-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 4.4.0 - RC 2 - E2E UX tests - Demo environment #16418
Comments
Task 1: No errors or warnings found in logsAgentsAmazon Linux 🟢
RHEL 🟢
Ubuntu 🟢
Centos 🟢
Debian 🟢
Windows 🟢
ManagersMaster env 1 🟡Warnings from before this test found:
Known error fixed in 4.5.0:
Some warnings were found in aws-s3, but they should not be a problem:
Worker env 1 🟢
This error is expected because we restarted the master node before.
Master env 2 🟡Some warnings were found in aws-s3, but they should not be a problem:
Wazuh IndexerNode-1 🟡Known error found:
Known warnings found:
Node-2 🟡Known error found:
Known warnings found:
Node-3 🟡Some known errors from before this test were found:
Known error found:
Known warnings found:
Wazuh Dashboardwazuh-indexer 🟡Known error found:
Known warnings found:
wazuh-dashboard 🟢
|
Task 2: The daemons are running with the correct userAgentsAmazon Linux 🟢
RHEL 🟢
Ubuntu 🟢
Centos 🟢
Debian 🟢
Windows 🟢
ManagersMaster env 1 🟢
Worker env 1 🟢
Master env 2 🟢
Wazuh IndexerNode-1 🟢
Node-2 🟢
Node-3 🟢
Wazuh Dashboardwazuh-indexer 🟢
wazuh-dashboard 🟢
|
Task 3: The status of the Wazuh Indexer clusters is as expected. 🟢
|
Task 4 - No errors in the browser's developer console when browsing the App 🟡Some errors or warnings have been found that have been reported previously: |
Task 5: Alerts are being generated for each of the modules configured for this purpose 🟡These are the modules configured in environment 1: In addition, Osquery is configured, and we can see events in these modules too. These are the modules configured in environment 2: We can see events generated in all of them except System Auditing and Policy monitoring, but they are enabled by default in the app and disabled in the configuration. In addition, we can't see events for Docker Listener or Virustotal. Docker listener isn't configured in this environment, but Virustotal is: |
Task 6: No warning symbols in Discover when expanding a document. 🟢After performing several tests both in Discover and in different modules, we have not been able to find any warning. |
Task 7: Generate an alert and check it in the web UI 🟢Invalid ssh connection to Amazon Linux agent:
Generated alerts: Alert info{
"_index": "wazuh-alerts-4.x-env-2-2023.03.20",
"_id": "f2a-_oYB394EQRsXb9R6",
"_version": 1,
"_score": null,
"_source": {
"predecoder": {
"hostname": "ip-10-0-1-63",
"program_name": "sshd",
"timestamp": "Mar 20 11:18:48"
},
"cluster": {
"node": "master",
"name": "wazuh2"
},
"agent": {
"ip": "10.0.1.63",
"name": "Amazon",
"id": "001"
},
"data": {
"srcuser": "invalid-user",
"srcip": "81.40.74.147",
"srcport": "50198"
},
"manager": {
"name": "wazuh-manager-master-0"
},
"rule": {
"mail": false,
"level": 5,
"hipaa": [
"164.312.b"
],
"pci_dss": [
"10.2.4",
"10.2.5",
"10.6.1"
],
"tsc": [
"CC6.1",
"CC6.8",
"CC7.2",
"CC7.3"
],
"description": "sshd: Attempt to login using a non-existent user",
"groups": [
"syslog",
"sshd",
"authentication_failed",
"invalid_login"
],
"nist_800_53": [
"AU.14",
"AC.7",
"AU.6"
],
"gdpr": [
"IV_35.7.d",
"IV_32.2"
],
"firedtimes": 1,
"mitre": {
"technique": [
"Password Guessing",
"SSH",
"Valid Accounts"
],
"id": [
"T1110.001",
"T1021.004",
"T1078"
],
"tactic": [
"Credential Access",
"Lateral Movement",
"Defense Evasion",
"Persistence",
"Privilege Escalation",
"Initial Access"
]
},
"id": "5710",
"gpg13": [
"7.1"
]
},
"decoder": {
"parent": "sshd",
"name": "sshd"
},
"full_log": "Mar 20 11:18:48 ip-10-0-1-63 sshd[15375]: Invalid user invalid-user from 81.40.74.147 port 50198",
"input": {
"type": "log"
},
"location": "/var/log/secure",
"id": "1679311129.22860973",
"GeoLocation": {
"city_name": "Cordova",
"country_name": "Spain",
"region_name": "Cordoba",
"location": {
"lon": -4.7727,
"lat": 37.8916
}
},
"timestamp": "2023-03-20T11:18:49.305+0000"
},
"fields": {
"timestamp": [
"2023-03-20T11:18:49.305Z"
]
},
"highlight": {
"cluster.name": [
"@opensearch-dashboards-highlighted-field@wazuh2@/opensearch-dashboards-highlighted-field@"
],
"agent.id": [
"@opensearch-dashboards-highlighted-field@001@/opensearch-dashboards-highlighted-field@"
]
},
"sort": [
1679311129305
]
} |
Closing conclusion 👍🏼No stopper has been found. Some small known issues have continued to be detected (see conclusion of #16418 (comment)) that have been fixed in later versions, or that are not really entirely up to us. As an aspect to mention, in environment 2 we found no System Auditing and Policy monitoring, Docker Listener and Virustotal events (no test use cases will have been released by the CICD team in that environment). |
The following issue aims to run the specified test for the current release candidate, report the results, and open new issues for any encountered errors.
Test information
Test description
Test report procedure
All test results must have one of the following statuses:
Conclusions
Detected issues and previously reported:
deleteOldIndices
errors in indexer wazuh-packages#2094Auditors' validation
The definition of done for this one is the validation of the conclusions and the test results from all auditors.
All checks from below must be accepted in order to close this issue.
The text was updated successfully, but these errors were encountered: