def test_event_messages(configure_mitm_environment_analysisd,
create_unix_sockets, wait_for_analysisd_startup,
test_case: list):
"""Check that every input message in analysisd socket generates the adequate output to wazuh-db socket.
The function validate_analysis_integrity_state is a function responsible for checking that the output follows a
certain jsonschema.
Parameters
----------
test_case : list
List of test_case stages (dicts with input, output and stage keys)
"""
for stage in test_case:
expected = callback_analysisd_message(stage['output'])
receiver_sockets[0].send([stage['input']])
response = wdb_monitor.start(
timeout=global_parameters.default_timeout,
callback=callback_wazuh_db_message).result()
assert response == expected, 'Failed test case stage {}: {}'.format(
test_case.index(stage) + 1, stage['stage'])
alert = wazuh_log_monitor.start(
timeout=global_parameters.default_timeout,
callback=callback_fim_alert).result()
validate_analysis_alert(alert)
def test_scan_messages(configure_mitm_environment, connect_to_sockets_module, wait_for_analysisd_startup,
test_case: list):
"""Check that every input message in analysisd socket generates the adequate output to wazuh-db socket
Parameters
----------
test_case : list
List of test_case stages (dicts with input, output and stage keys)
"""
for stage in test_case:
expected = callback_analysisd_message(stage['output'])
receiver_sockets[0].send(stage['input'])
response = monitored_sockets[0].start(timeout=global_parameters.default_timeout,
callback=callback_wazuh_db_scan).result()
assert response == expected, 'Failed test case stage {}: {}'.format(test_case.index(stage) + 1, stage['stage'])
def test_validate_socket_responses(configure_mitm_environment, connect_to_sockets_module, wait_for_analysisd_startup,
test_case: list):
"""Validate every response from the analysisd socket to the wazuh-db socket.
This test will catch every response from analysisd to wazuh-db in real-time using the yaml
`/data/syscheck_events.yaml`.
Parameters
----------
test_case : dict
Dict with the input to inject to the analysisd socket and output to expect to be sent to the wazuh-db socket.
"""
# There is only one stage per test_case
stage = test_case[0]
expected = callback_analysisd_message(stage['output'])
receiver_sockets[0].send(stage['input'])
response = monitored_sockets[0].start(timeout=global_parameters.default_timeout,
callback=callback_wazuh_db_message).result()
assert response == expected, 'Failed test case stage {}: {}'.format(test_case.index(stage) + 1, stage['stage'])
def test_integrity_messages(configure_sockets_environment,
connect_to_sockets_module,
wait_for_analysisd_startup, test_case: list):
"""Check that every input message in analysisd socket generates the adequate output to wazuh-db socket.
The function validate_analysis_integrity_state is a function responsible for checking that the output follows a
certain jsonschema.
Parameters
----------
test_case : list
List of test_case stages (dicts with input, output and stage keys)
"""
for stage in test_case:
expected = callback_analysisd_message(stage['output'])
receiver_sockets[0].send(stage['input'])
response = monitored_sockets[0].start(
timeout=3 * global_parameters.default_timeout,
callback=callback_wazuh_db_integrity).result()
assert response == expected, 'Failed test case stage {}: {}'.format(
test_case.index(stage) + 1, stage['stage'])
stage['validate'] and validate_analysis_integrity_state(response[2])