Merge 4.8.0 into 4.8.1 (#5057)

* fix: change files syntax artifacts_path * fix: macOS restart agent handler * feat: include macOS to VD E2E env by default * fix: migrate E2E timeouts to waiters module * docs: include 4949 changelog * docs: include 4948 changelog * fix: added pre-release and staging filebeat package url * feat: added keystore function to conf module * fix: change VD E2E configuration * fix: typo in System modify files method * fix: modify file in case of not providing os name in inv * fix: typo in install package method * add: added filebeat vars to roles.yaml * fix: get variable system method * fix: fix in main.yml * fix: monitoring e2e method * fix: vars removed from roles.yaml * feat: migrate filebeat url logic to inventory schema * fix: filebeat schema parameters * refac: filebeat provisioning tasks * refactor: delete duplicated check * fix: remove verbose logging messages * docs: updated changelog * docs: updated changelog * feat: gather alerts by agent through Indexer request * add params to wazuh_statistics * add api support to statistic.py * move statistic headers to file * refactor: bump version * add wazuhdb header * add missing headers * add wazuhdb parsing * change remoted parameter to remote * fix target argument documentation * fix: reduce time in test * fix: fixed x-axis labels * enhance documentation * fix: error in indexer agent filter * fix: adapt E2E Vuln tests to new indexer schema * fix: improve error handling monitoring * add port and ip for API * add port and IP for API * fix documentation * fix(#21945): Upgrade wazuh db version * replace use_api parameter for use_state_file * fix file naming * fix undo name change * enhance wazuh-statistic docu * add wait for complete_to_api endpoint * remove unnecesary checks * fix typo * fix query typo * fix: increase timeout and improve indexer request performance * Update changelog * fix: refactor monitoring * Bump revision to 40713 * fix wazuhdb API parsing * fix logger when monitoring starts * update changelog.md * docs: include agent to get_indexer_values Co-authored-by: Julia Magan <[email protected]> * docs: remove regex from docstring * style: move regexes to regex module * docs: fix parse vulnerability docstring description Co-authored-by: Julia Magan <[email protected]> * style: create default scan interval variable Co-authored-by: Julia Magan <[email protected]> * style: rename ignore_error parameter Co-authored-by: Julia Magan <[email protected]> * refac: removed unnused vuln detection functions Co-authored-by: Julia Magan <[email protected]> * docs: include 5003 changelog * docs: include 4959 changelog * docs: fix changelog entry * update: Increase revision (#5018) * Update changelog (#5020) * update: Update Changelog * update: remove space on Changelog * fix: dependency errors in VD tests * fix: move check consistency function to VD module * feat: bump version to 40714 * fix: change logging level in VD functions * Handle VDT data missing in wazuhdb API (#5014) * handle vdt table data * fix api status code handling * update: Update CHANGELOG to 4.8.0 (#5054) * update: Update revision to 4.8.0 (#5055) * update: Fix typo to 4.8.0 (#5056) --------- Co-authored-by: javier <[email protected]> Co-authored-by: David Jose Iglesias Lopez <[email protected]> Co-authored-by: Víctor Rebollo Pérez <[email protected]> Co-authored-by: marcos <[email protected]> Co-authored-by: Julia <[email protected]> Co-authored-by: Andres Carmelo Micalizzi Casali <[email protected]> Co-authored-by: Julia Magán <[email protected]> Co-authored-by: Dwordcito <[email protected]> Co-authored-by: Javier Castro <[email protected]> Co-authored-by: Raul Del Pozo Moreno <[email protected]>
wazuh · Mar 1, 2024 · b7e1f8a · b7e1f8a
1 parent 8c1239a
commit b7e1f8a
Show file tree

