Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

E2E design and implementation: Yara #3085

Closed
2 of 3 tasks
Tracked by #2872
juliamagan opened this issue Jul 11, 2022 · 4 comments · Fixed by #3115
Closed
2 of 3 tasks
Tracked by #2872

E2E design and implementation: Yara #3085

juliamagan opened this issue Jul 11, 2022 · 4 comments · Fixed by #3115
Assignees
@mauromalara
Labels
new-development test/e2e

Comments

@juliamagan
Copy link
Member

juliamagan commented Jul 11, 2022
edited by mauromalara
Loading

Description

The test research was accomplished in this issue. So, in this issue, we will design and develop the E2E test to cover those use cases.

Tasks

  • Design the test
  • Implement the test locally
  • Refactor the test for it to work in the test environment

Conclusion

WIP.
@juliamagan juliamagan mentioned this issue Jul 11, 2022
Closed
23 tasks
@juliamagan juliamagan changed the title Yara E2E design and implementation: Yara Jul 11, 2022
mauromalara added a commit that referenced this issue Jul 15, 2022
@mauromalara
feat(test)!: module to test the integration with yara was added. #3085
2f7e3a4
@wazuh wazuh deleted a comment from mauromalara Jul 19, 2022
@juliamagan
Copy link
Member Author

On Hold because of Release Candidate Manual Testing.

mauromalara added a commit that referenced this issue Jul 19, 2022
@mauromalara
fix!: several fixes were applied. #3085
966a262
@mauromalara
Copy link
Contributor

Task 1: Design the test 🟢

The added module tests the integration with Yara. The only precondition to run is to create an inventory as follows:

all:
  hosts:
    wazuh-manager:
      ansible_connection: ssh
      ansible_user: <VM USER>
      ansible_ssh_private_key_file: <PRIVATE KEY PATH>
      ansible_python_interpreter: <PYTHON INTERPRETER PATH>
      dashboard_user: <USER>
      dashboard_password: <PASS>

The test structure is the following:

tests/end_to_end/test_yara_integration/
├── data
│   ├── configuration
│   │   ├── malware_downloader.sh
│   │   └── yara.sh
│   ├── playbooks
│   │   ├── configuration.yaml
│   │   ├── generate_events.yaml
│   │   └── teardown.yaml
│   └── test_cases
│       └── cases_yara_integration.yaml
└── test_yara_integration.py
  • configuration: this folder contains all necessary scripts to generate the events that must trigger alerts in the manager.
  • playbooks: this folder contains all necessary Ansible playbooks to (1) prepare the environment, (2) generate the events and get alerts, and (3) clean the environment.
  • test_cases: this folder contains a YAML file with the test cases that will be executed in this test (in this stage we will only create 1 test case).
  • test_yara_integration.py: this is the module that test the integration.

mauromalara added a commit that referenced this issue Jul 19, 2022
@mauromalara
fix(configuration): yara script renamed. #3085
54489b2
@mauromalara
Copy link
Contributor

mauromalara commented Jul 19, 2022
edited
Loading

Task 2: Implement the test locally 🟢

Development branch Pull Request
3085-test-yara-integration #3115

How to execute the test:

python -m pytest tests/end_to_end/TEST-PATH --inventory_path PATH-TO-INVENTORY

Executions

Tester Test path Jenkins Local OS Commit Notes
@mauromalara (Developer) end_to_end/test_yara_integration n/a 🟢 🟢 🟢 CentOS 3619a69 Nothing to highlight

@mauromalara mauromalara mentioned this issue Jul 19, 2022
Merged
@mauromalara mauromalara linked a pull request Jul 19, 2022 that will close this issue
E2E Test: New module to test the integration with Yara #3115
Merged
mauromalara added a commit that referenced this issue Jul 19, 2022
@mauromalara
refac: some changes were applied for the test to be compatible with t…
139c80a 
…he framework changes. #3085
mauromalara added a commit that referenced this issue Jul 19, 2022
@mauromalara
fix: linter corrections applied. #3085
3619a69
mauromalara added a commit that referenced this issue Jul 20, 2022
@mauromalara
fix: remove the deletion of packages. #3085
2a5ea15
mauromalara added a commit that referenced this issue Jul 20, 2022
@mauromalara
refac: the way to check the timestamp was changed. #3085
4580a68
mauromalara added a commit that referenced this issue Jul 20, 2022
@mauromalara
cherry-pick 2d8c31b and E2E test Yara integration updated. #3085
0abc978
mauromalara added a commit that referenced this issue Jul 20, 2022
@mauromalara
fix: yara_script path moved to module extra vars. #3085
df2a57b
mauromalara added a commit that referenced this issue Jul 21, 2022
@mauromalara
fix: requested changes applied. #3085
dfae967
mauromalara added a commit that referenced this issue Jul 26, 2022
@mauromalara
merge: base branch into working branch. #3085
86ad1e9
mauromalara added a commit that referenced this issue Jul 26, 2022
@mauromalara
fix: assert replaced by elif statement. #3085
8065c8d
mauromalara added a commit that referenced this issue Jul 26, 2022
@mauromalara
fix: corrections applied. #3085
97856db
mauromalara added a commit that referenced this issue Jul 26, 2022
@mauromalara
fix: timeout fixed. #3085
b53027d
@mauromalara
Copy link
Contributor

Update 26/07/2022

The requested changes were applied. The status of the issue is set to "Pending Review"

mauromalara added a commit that referenced this issue Jul 28, 2022
@mauromalara
merge: base branch into 3085-test-yara-integration. #3085
9aa3828
mauromalara added a commit that referenced this issue Jul 28, 2022
@mauromalara
fix: now timeout is dynamic. #3085
fa3765a
@jmv74211 jmv74211 closed this as completed Aug 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mauromalara mauromalara

Labels
new-development test/e2e
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

E2E Test: New module to test the integration with Yara wazuh/wazuh-qa
3 participants
@jmv74211 @mauromalara @juliamagan