refac: the way to check the timestamp was changed. #3085

wazuh · Jul 20, 2022 · 4580a68 · 4580a68
1 parent 2a5ea15
commit 4580a68
Showing 1 changed file with 10 additions and 13 deletions.
diff --git a/tests/end_to_end/test_yara_integration/test_yara_integration.py b/tests/end_to_end/test_yara_integration/test_yara_integration.py
@@ -44,6 +44,11 @@ def test_yara_integration(configure_environment, metadata, get_dashboard_credent
     expected_indexed_alert = fr".+yara_rule\": \"{data_yara_rule}.+level.+{rule_level}.+id.+{rule_id}.+" \
                              fr"timestamp\": \"({timestamp_regex})\""
 
+    # Check that alert has been raised and save timestamp
+    raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
+                                   error_message='The alert has not occurred').result()
+    raised_alert_timestamp = raised_alert.group(1)
+
     query = e2e.make_query([
         {
           "term": {
@@ -59,26 +64,18 @@ def test_yara_integration(configure_environment, metadata, get_dashboard_credent
           "term": {
             "data.yara_rule": f"{data_yara_rule}"
           }
+        },
+        {
+            "term": {
+                "timestamp": f"{raised_alert_timestamp}"
+            }
         }
     ])
 
-    # Check that alert has been raised and save timestamp
-    raised_alert = evm.check_event(callback=expected_alert_json, file_to_monitor=alerts_json,
-                                   error_message='The alert has not occurred').result()
-    raised_alert_timestamp = raised_alert.group(1)
-    raised_alert_timestamp = datetime.strptime(parse_date_time_format(raised_alert_timestamp), '%Y-%m-%d %H:%M:%S')
-
     # Get indexed alert
     response = e2e.get_alert_indexer_api(query=query, credentials=get_dashboard_credentials)
     indexed_alert = json.dumps(response.json())
 
     # Check that the alert data is the expected one
     alert_data = re.search(expected_indexed_alert, indexed_alert)
     assert alert_data is not None, 'Alert triggered, but not indexed'
-
-    # Get indexed alert timestamp
-    indexed_alert_timestamp = alert_data.group(1)
-    indexed_alert_timestamp = datetime.strptime(parse_date_time_format(indexed_alert_timestamp), '%Y-%m-%d %H:%M:%S')
-
-    # Check that alert has been indexed (checking that the timestamp is the expected one)
-    assert indexed_alert_timestamp == raised_alert_timestamp, 'Alert triggered, but not indexed'