Skip to content

Commit

Permalink
Merge pull request #367 from Security-Onion-Solutions/2.4/detections-…
Browse files Browse the repository at this point in the history 
…brower

Fix tests
  • Loading branch information
@defensivedepth
defensivedepth authored Mar 5, 2024
2 parents f49b4b3 + 366c9d7 commit 985459e
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions server/modules/elastalert/elastalert_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -244,8 +244,8 @@ func TestSigmaToElastAlertSunnyDay(t *testing.T) {

expected := `play_title: Test Detection
play_id: 00000000-0000-0000-0000-000000000000
event.module: elastalert
event.dataset: elastalert.alert
event.module: sigma
event.dataset: sigma.alert
event.severity: 4
rule.category: ""
sigma_level: high
Expand Down Expand Up @@ -544,7 +544,7 @@ func TestSyncElastAlert(t *testing.T) {
// sigmaToElastAlert
m.EXPECT().ExecCommand(gomock.Any()).Return([]byte("[sigma rule]"), 0, time.Duration(0), nil)
// WriteFile when enabling
m.EXPECT().WriteFile(SimpleRuleSID + ".yml", []byte("play_title: TEST\nplay_id: " + SimpleRuleSID + "\nevent.module: elastalert\nevent.dataset: elastalert.alert\nevent.severity: 3\nrule.category: \"\"\nsigma_level: medium\nalert:\n - modules.so.playbook-es.PlaybookESAlerter\nindex: .ds-logs-*\nname: TEST - " + SimpleRuleSID + "\ntype: any\nfilter:\n - eql: '[sigma rule]'\nplay_url: play_url\nkibana_pivot: kibana_pivot\nsoc_pivot: soc_pivot\n"), fs.FileMode(0644)).Return(nil)
m.EXPECT().WriteFile(SimpleRuleSID + ".yml", []byte("play_title: TEST\nplay_id: " + SimpleRuleSID + "\nevent.module: sigma\nevent.dataset: sigma.alert\nevent.severity: 3\nrule.category: \"\"\nsigma_level: medium\nalert:\n - modules.so.playbook-es.PlaybookESAlerter\nindex: .ds-logs-*\nname: TEST - " + SimpleRuleSID + "\ntype: any\nfilter:\n - eql: '[sigma rule]'\nplay_url: play_url\nkibana_pivot: kibana_pivot\nsoc_pivot: soc_pivot\n"), fs.FileMode(0644)).Return(nil)
},
},
{
Expand Down Expand Up @@ -610,7 +610,7 @@ func TestSyncElastAlert(t *testing.T) {
// sigmaToElastAlert
m.EXPECT().ExecCommand(gomock.Any()).Return([]byte("[sigma rule]"), 0, time.Duration(0), nil)
// WriteFile when enabling
m.EXPECT().WriteFile(SimpleRuleSID + ".yml", []byte("play_title: TEST\nplay_id: " + SimpleRuleSID + "\nevent.module: elastalert\nevent.dataset: elastalert.alert\nevent.severity: 3\nrule.category: \"\"\nsigma_level: medium\nalert:\n - modules.so.playbook-es.PlaybookESAlerter\nindex: .ds-logs-*\nname: TEST - " + SimpleRuleSID + "\ntype: any\nfilter:\n - eql: ([sigma rule]) and TRUE\nplay_url: play_url\nkibana_pivot: kibana_pivot\nsoc_pivot: soc_pivot\n"), fs.FileMode(0644)).Return(nil)
m.EXPECT().WriteFile(SimpleRuleSID + ".yml", []byte("play_title: TEST\nplay_id: " + SimpleRuleSID + "\nevent.module: sigma\nevent.dataset: sigma.alert\nevent.severity: 3\nrule.category: \"\"\nsigma_level: medium\nalert:\n - modules.so.playbook-es.PlaybookESAlerter\nindex: .ds-logs-*\nname: TEST - " + SimpleRuleSID + "\ntype: any\nfilter:\n - eql: ([sigma rule]) and TRUE\nplay_url: play_url\nkibana_pivot: kibana_pivot\nsoc_pivot: soc_pivot\n"), fs.FileMode(0644)).Return(nil)
},
},
}
Expand Down

0 comments on commit 985459e

Please sign in to comment.