Hide file tree

Showing 24 changed files with 1,196 additions and 263 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
+- Add AWS Custom Buckets Integration tests ([#4675](https://github.com/wazuh/wazuh-qa/pull/4675)) \- (Framework + Tests)
 - Add Vulnerability Detector end to end tests ([#4878](https://github.com/wazuh/wazuh-qa/pull/4878)) \- (Framework + Tests)
 - Agent Simulator: Syscollector message generation refactoring ([#4868](https://github.com/wazuh/wazuh-qa/pull/4868)) \- (Framework)
 - Migrate Wazuh Ansibles Roles. ([#4642](https://github.com/wazuh/wazuh-qa/pull/4642)) \- (Framework)
@@ -30,6 +31,13 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+- Reduced test_shutdown_message runtime ([#4986](https://github.com/wazuh/wazuh-qa/pull/4986)) \- (Tests) 
+- Change e2e vd configuration keystore ([#4952](https://github.com/wazuh/wazuh-qa/pull/4952)) \- (Framework)  
+- Updating tests after removing references to the legacy vulnerability detector module ([#4872](https://github.com/wazuh/wazuh-qa/pull/4872)) \- (Tests)  
+- Fix test cluster performance ([#4780](https://github.com/wazuh/wazuh-qa/pull/4780)) \- (Tests) 
+- Fixed IT control_service Windows loop ([#4765](https://github.com/wazuh/wazuh-qa/pull/4765)) \- (Framework) 
+- Fix wazuhdb API statistics parsing ([#5007](https://github.com/wazuh/wazuh-qa/pull/5007)) \- (Framework)
+- Enhance StatisticMonitor with API support ([#4970](https://github.com/wazuh/wazuh-qa/pull/4970)) \- (Framework)
 - Deactivate tests and update vulnerability-detector configuration ([#4784](https://github.com/wazuh/wazuh-qa/pull/4784)) \- (Framework + Tests)
 - Fix body format for get_api_token ([#4797](https://github.com/wazuh/wazuh-qa/pull/4797)) \- (Framework)
 - Fix one_manager_agent_env pytest marker for System Tests ([#4782](https://github.com/wazuh/wazuh-qa/pull/4782)) \- (Tests)
@@ -48,13 +56,32 @@ All notable changes to this project will be documented in this file.
 
 ### Fixed
 
+- Fix initial scans tests ([5032](https://github.com/wazuh/wazuh-qa/pull/5032)) \- (Framework + Tests)
+- Handle VDT data missing in wazuh-db API ([5014](https://github.com/wazuh/wazuh-qa/pull/5014)) \- (Framework + Tests)
+- Fixed x-axis labels in data-visualizer script ([#4987 ](https://github.com/wazuh/wazuh-qa/pull/4987)) \- (Framework) 
+- Fix monitoring module for e2e tests ([#4959](https://github.com/wazuh/wazuh-qa/pull/4959)) \- (Framework) 
+- Fix get_host_variables for system tests ([#4958](https://github.com/wazuh/wazuh-qa/pull/4958)) \- (Framework)  
+- Fix install package HostManager method ([#4954](https://github.com/wazuh/wazuh-qa/pull/4954)) \- (Framework) 
+- Fix Modify file method in system module ([#4953](https://github.com/wazuh/wazuh-qa/pull/4953)) \- (Framework) 
+- Fix timeout and performance issues in E2E Vulnerability Detector tests ([#5003](https://github.com/wazuh/wazuh-qa/pull/5003)) \- (Framework)
+- Fix E2E Vulnerability Detection monitoring function ([#4959](https://github.com/wazuh/wazuh-qa/pull/4959)) \- (Framework)
+- Fixed Filebeat provisioning role with pre-release and staging URLs ([#4950](https://github.com/wazuh/wazuh-qa/pull/4950)) \- (Framework)
+- Fix macOS Vulnerability Detection handler provision in E2E tests ([#4948](https://github.com/wazuh/wazuh-qa/pull/4948)) \- (Framework)
+- Migrate Vulnerability Detection timeouts variables to the waiters module ([#4949](https://github.com/wazuh/wazuh-qa/pull/4949)) \- (Framework)
 - Migrate HostMonitor to system_monitoring to avoid Windows import of ansible module ([#4917](https://github.com/wazuh/wazuh-qa/pull/4917/)) \- (Framework)
 - Fixed ansible_runner import conditional to avoid errors on Windows and python 3.6 ([#4916](https://github.com/wazuh/wazuh-qa/pull/4916)) \- (Framework)
 - Fixed IT control_service Windows loop ([#4765](https://github.com/wazuh/wazuh-qa/pull/4765)) \- (Framework)
 - Fix macOS agents provision to enable registration and connection with managers. ([#4770](https://github.com/wazuh/wazuh-qa/pull/4770/)) \- (Framework)
 - Fix hardcoded python interpreter in qa_framework role. ([#4658](https://github.com/wazuh/wazuh-qa/pull/4658)) \- (Framework)
 - Fix duplicated jq dependency ([#4678](https://github.com/wazuh/wazuh-qa/pull/4678)) \- (Framework)
 - Fix test_file_checker in check_mtime case ([#4873](https://github.com/wazuh/wazuh-qa/pull/4873)) \- (Tests)
+- Fix test cluster performance. ([#4780](https://github.com/wazuh/wazuh-qa/pull/4780)) \- (Framework)
+
+## [4.7.3] - TBD
+
+### Changed
+
+- Upgrade wazuh-db agent database version. ([#4992](https://github.com/wazuh/wazuh-qa/pull/4992)) \- (Tests)
 
