maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

use smaller piece of mock data (#96953)

Browse source 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Angela Chuang 2021-04-20 10:30:30 +01:00 committed by GitHub
parent 9ae605af93
commit e4bbdda129
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 118564 additions and 186 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

349
x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
View file

@ -10,13 +10,14 @@ import { HostsKpiQueries } from '../../../../plugins/security_solution/common/se
import { FtrProviderContext } from '../../ftr_provider_context';
export default function ({ getService }: FtrProviderContext) {
const retry = getService('retry');
const esArchiver = getService('esArchiver');
const supertest = getService('supertest');
describe('Kpi Hosts', () => {
describe('With filebeat', () => {
before(() => esArchiver.load('filebeat/default'));
after(() => esArchiver.unload('filebeat/default'));
before(() => esArchiver.load('filebeat/kpi_hosts'));
after(() => esArchiver.unload('filebeat/kpi_hosts'));
const FROM = '2000-01-01T00:00:00.000Z';
const TO = '3000-01-01T00:00:00.000Z';
@ -24,19 +25,7 @@ export default function ({ getService }: FtrProviderContext) {
hosts: 1,
hostsHistogram: [
{
x: new Date('2019-02-09T16:00:00.000Z').valueOf(),
y: 1,
},
{
x: new Date('2019-02-09T19:00:00.000Z').valueOf(),
y: 0,
},
{
x: new Date('2019-02-09T22:00:00.000Z').valueOf(),
y: 1,
},
{
x: new Date('2019-02-10T01:00:00.000Z').valueOf(),
x: new Date('2019-02-09T16:45:06.000Z').valueOf(),
y: 1,
},
],
@ -44,246 +33,234 @@ export default function ({ getService }: FtrProviderContext) {
authSuccessHistogram: null,
authFailure: 0,
authFailureHistogram: null,
uniqueSourceIps: 121,
uniqueSourceIps: 1,
uniqueSourceIpsHistogram: [
{
x: new Date('2019-02-09T16:00:00.000Z').valueOf(),
y: 52,
},
{
x: new Date('2019-02-09T19:00:00.000Z').valueOf(),
y: 0,
},
{
x: new Date('2019-02-09T22:00:00.000Z').valueOf(),
y: 31,
},
{
x: new Date('2019-02-10T01:00:00.000Z').valueOf(),
y: 88,
x: new Date('2019-02-09T16:45:06.000Z').valueOf(),
y: 1,
},
],
uniqueDestinationIps: 154,
uniqueDestinationIps: 1,
uniqueDestinationIpsHistogram: [
{
x: new Date('2019-02-09T16:00:00.000Z').valueOf(),
y: 61,
},
{
x: new Date('2019-02-09T19:00:00.000Z').valueOf(),
y: 0,
},
{
x: new Date('2019-02-09T22:00:00.000Z').valueOf(),
y: 45,
},
{
x: new Date('2019-02-10T01:00:00.000Z').valueOf(),
y: 114,
x: new Date('2019-02-09T16:45:06.000Z').valueOf(),
y: 1,
},
],
};
it('Make sure that we get KpiHosts data', async () => {
const { body: kpiHosts } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiHosts,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
await retry.try(async () => {
const { body: kpiHosts } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiHosts,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(kpiHosts.hostsHistogram!).to.eql(expectedResult.hostsHistogram);
expect(kpiHosts.hosts!).to.eql(expectedResult.hosts);
expect(kpiHosts.hostsHistogram!).to.eql(expectedResult.hostsHistogram);
expect(kpiHosts.hosts!).to.eql(expectedResult.hosts);
});
});
it('Make sure that we get KpiAuthentications data', async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiAuthentications,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
/* We need a very long timeout to avoid returning just partial data.
** https://github.com/elastic/kibana/blob/master/x-pack/test/api_integration/apis/search/search.ts#L18
*/
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
expect(body.authenticationsSuccessHistogram!).to.eql(expectedResult.authSuccessHistogram);
expect(body.authenticationsFailure!).to.eql(expectedResult.authFailure);
expect(body.authenticationsFailureHistogram!).to.eql(expectedResult.authFailureHistogram);
await retry.try(async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiAuthentications,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
/* We need a very long timeout to avoid returning just partial data.
** https://github.com/elastic/kibana/blob/master/x-pack/test/api_integration/apis/search/search.ts#L18
*/
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
expect(body.authenticationsSuccessHistogram!).to.eql(expectedResult.authSuccessHistogram);
expect(body.authenticationsFailure!).to.eql(expectedResult.authFailure);
expect(body.authenticationsFailureHistogram!).to.eql(expectedResult.authFailureHistogram);
});
});
it('Make sure that we get KpiUniqueIps data', async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiUniqueIps,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
