help the test implementation.

In addition, we have started with the test that returns the manager configuration, trying to follow the format of the Vulnerability Detector integration tests.

This was referenced Nov 16, 2022
Closed
Closed
Closed
Closed
Closed
@juliamagan
Copy link
Member

juliamagan commented Nov 16, 2022
edited

Update 16/11/2022

This issue will be divided into the following issues:

@juliamagan juliamagan mentioned this issue Nov 16, 2022
Closed
2 tasks
@jmv74211 jmv74211 added the Epic label Nov 17, 2022
@jmv74211 jmv74211 removed this from the Development 4.4 milestone Nov 17, 2022
This was referenced Jan 16, 2023
Closed
Closed
Closed
Closed
jmv74211 pushed a commit that referenced this issue Jan 25, 2023
@juliamagan
feat(#3112): add API statistics format test
a9b814d
QU3B1M pushed a commit that referenced this issue Mar 15, 2023
@juliamagan @QU3B1M
feat(#3112): add API statistics format test
69f3fb7
@juliamagan juliamagan added level/task Task issue and removed level/epic labels Apr 27, 2023
@damarisg damarisg mentioned this issue Jul 25, 2023
Closed
7 tasks
@vikman90
Copy link
Member

Closing this issue. Superseded by version 5.0.

@vikman90 vikman90 closed this as not planned Won't fix, can't repro, duplicate, stale Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@juliamagan juliamagan

Labels
level/task Task issue test-development type/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@damarisg @vikman90 @TomasTurina @jmv74211 @davidjiglesias @juliamagan