 ## [4.7.2] - 10/01/2024
 

diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/configuration.py b/deps/wazuh_testing/wazuh_testing/end_to_end/configuration.py
@@ -202,3 +202,22 @@ def configure_environment(host_manager: HostManager, configurations: Dict[str, L
                      [(host, config, host_manager) for host, config in configure_environment_parallel_map])
 
     logging.info("Environment configured")
+
+
+def save_indexer_credentials_into_keystore(host_manager):
+    """
+    Save indexer credentials into the keystore.
+
+    Args:
+        host_manager: An instance of the HostManager class containing information about hosts.
+    """
+    keystore_path = '/var/ossec/bin/wazuh-keystore'
+
+    indexer_server = host_manager.get_group_hosts('indexer')[0]
+    indexer_server_variables = host_manager.get_host_variables(indexer_server)
+    indexer_user = indexer_server_variables['indexer_user']
+    indexer_password = indexer_server_variables['indexer_password']
+
+    for manager in host_manager.get_group_hosts('manager'):
+        host_manager.run_command(manager, f"{keystore_path} -f indexer -k username -v {indexer_user}")
+        host_manager.run_command(manager, f"{keystore_path} -f indexer -k password -v {indexer_password}")
diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py b/deps/wazuh_testing/wazuh_testing/end_to_end/indexer_api.py
@@ -22,7 +22,7 @@
 
 
 def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': 'admin', 'password': 'changeme'},
-                       index: str = 'wazuh-alerts*', greater_than_timestamp=None) -> Dict:
+                       index: str = 'wazuh-alerts*', greater_than_timestamp=None, agent: str = '') -> Dict:
     """
     Get values from the Wazuh Indexer API.
 
@@ -32,6 +32,7 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': '
                                  {'user': 'admin', 'password': 'changeme'}.
         index (Optional): The Indexer index name. Defaults to 'wazuh-alerts*'.
         greater_than_timestamp (Optional): The timestamp to filter the results. Defaults to None.
+        agent (Optional): The agent name to filter the results. Defaults to ''.
 
     Returns:
        Dict: A dictionary containing the values retrieved from the Indexer API.
@@ -49,26 +50,37 @@ def get_indexer_values(host_manager: HostManager, credentials: dict = {'user': '
         }
     }
 
-    if greater_than_timestamp:
+    if greater_than_timestamp and agent:
+        query = {
+                "bool": {
+                    "must": [
+                        {"range": {"@timestamp": {"gte": f"{greater_than_timestamp}"}}},
+                        {"match": {"agent.name": f"{agent}"}}
+                    ]
+                }
+        }
+
+        data['query'] = query
+    elif greater_than_timestamp:
         query = {
                 "bool": {
                     "must": [
-                        {"match_all": {}},
                         {"range": {"@timestamp": {"gte": f"{greater_than_timestamp}"}}}
                     ]
                 }
         }
 