expect(body.uniqueDestinationIpsHistogram!).to.eql(
expectedResult.uniqueDestinationIpsHistogram
);
expect(body.uniqueSourceIps!).to.eql(expectedResult.uniqueSourceIps);
expect(body.uniqueSourceIpsHistogram!).to.eql(expectedResult.uniqueSourceIpsHistogram);
await retry.try(async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiUniqueIps,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
expect(body.uniqueDestinationIpsHistogram!).to.eql(
expectedResult.uniqueDestinationIpsHistogram
);
expect(body.uniqueSourceIps!).to.eql(expectedResult.uniqueSourceIps);
expect(body.uniqueSourceIpsHistogram!).to.eql(expectedResult.uniqueSourceIpsHistogram);
});
});
});
describe('With auditbeat', () => {
before(() => esArchiver.load('auditbeat/default'));
after(() => esArchiver.unload('auditbeat/default'));
before(() => esArchiver.load('auditbeat/kpi_hosts'));
after(() => esArchiver.unload('auditbeat/kpi_hosts'));
const FROM = '2000-01-01T00:00:00.000Z';
const TO = '3000-01-01T00:00:00.000Z';
const expectedResult = {
hosts: 6,
hosts: 3,
hostsHistogram: [
{
x: new Date('2018-11-27T00:00:00.000Z').valueOf(),
y: 6,
y: 1,
},
{
x: new Date('2018-11-27T00:30:00.000Z').valueOf(),
y: 6,
y: 0,
},
{
x: new Date('2018-11-27T01:00:00.000Z').valueOf(),
y: 6,
y: 0,
},
{
x: new Date('2018-11-27T01:30:00.000Z').valueOf(),
y: 6,
y: 0,
},
{
x: new Date('2018-11-27T02:00:00.000Z').valueOf(),
y: 6,
y: 1,
},
{
x: new Date('2018-11-27T02:30:00.000Z').valueOf(),
y: 6,
y: 1,
},
],
authSuccess: 0,
authSuccessHistogram: null,
authFailure: 0,
authFailureHistogram: null,
uniqueSourceIps: 370,
uniqueSourceIps: 3,
uniqueSourceIpsHistogram: [
{ x: 1543276800000, y: 74 },
{ x: 1543278600000, y: 52 },
{ x: 1543280400000, y: 71 },
{ x: 1543282200000, y: 76 },
{ x: 1543284000000, y: 71 },
{ x: 1543285800000, y: 89 },
{ x: 1543276800000, y: 1 },
{ x: 1543278600000, y: 0 },
{ x: 1543280400000, y: 0 },
{ x: 1543282200000, y: 0 },
{ x: 1543284000000, y: 1 },
{ x: 1543285800000, y: 1 },
],
uniqueDestinationIps: 1,
uniqueDestinationIps: 0,
uniqueDestinationIpsHistogram: [
{ x: 1543276800000, y: 0 },
{ x: 1543278600000, y: 0 },
{ x: 1543280400000, y: 0 },
{ x: 1543282200000, y: 0 },
{ x: 1543284000000, y: 0 },
{ x: 1543285800000, y: 1 },
{ x: 1543285800000, y: 0 },
],
};
it('Make sure that we get KpiHosts data', async () => {
const { body: kpiHosts } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiHosts,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
await retry.try(async () => {
const { body: kpiHosts } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiHosts,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(kpiHosts.hostsHistogram!).to.eql(expectedResult.hostsHistogram);
expect(kpiHosts.hosts!).to.eql(expectedResult.hosts);
expect(kpiHosts.hostsHistogram!).to.eql(expectedResult.hostsHistogram);
expect(kpiHosts.hosts!).to.eql(expectedResult.hosts);
});
});
it('Make sure that we get KpiAuthentications data', async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiAuthentications,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
expect(body.authenticationsSuccessHistogram!).to.eql(expectedResult.authSuccessHistogram);
expect(body.authenticationsFailure!).to.eql(expectedResult.authFailure);
expect(body.authenticationsFailureHistogram!).to.eql(expectedResult.authFailureHistogram);
await retry.try(async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiAuthentications,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
expect(body.authenticationsSuccessHistogram!).to.eql(expectedResult.authSuccessHistogram);
expect(body.authenticationsFailure!).to.eql(expectedResult.authFailure);
expect(body.authenticationsFailureHistogram!).to.eql(expectedResult.authFailureHistogram);
});
});
it('Make sure that we get KpiUniqueIps data', async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiUniqueIps,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
expect(body.uniqueDestinationIpsHistogram!).to.eql(
expectedResult.uniqueDestinationIpsHistogram
);
expect(body.uniqueSourceIps!).to.eql(expectedResult.uniqueSourceIps);
expect(body.uniqueSourceIpsHistogram!).to.eql(expectedResult.uniqueSourceIpsHistogram);
await retry.try(async () => {
const { body } = await supertest
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsKpiQueries.kpiUniqueIps,
timerange: {
interval: '12h',
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
expect(body.uniqueDestinationIpsHistogram!).to.eql(
expectedResult.uniqueDestinationIpsHistogram
);
expect(body.uniqueSourceIps!).to.eql(expectedResult.uniqueSourceIps);
expect(body.uniqueSourceIpsHistogram!).to.eql(expectedResult.uniqueSourceIpsHistogram);
});
});
});
});

