From 6f8a09e89c9cd838e4db6f77da45c1d2d2021687 Mon Sep 17 00:00:00 2001 From: Rishi Date: Tue, 30 Jul 2024 08:36:05 -0400 Subject: [PATCH] Added test data for Process Explorer - Downloads panel and updated selenium test for the panel --- .../fixtures/fileCreatedDownloads.json | 42 ++++++++++++++ .../queries/filter_fileCreatedDownloads.json | 57 +++++++++++++++++++ .../data_insertion_tests/test_server.py | 8 +++ .../test_process_explorer_dashboard.py | 6 +- 4 files changed, 110 insertions(+), 3 deletions(-) create mode 100644 testing/tests/api_tests/data_insertion_tests/fixtures/fileCreatedDownloads.json create mode 100644 testing/tests/api_tests/data_insertion_tests/queries/filter_fileCreatedDownloads.json diff --git a/testing/tests/api_tests/data_insertion_tests/fixtures/fileCreatedDownloads.json b/testing/tests/api_tests/data_insertion_tests/fixtures/fileCreatedDownloads.json new file mode 100644 index 00000000..902ca027 --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/fixtures/fileCreatedDownloads.json @@ -0,0 +1,42 @@ +{ + "winlog": { + "computer_name": "C2.lme.local", + "keywords": [ + "Test Data Insertion for Process Explorer" + ], + "user": { + "name": "APItestuserid", + "domain": "" + }, + "event_data": { + "LogonType": "2", + "SubjectUserName": "-", + "FailureReason": "%%2313", + "SubjectDomainName": "-", + "IpAddress": "194.169.175.22", + "TargetUserName": "solidart", + "LogonProcessName": "NtLmSsp ", + "SubjectUserSid": "S-1-0-0", + "TargetUserSid": "S-1-0-0", + "AuthenticationPackageName": "NTLM", + "TargetFilename": "C:\\Users\\admin.ackbar\\Downloads\\test.txt" + }, + "@timestamp": "2024-07-28T09:50:18.252Z", + "host": { + "name": "C2.lme.local" + } + }, + "event": { + "code": "11", + "provider": "Microsoft-Windows-Sysmon", + "action": "Download", + "outcome": "test" + }, + "user": { + "name": "APItestuserid", + "domain": "test" + }, + "host": { + "name": "C2.lme.local" + } + } \ No newline at end of file diff --git a/testing/tests/api_tests/data_insertion_tests/queries/filter_fileCreatedDownloads.json b/testing/tests/api_tests/data_insertion_tests/queries/filter_fileCreatedDownloads.json new file mode 100644 index 00000000..babca323 --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/queries/filter_fileCreatedDownloads.json @@ -0,0 +1,57 @@ +{ + "aggs": { + "2": { + "terms": { + "field": "winlog.event_data.TargetFilename", + "order": { + "_count": "desc" + }, + "size": 100 + } + } + }, + "size": 100, + "script_fields": {}, + "stored_fields": [ + "*" + ], + "_source": { + "excludes": [] + }, + "query": { + "bool": { + "must": [ + { + "query_string": { + "query": "winlog.event_data.TargetFilename:*\\\\Users\\\\*\\\\Downloads\\\\*", + "analyze_wildcard": true, + "time_zone": "America/New_York" + } + } + ], + "filter": [ + { + "match_phrase": { + "event.code": "11" + } + }, + { + "match_phrase": { + "event.provider": "Microsoft-Windows-Sysmon" + } + }, + { + "range": { + "@timestamp": { + "format": "strict_date_optional_time", + "gte": "2009-07-25T19:37:25.876Z", + "lte": "2024-07-25T19:37:25.876Z" + } + } + } + ], + "should": [], + "must_not": [] + } + } +} \ No newline at end of file diff --git a/testing/tests/api_tests/data_insertion_tests/test_server.py b/testing/tests/api_tests/data_insertion_tests/test_server.py index 7228b664..82bfaf34 100644 --- a/testing/tests/api_tests/data_insertion_tests/test_server.py +++ b/testing/tests/api_tests/data_insertion_tests/test_server.py @@ -50,6 +50,14 @@ def test_user_logon_events_insert(es_host, es_port, username, password): # Check to make sure the data was inserted assert(second_response_loaded['aggregations']['2']['buckets'][0]['key'] == 'APItestuserid') + + +def test_file_downloads_insert(es_host, es_port, username, password): + + second_response_loaded=insert_winlog_data(es_host, es_port, username, password, 'filter_fileCreatedDownloads.json', 'fileCreatedDownloads.json', 2) + + # Check to make sure the data was inserted + assert(second_response_loaded['aggregations']['2']['buckets'][0]['key'] == 'C:\\Users\\admin.ackbar\\Downloads\\test.txt') diff --git a/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py b/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py index b85ccb7a..0b217f8d 100644 --- a/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py @@ -20,11 +20,11 @@ def test_files_created_over_time_in_downloads(self, setup_login, kibana_url, tim driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Files created (in Downloads)", ".needarealvaluehere",".euiFlexGroup") - @pytest.mark.skip(reason="Skipping this test") + #@pytest.mark.skip(reason="Skipping this test") def test_files_created_in_downloads(self, setup_login, kibana_url, timeout): - #This dashboard panel is not working corectly. Shows no data even when there is data. Create issue LME#294 + #This dashboard panel is not working corectly. Shows no data even when there is data on DC instance downloads folder. Create issue LME#294 driver = setup_login - dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Files created (in Downloads)", ".euiFlexGroup", ".euiDataGrid__noResults",) + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Files created (in Downloads)", ".euiDataGrid", ".euiDataGrid__noResults",) def test_hosts(self, setup_login, kibana_url, timeout): driver = setup_login