Test decoders before matching rules (#3446)

wazuh · Nov 4, 2021 · 239e4fb · 239e4fb
1 parent 085f00a
commit 239e4fb
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 36 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,6 +46,7 @@ All notable changes to the Wazuh app project will be documented in this file.
 - Refactored all try catch value of context for ErrorOrchestrator service. [#3432](https://github.com/wazuh/wazuh-kibana-app/pull/3432)
 - Refactored all try catch strategy on Controller/Groups section [#3415](https://github.com/wazuh/wazuh-kibana-app/pull/3415)
 - Refactored as module tabs and buttons are rendered [#3494](https://github.com/wazuh/wazuh-kibana-app/pull/3494)
+- Testing logs using the Ruletest Test don't display the rule information if not matching a rule. [#3446](https://github.com/wazuh/wazuh-kibana-app/pull/3446)
 
 ### Fixed
 

diff --git a/public/directives/wz-logtest/components/logtest.tsx b/public/directives/wz-logtest/components/logtest.tsx
@@ -65,34 +65,37 @@ export const Logtest = compose(
   };
 
   const formatResult = (result, alert) => {
+    let returnedDataFormatted =`**Phase 1: Completed pre-decoding. \n    ` +
+    `full event:  ${result.full_log || '-'}  \n    ` +
+    `timestamp: ${(result.predecoder || '').timestamp || '-'} \n    ` +
+    `hostname: ${(result.predecoder || '').hostname || '-'} \n    ` +
+    `program_name: ${(result.predecoder || '').program_name || '-'} \n\n` +
+    `**Phase 2: Completed decoding. \n    ` +
+    `name: ${(result.decoder || '').name || '-'} \n    ` +
+    `${(result.decoder || '').parent ? `parent: ${(result.decoder || '').parent} \n    ` : ''}` +
+    `data: ${JSON.stringify(result.data || '-', null, 6).replace('}', '    }')} \n\n` ;
+
+    result.rule && (
+        returnedDataFormatted += `**Phase 3: Completed filtering (rules). \n    ` +
+        `id: ${(result.rule || '').id || '-'} \n    ` +
+        `level: ${(result.rule || '').level || '-'} \n    ` +
+        `description: ${(result.rule || '').description || '-'} \n    ` +
+        `groups: ${JSON.stringify((result.rule || '').groups || '-')} \n    ` +
+        `firedtimes: ${(result.rule || '').firedtimes || '-'} \n    ` +
+        `gdpr: ${JSON.stringify((result.rule || '').gdpr || '-')} \n    ` +
+        `gpg13: ${JSON.stringify((result.rule || '').gpg13 || '-')} \n    ` +
+        `hipaa: ${JSON.stringify((result.rule || '').hipaa || '-')} \n    ` +
+        `mail: ${JSON.stringify((result.rule || '').mail || '-')} \n    ` +
+        `mitre.id: ${JSON.stringify((result.rule || '').mitre || ''.id || '-')} \n    ` +
+        `mitre.technique: ${JSON.stringify((result.rule || '').mitre || ''.technique || '-')} \n    ` +
+        `nist_800_53: ${JSON.stringify((result.rule || '').nist_800_53 || '-')} \n    ` +
+        `pci_dss: ${JSON.stringify((result.rule || '').pci_dss || '-')} \n    ` +
+        `tsc: ${JSON.stringify((result.rule || '').tsc || '-')} \n` 
+      );
+
+      returnedDataFormatted += `${alert ? `**Alert to be generated. \n\n\n` : '\n\n'}`      
     return (
-      `**Phase 1: Completed pre-decoding. \n    ` +
-      `full event:  ${result.full_log || '-'}  \n    ` +
-      `timestamp: ${(result.predecoder || '').timestamp || '-'} \n    ` +
-      `hostname: ${(result.predecoder || '').hostname || '-'} \n    ` +
-      `program_name: ${(result.predecoder || '').program_name || '-'} \n\n` +
-      `**Phase 2: Completed decoding. \n    ` +
-      `name: ${(result.decoder || '').name || '-'} \n    ` +
-      `${(result.decoder || '').parent ? `parent: ${(result.decoder || '').parent} \n    ` : ''}` +
-      `data: ${JSON.stringify(result.data || '-', null, 6).replace('}', '    }')} \n\n` +
-      `**Phase 3: Completed filtering (rules). \n    ` +
-      `id: ${(result.rule || '').id || '-'} \n    ` +
-      `level: ${(result.rule || '').level || '-'} \n    ` +
-      `description: ${(result.rule || '').description || '-'} \n    ` +
-      `groups: ${JSON.stringify((result.rule || '').groups || '-')} \n    ` +
-      `firedtimes: ${(result.rule || '').firedtimes || '-'} \n    ` +
-      `gdpr: ${JSON.stringify((result.rule || '').gdpr || '-')} \n    ` +
-      `gpg13: ${JSON.stringify((result.rule || '').gpg13 || '-')} \n    ` +
-      `hipaa: ${JSON.stringify((result.rule || '').hipaa || '-')} \n    ` +
-      `mail: ${JSON.stringify((result.rule || '').mail || '-')} \n    ` +
-      `mitre.id: ${JSON.stringify((result.rule || '').mitre || ''.id || '-')} \n    ` +
-      `mitre.technique: ${JSON.stringify(
-        (result.rule || '').mitre || ''.technique || '-'
-      )} \n    ` +
-      `nist_800_53: ${JSON.stringify((result.rule || '').nist_800_53 || '-')} \n    ` +
-      `pci_dss: ${JSON.stringify((result.rule || '').pci_dss || '-')} \n    ` +
-      `tsc: ${JSON.stringify((result.rule || '').tsc || '-')} \n` +
-      `${alert ? `**Alert to be generated. \n\n\n` : '\n\n'}`
+      returnedDataFormatted
     );
   };
 
@@ -104,24 +107,24 @@ export const Logtest = compose(
     let gotToken = Boolean(token);
 
     try {
-      for (let event of events) {
+      for (let event of events) {        
         const response = await WzRequest.apiReq('PUT', '/logtest', {
           log_format: 'syslog',
           location: 'logtest',
           event,
           ...(token ? { token } : {}),
         });
+
         token = response.data.data.token;
         !sessionToken && !gotToken && token && dispatch(updateLogtestToken(token));
         token && (gotToken = true);
         responses.push(response);
-      }
-
-      const testResults = responses.map((response) =>
-        response.data.data.output.rule || ''
-          ? formatResult(response.data.data.output, response.data.data.alert)
-          : `No result found for: ${response.data.data.output.full_log} \n\n\n`
-      );
+      };
+      const testResults = responses.map((response) => {
+        return response.data.data.output || '' 
+        ? formatResult(response.data.data.output, response.data.data.alert)
+        : `No result found for: ${response.data.data.output.full_log} \n\n\n`
+      });
       setTestResult(testResults);
     } finally {
       setTesting(false);

diff --git a/public/react-services/wz-request.ts b/public/react-services/wz-request.ts
@@ -104,11 +104,12 @@ export class WzRequest {
     try {
       if (!method || !path || !body) {
         throw new Error('Missing parameters');
-      }
+      }      
       const id = JSON.parse(AppState.getCurrentAPI()).id;
       const requestData = { method, path, body, id };
       const response = await this.genericReq('POST', '/api/request', requestData);
       const hasFailed = (((response || {}).data || {}).data || {}).total_failed_items || 0;
+
       if (hasFailed) {
         const error =
           ((((response.data || {}).data || {}).failed_items || [])[0] || {}).error || {};