-        sort = [
-            {
-                "@timestamp": {
-                    "order": "desc"
+        data['query'] = query
+    elif agent:
+        query = {
+                "bool": {
+                    "must": [
+                        {"match": {"agent.name": f"{agent}"}}
+                    ]
                 }
-            }
-        ]
+        }
 
         data['query'] = query
-        data['sort'] = sort
 
     param = {
         'pretty': 'true',

diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/monitoring.py b/deps/wazuh_testing/wazuh_testing/end_to_end/monitoring.py
@@ -26,14 +26,18 @@
 from wazuh_testing.tools.system import HostManager
 
 
-def monitoring_events_multihost(host_manager: HostManager, monitoring_data: Dict, ignore_error: bool = False) -> Dict:
+DEFAULT_SCAN_INTERVAL = 5
+
+
+def monitoring_events_multihost(host_manager: HostManager, monitoring_data: Dict, ignore_timeout_error: bool = True,
+                                scan_interval: int = DEFAULT_SCAN_INTERVAL) -> Dict:
     """
     Monitor events on multiple hosts concurrently.
 
     Args:
         host_manager: An instance of the HostManager class containing information about hosts.
         monitoring_data: A dictionary containing monitoring data for each host.
-        ignore_error: If True, ignore errors and continue monitoring.
+        ignore_timeout_error: If True, ignore TimeoutError and return the result.
 
     Returns:
         dict: A dictionary containing the monitoring results.
@@ -61,16 +65,17 @@ def monitoring_events_multihost(host_manager: HostManager, monitoring_data: Dict
            }
         }
     """
-    def monitoring_event(host_manager: HostManager, host: str, monitoring_elements: List[Dict], scan_interval: int = 20,
-                         ignore_error: bool = False) -> Dict:
+    def monitoring_event(host_manager: HostManager, host: str, monitoring_elements: List[Dict],
+                         ignore_timeout_error: bool = True,
+                         scan_interval: int = DEFAULT_SCAN_INTERVAL) -> Dict:
         """
         Monitor the specified elements on a host.
 
         Args:
             host_manager (HostManager): Host Manager to handle the environment
             host (str): The target host.
             monitoring_elements(List): A list of dictionaries containing regex, timeout, and file.
-            ignore_error: If True, ignore errors and continue monitoring.
+            ignore_timeout_error: If True, ignore TimeoutError and return the result.
 
         Raises:
             TimeoutError: If no match is found within the specified timeout.
@@ -95,10 +100,15 @@ def filter_events_by_timestamp(match_events: List) -> List:
                 timestamp_format = "%Y/%m/%d %H:%M:%S"
                 timestamp_format_parameter = "%Y-%m-%dT%H:%M:%S.%f"
 
-                timestamp_datetime = datetime.strptime(timestamp_str, timestamp_format)
-                greater_than_timestamp_formatted = datetime.strptime(greater_than_timestamp, timestamp_format_parameter)
+                try:
+                    timestamp_datetime = datetime.strptime(timestamp_str, timestamp_format)
+                    greater_than_timestamp_formatted = datetime.strptime(greater_than_timestamp,
+                                                                         timestamp_format_parameter)
+                except ValueError:
+                    raise ValueError(f"Timestamp format not supported: {timestamp_str}."
+                                     'Do the regex includes the timestamp?')
 
-                if timestamp_datetime >=  greater_than_timestamp_formatted:
+                if timestamp_datetime >= greater_than_timestamp_formatted:
                     match_that_fit_timestamp.append(match)
 
             return match_that_fit_timestamp
@@ -112,11 +122,12 @@ def filter_events_by_timestamp(match_events: List) -> List:
                                                             element['n_iterations'], \
                                                             element.get('greater_than_timestamp', None)
             current_timeout = 0
-            regex_match = None
+            regex_match = False
 
             while current_timeout < timeout:
                 file_content = host_manager.get_file_content(host, monitoring_file)
                 match_regex = re.findall(regex, file_content)
+
                 if greater_than_timestamp:
                     match_that_fit_timestamp = filter_events_by_timestamp(match_regex)
                 else:
@@ -129,11 +140,11 @@ def filter_events_by_timestamp(match_events: List) -> List:
 
                 sleep(scan_interval)
 
