Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent results detected by vulnerability Detector in E2E Tests #23327

Closed
Rebits opened this issue May 7, 2024 · 3 comments · Fixed by #23339 or wazuh/wazuh-qa#5350
Closed

Inconsistent results detected by vulnerability Detector in E2E Tests #23327

Rebits opened this issue May 7, 2024 · 3 comments · Fixed by #23339 or wazuh/wazuh-qa#5350
Assignees
@MiguelazoDS
Labels
level/task type/bug Something isn't working

Comments

@Rebits
Copy link
Member

Rebits commented May 7, 2024

Wazuh version Component Install type Install method Platform
4.8.0-rc1 Vulnerability Detection Manager Packages Ubuntu22

Description

In Release 4.8.0 - RC 1 - Vulnerability Detection E2E tests It was noted that the vulnerability detector identified distinct vulnerabilities depending on whether the module was activated before or after agents were registered.

This discrepancy in results could potentially be attributed to the adequacy of the timeout duration allocated for the E2E tests. Given a duration of 3 minutes per agent, certain vulnerabilities may not have been fully explored within this timeframe. Moreover, variations in architectures further compounded the issue. For instance, in the case of a Windows agent, the detector identified one architecture as "" when vulnerability detection was disabled prior to agent initialization, whereas it detected "x86_64" under different circumstances. Further research is required

CVE-2024-21412

        [
            "CVE-2024-21412",
            "Microsoft Windows 11 Pro 10.0.22621.1105",
            "10.0.22621.1105",
            ""
        ]
        [
            "CVE-2024-21412",
            "Microsoft Windows 11 Pro 10.0.22621.1105",
            "10.0.22621.1105",
            "x86_64"
        ]

Evidences

Report: https://github.com/wazuh/wazuh/files/15234960/Test_e2e_system_284_test_vulnerability_detector.zip

Note

Currently tests are being launched enabling modulesd debug. Further evidence will be provided on this issue as soon as possible
@Rebits Rebits added type/bug Something isn't working level/task labels May 7, 2024
@Rebits Rebits mentioned this issue May 7, 2024
Closed
@Rebits Rebits changed the title Vulnerability Detector detect unconsistent results detected for E2E tests Inconsistent results detected by vulnerability Detector in E2E Tests May 7, 2024
@Dwordcito
Copy link
Member

This issue is probably related to how the wazuh-db returns the os information during a rescan after the on/off of the VD feature.

@sebasfalcone priority on this, please.

@MiguelazoDS
Copy link
Member

MiguelazoDS commented May 7, 2024
edited

Analysis

Environment

  • Manager Ubuntu 22
  • Agent Centos9
  • Agent Windows 11

image

Scan during Syscollector synchronization events

2384 vulnerabilities detected
image

78 vulnerabilities for Ubuntu 22
2139 vulnerabilities for Centos 9
167 vulnerabilities for Windows 11

image

Scan after Syscollector synchronization has ended

2384 vulnerabilities detected
image

78 vulnerabilities for Ubuntu 22
2139 vulnerabilities for Centos 9
167 vulnerabilities for Windows 11

image

Comparison

The issue is easily reproduced

image

Not only for Windows
image

@MiguelazoDS MiguelazoDS mentioned this issue May 7, 2024
Merged
2 tasks
@MiguelazoDS MiguelazoDS linked a pull request May 7, 2024 that will close this issue
Fix disparity between scan by events and re-scans #23339
Merged
2 tasks
@MiguelazoDS
Copy link
Member

MiguelazoDS commented May 7, 2024
edited

Update

Multiple errors showed up when editing the yaml file in QA integration tests

image

@juliamagan juliamagan mentioned this issue May 8, 2024
Closed
@MiguelazoDS MiguelazoDS linked a pull request May 8, 2024 that will close this issue
Added new package information from wdb wazuh/wazuh-qa#5350
Merged
@MiguelazoDS MiguelazoDS mentioned this issue May 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MiguelazoDS MiguelazoDS

Labels
level/task type/bug Something isn't working
Projects
Release 4.8.0
Status: Done
Milestone
No milestone
3 participants
@Rebits @MiguelazoDS @Dwordcito