Closed damarisg closed 1 year ago
Tester | PR commit |
---|---|
@roronoasins | https://github.com/wazuh/wazuh/issues/11334 |
OS | OS version | Deployment | Image/AMI |
---|---|---|---|
Ubuntu | 20.04 | Vagrant | generic/ubuntu2004 |
OS | Package |
---|---|
Ubuntu | Engine's vagrantfile |
The dev team provided a vagrantfile with the engine's mvp
Each problem mentioned in the description has details about each tested case.
Here it is intended to add relevant information about the tests carried out.
I'll start listing the ones related to events and APIs:
Error logs that are not that descriptive for a user: π‘
Rename the kvdb's -i
option: π‘
The format used for --input-type
is -t
, so we could use the same format.
If the --kvdb-path
option it could warn the users about this, so they can know that any action that needs the kvdb won't work π‘
Affected cases: Dir that is not kvdb path.
The --kvdb-path
is \
sensitive in the end of the string. It should accept both. π‘
Affected cases:
test
subcommand does not accept kvdb paths without an ending \
test
subcommand accepts kvdb paths with an ending \
When the log does not trigger any rule, it appears empty π‘
This occurs, for example, in Run test with different environments: one with a loaded rule and other without it
case. Maybe it could not appear or say that no rule has been triggered.
Setting a custom protocol queue option, which also appears here. π‘
Check that validation is correct: π‘ Is there a way to have a trace of the checks that it performs to know if the validate went good? If not, could we add it?
The catalog list
command must have default rules and filter. π‘
Helper of catalog command: π‘
A clarification about item-type values expected could be usefull, so the users can have detailed info without run the tool and getting errors.
We could also add a reference to the engine's wiki based on the command. For example, if we use the help option with the whole engine, a reference to the index or very first page of wiki. If we use the help option with a command, a reference to the command's entry.
I will continue with the behavior of the Ruleset:
I'll start listing the ones related to events and APIs.
NOTE: Details in 3475 issue.
NOTE: Details in 3475 issue and 3530 issue.
Description
Since the team is reworking the engine, we need to cover this new engine rework. This issue will add the new tests to the qa framework and if it was necessary, the manual testing.
First of all, the engine module should be added to the framework so we could start adding modules, their tests and their cases.
Proposed test cases
Considerations
After the research and when the first module approach is created, we will add a module for each type(input, resources, output) and a test for each scenario(events, api, etc.) and its specific Tcases.