110231
x-pack/test/functional/es_archives/auditbeat/default/data.json Normal file
View file

File diff suppressed because it is too large Load diff

194
x-pack/test/functional/es_archives/auditbeat/kpi_hosts/data.json Normal file
View file

@ -0,0 +1,194 @@
{
"type": "doc",
"value": {
"index": "auditbeat-7.0.0-alpha1-2018.11.27",
"type": "doc",
"id": "Rs93UmcBTFzn_XoLWT6M",
"source": {
"@timestamp": "2018-11-27T00:00:11.544Z",
"process": {
"pid": "31964",
"exe": "/usr/sbin/sshd"
},
"source": {
"ip": "128.199.87.213"
},
"network": {
"direction": "incoming"
},
"beat": {
"name": "demo-stack-nginx-01",
"hostname": "demo-stack-nginx-01",
"version": "7.0.0-alpha1"
},
"host": {
"name": "demo-stack-nginx-01"
},
"auditd": {
"session": "unset",
"data": {
"hostname": "128.199.87.213",
"terminal": "ssh",
"op": "PAM:bad_ident"
},
"summary": {
"object": {
"primary": "ssh",
"secondary": "128.199.87.213",
"type": "user-session"
},
"how": "/usr/sbin/sshd",
"actor": {
"primary": "unset",
"secondary": "root"
}
},
"sequence": 192383,
"result": "fail"
},
"event": {
"category": "user-login",
"type": "user_err",
"action": "error",
"module": "auditd"
},
"user": {
"name_map": {
"uid": "root"
},
"auid": "unset",
"uid": "0"
}
}
}
}
{
"type": "doc",
"value": {
"index": "auditbeat-7.0.0-alpha1-2018.11.27",
"type": "doc",
"id": "6Nr4UmcBTFzn_XoL4l6d",
"source": {
"@timestamp": "2018-11-27T02:21:40.914Z",
"host": {
"name": "demo-stack-haproxy-01"
},
"user": {
"auid": "unset",
"uid": "0",
"name_map": {
"uid": "root"
}
},
"process": {
"pid": "20001",
"exe": "/usr/sbin/sshd"
},
"source": {
"ip": "82.62.233.163"
},
"network": {
"direction": "incoming"
},
"auditd": {
"sequence": 142431,
"result": "fail",
"session": "unset",
"data": {
"acct": "(unknown user)",
"op": "login",
"terminal": "sshd"
},
"summary": {
"actor": {
"primary": "unset",
"secondary": "(unknown user)"
},
"object": {
"primary": "sshd",
"secondary": "82.62.233.163",
"type": "user-session"
},
"how": "/usr/sbin/sshd"
}
},
"event": {
"category": "user-login",
"type": "user_login",
"action": "logged-in",
"module": "auditd"
},
"beat": {
"name": "demo-stack-haproxy-01",
"hostname": "demo-stack-haproxy-01",
"version": "7.0.0-alpha1"
}
}
}
}
{
"type": "doc",
"value": {
"index": "auditbeat-7.0.0-alpha1-2018.11.27",
"type": "doc",
"id": "sdwQU2cBTFzn_XoLA1gL",
"source": {
"@timestamp": "2018-11-27T02:46:56.545Z",
"process": {
"pid": "26473",
"exe": "/usr/sbin/sshd"
},
"source": {
"ip": "35.243.183.165"
},
"network": {
"direction": "incoming"
},
"beat": {
"name": "demo-stack-apache-01",
"hostname": "demo-stack-apache-01",
"version": "7.0.0-alpha1"
},
"host": {
"name": "demo-stack-apache-01"
},
"auditd": {
"session": "unset",
"data": {
"op": "login",
"acct": "(unknown user)",
"terminal": "sshd"
},
"summary": {
"actor": {
"primary": "unset",
"secondary": "(unknown user)"
},
"object": {
"primary": "sshd",
"secondary": "35.243.183.165",
"type": "user-session"
},
"how": "/usr/sbin/sshd"
},
"sequence": 184472,
"result": "fail"
},
"event": {
"type": "user_login",
"action": "logged-in",
"module": "auditd",
"category": "user-login"
},
"user": {
"name_map": {
"uid": "root"
},
"uid": "0",
"auid": "unset"
}
}
}
}