-                current_timeout += scan_interval
+                current_timeout = current_timeout + scan_interval
 
             if not regex_match:
                 elements_not_found.append(element)
-                if not ignore_error:
+                if not ignore_timeout_error:
                     raise TimeoutError(f"Element not found: {element}")
 
         monitoring_result = {}
@@ -150,15 +161,13 @@ def filter_events_by_timestamp(match_events: List) -> List:
     with ThreadPoolExecutor() as executor:
         futures = []
         for host, data in monitoring_data.items():
-            futures.append(executor.submit(monitoring_event, host_manager, host, data, ignore_error))
+            futures.append(executor.submit(monitoring_event, host_manager, host, data, ignore_timeout_error, 
+                                           scan_interval))
 
         results = {}
         for future in as_completed(futures):
-            try:
-                result = future.result()
-                results.update(result)
-            except Exception as e:
-                logging.error(f"An error occurred: {e}")
+            result = future.result()
+            results.update(result)
 
         logging.info(f"Monitoring results: {results}")
 

diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/regex.py b/deps/wazuh_testing/wazuh_testing/end_to_end/regex.py
@@ -44,6 +44,12 @@
         'regex': '.*HOST_NAME.*package":.*name":"PACKAGE_NAME".*version":"PACKAGE_VERSION".*"'
         'architecture":"ARCHITECTURE.*"cve":"CVE"',
         'parameters': ['HOST_NAME', 'CVE', 'PACKAGE_NAME', 'PACKAGE_VERSION', 'ARCHITECTURE']
+    },
+    'vuln_affected': {
+        'regex':  'CVE.*? affects.*"?'
+    },
+    'vuln_mitigated': {
+        'regex': "The .* that affected .* was solved due to a package removal"
     }
 }
 

diff --git a/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py b/deps/wazuh_testing/wazuh_testing/end_to_end/remote_operations_handler.py
@@ -28,7 +28,8 @@
 from wazuh_testing.end_to_end.waiters import wait_syscollector_and_vuln_scan
 from wazuh_testing.tools.system import HostManager
 from wazuh_testing.end_to_end.vulnerability_detector import check_vuln_alert_indexer, check_vuln_state_index, \
-        load_packages_metadata, get_vulnerabilities_alerts_indexer, get_indexer_values
+        load_packages_metadata, parse_vulnerability_detector_alerts
+from wazuh_testing.end_to_end.indexer_api import get_indexer_values
 
 
 def check_vulnerability_alerts(results: Dict, check_data: Dict, current_datetime: str, host_manager: HostManager,
@@ -37,11 +38,23 @@ def check_vulnerability_alerts(results: Dict, check_data: Dict, current_datetime
                                operation: str = 'install') -> None:
 
     # Get all the alerts generated in the timestamp
-    vulnerability_alerts = get_vulnerabilities_alerts_indexer(host_manager, current_datetime)
-    vulnerability_alerts_mitigated = get_vulnerabilities_alerts_indexer(host_manager, current_datetime, True)
+    vulnerability_alerts = {}
+    vulnerability_alerts_mitigated = {}
+    vulnerability_index = {}
 
-    vulnerability_index = get_indexer_values(host_manager, index='wazuh-states-vulnerabilities',
-                                             greater_than_timestamp=current_datetime)['hits']['hits']
+    for agent in host_manager.get_group_hosts('agent'):
+        agent_all_alerts = parse_vulnerability_detector_alerts(get_indexer_values(host_manager,
+                                              greater_than_timestamp=current_datetime,
+                                              agent=agent)['hits']['hits'])
+
+        agent_all_vulnerabilities = get_indexer_values(host_manager, greater_than_timestamp=current_datetime,
+                                                       agent=agent,
+                                                       index='wazuh-states-vulnerabilities')['hits']['hits']
+
+        vulnerability_alerts[agent] = agent_all_alerts['affected']
+        vulnerability_alerts_mitigated[agent] = agent_all_alerts['mitigated']
+
+        vulnerability_index[agent] = agent_all_vulnerabilities
 
     results['evidences']['all_alerts_found'] = vulnerability_alerts
     results['evidences']['all_alerts_found_mitigated'] = vulnerability_alerts_mitigated