Testcase to check if Rule Type: BBR tag is present for all BBR rules

[shashank-elastic]

Pull Request

Issue link(s): https://github.com/elastic/detection-rules/pull/new/issue-4045

Summary - What I changed

• Added test Case to check if Rule Type: BBR tag is present for all BBR rules
• Added a separate test case in class TestRuleTags

How To Test

• Local Testing identified few rules with missing tags
  Unit Test Failure

=================================== FAILURES ===================================
__________________________ TestRuleTags.test_bbr_tags __________________________

self = <tests.test_all_rules.TestRuleTags testMethod=test_bbr_tags>

    def test_bbr_tags(self):
        """Test that "Rule Type: BBR" tag is present for all BBR rules."""
        invalid_bbr_rules = []
        for rule in self.bbr:
            if 'Rule Type: BBR' not in rule.contents.data.tags:
                invalid_bbr_rules.append(self.rule_str(rule))

        if invalid_bbr_rules:
            error_rules = '\n'.join(invalid_bbr_rules)
>           self.fail(f'The following building block rule(s) have missing tag: Rule Type: BBR:\n{error_rules}')
E           AssertionError: The following building block rule(s) have missing tag: Rule Type: BBR:
E           3838e0e3-1850-4850-a411-2e8c5ba40ba8 - Network Connection via Certutil ->
E           e28b8093-833b-4eda-b877-0873d134cf3c - Network Traffic Capture via CAP_NET_RAW ->
E           cf575427-0839-4c69-a9e6-99fde02606f3 - Unusual Discovery Activity by User ->
E           1251b98a-ff45-11ee-89a1-f661ea17fbce - AWS Lambda Function Created or Updated ->
E           4aa58ac6-4dc0-4d18-b713-f58bf8bd015c - Potential Cross Site Scripting (XSS) ->
E           8e39f54e-910b-4adb-a87e-494fbba5fb65 - Potential Outgoing RDP Connection by Unusual Process ->

tests/test_all_rules.py:397: AssertionError
=========================== short test summary info ============================
FAILED tests/test_all_rules.py::TestRuleTags::test_bbr_tags - AssertionError:...
============================== 1 failed in 56.27s ==============================
Finished running tests!

• Fixed Failing Rules with Tags, Test case passes
  Unit Test Pass

Received JSON data in run script
Running pytest with args: ['-p', 'vscode_pytest', '--rootdir=/Users/shashankks/elastic_workspace/detection-rules', '/Users/shashankks/elastic_workspace/detection-rules/tests/test_all_rules.py::TestRuleTags::test_bbr_tags']
============================= test session starts ==============================
platform darwin -- Python 3.12.5, pytest-8.1.1, pluggy-1.4.0
rootdir: /Users/shashankks/elastic_workspace/detection-rules
configfile: pyproject.toml
plugins: typeguard-3.0.2
collected 1 item

tests/test_all_rules.py .                                                [100%]

============================== 1 passed in 55.91s ==============================
Finished running tests!

• Remote Testing has also passed Refer

Checklist

• [x] Added a label for the type of pr: bug, enhancement, schema, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
• [x] Added the meta:rapid-merge label if planning to merge within 24 hours
• [ ] Secret and sensitive material has been managed correctly
• [ ] Automated testing was updated or added to match the most common scenarios
• [ ] Documentation and comments were added for features that require explanation

Contributor checklist

• Have you signed the contributor license agreement?
• Have you followed the contributor guidelines?

[protectionsmachine]

Enhancement - Guidelines

These guidelines serve as a reminder set of considerations when addressing adding a feature to the code.

Documentation and Context

• [ ] Describe the feature enhancement in detail (alternative solutions, description of the solution, etc.) if not already documented in an issue.
• [ ] Include additional context or screenshots.
• [ ] Ensure the enhancement includes necessary updates to the documentation and versioning.

Code Standards and Practices

• [ ] Code follows established design patterns within the repo and avoids duplication.
• [ ] Code changes do not introduce new warnings or errors.
• [ ] Variables and functions are well-named and descriptive.
• [ ] Any unnecessary / commented-out code is removed.
• [ ] Ensure that the code is modular and reusable where applicable.
• [ ] Check for proper exception handling and messaging.

Testing

• [ ] New unit tests have been added to cover the enhancement.
• [ ] Existing unit tests have been updated to reflect the changes.
• [ ] Provide evidence of testing and validating the enhancement (e.g., test logs, screenshots).
• [ ] Validate that any rules affected by the enhancement are correctly updated.
• [ ] Ensure that performance is not negatively impacted by the changes.
• [ ] Verify that any release artifacts are properly generated and tested.

Additional Checks

• [ ] Ensure that the enhancement does not break existing functionality.
• [ ] Review the enhancement with a peer or team member for additional insights.
• [ ] Verify that the enhancement works across all relevant environments (e.g., different OS versions).
• [ ] Confirm that all dependencies are up-to-date and compatible with the changes.