1903
x-pack/test/functional/es_archives/auditbeat/kpi_hosts/mappings.json Normal file
View file

File diff suppressed because it is too large Load diff

133
x-pack/test/functional/es_archives/filebeat/kpi_hosts/data.json Normal file
View file

@ -0,0 +1,133 @@
{
"type": "doc",
"value": {
"id": "Lw4l02gBqd-n62Sw_lxm",
"index": "filebeat-7.0.0-iot-2019.06",
"source": {
"@timestamp": "2019-02-09T16:45:06.331Z",
"@version": "1",
"agent": {
"ephemeral_id": "97412477-f94f-4f25-a21f-4103798683db",
"hostname": "raspberrypi",
"id": "4d3ea604-27e5-4ec7-ab64-44f82285d776",
"type": "filebeat",
"version": "7.0.0"
},
"destination": {
"domain": "s3-iad-2.cf.dash.row.aiv-cdn.net",
"ip": "10.100.7.196",
"port": 57854
},
"ecs": {
"version": "1.0.0-beta2"
},
"event": {
"dataset": "suricata.eve",
"end": "2019-02-09T16:45:06.331Z",
"kind": "event",
"module": "suricata",
"type": "fileinfo"
},
"file": {
"path": "/dm/2$XTMWANo0Q2RZKlH-95UoAahZrOg~/8cdf/ad98/e000/4b0d-8f72-8faf9aa1a35a/c3d5b471-4e36-45e0-8ca7-d789366f3b31_audio_13.mp4",
"size": 48277
},
"fileset": {
"name": "eve"
},
"flow": {
"locality": "public"
},
"host": {
"architecture": "armv7l",
"containerized": false,
"hostname": "raspberrypi",
"id": "b19a781f683541a7a25ee345133aa399",
"name": "raspberrypi",
"os": {
"codename": "stretch",
"family": "",
"kernel": "4.14.50-v7+",
"name": "Raspbian GNU/Linux",
"platform": "raspbian",
"version": "9 (stretch)"
}
},
"http": {
"request": {
"method": "get"
},
"response": {
"body": {
"bytes": 48277
},
"status_code": 206
}
},
"input": {
"type": "log"
},
"labels": {
"pipeline": "filebeat-7.0.0-suricata-eve-pipeline"
},
"log": {
"file": {
"path": "/var/log/suricata/eve.json"
},
"offset": 1734115622
},
"network": {
"name": "iot",
"protocol": "http",
"transport": "tcp"
},
"service": {
"type": "suricata"
},
"source": {
"as": {
"num": 16509,
"org": "Amazon.com, Inc."
},
"domain": "server-54-239-220-184.ewr50.r.cloudfront.net",
"geo": {
"city_name": "Seattle",
"continent_name": "North America",
"country_iso_code": "US",
"location": {
"lat": 47.6103,
"lon": -122.3341
},
"region_iso_code": "US-WA",
"region_name": "Washington"
},
"ip": "54.239.220.184",
"port": 80
},
"suricata": {
"eve": {
"fileinfo": {
"state": "CLOSED",
"stored": false,
"tx_id": 102
},
"flow_id": 311011499414922,
"http": {
"http_content_type": "video/mp4",
"protocol": "HTTP/1.1"
},
"in_iface": "eth0"
}
},
"tags": [
"suricata"
],
"url": {
"domain": "s3-iad-2.cf.dash.row.aiv-cdn.net",
"original": "/dm/2$XTMWANo0Q2RZKlH-95UoAahZrOg~/8cdf/ad98/e000/4b0d-8f72-8faf9aa1a35a/c3d5b471-4e36-45e0-8ca7-d789366f3b31_audio_13.mp4",
"path": "/dm/2$XTMWANo0Q2RZKlH-95UoAahZrOg~/8cdf/ad98/e000/4b0d-8f72-8faf9aa1a35a/c3d5b471-4e36-45e0-8ca7-d789366f3b31_audio_13.mp4"
}
},
"type": "_doc"
}
}

5940
x-pack/test/functional/es_archives/filebeat/kpi_hosts/mappings.json Normal file
View file

File diff suppressed because it is too large Load diff