Skip to content

Commit

Permalink
Adding test to make sure non dns events are ingested correctly
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonathan-buttner
jonathan-buttner committed Oct 2, 2020
1 parent cb547ec commit 9d07a67
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
2 changes: 1 addition & 1 deletion x-pack/test/security_solution_endpoint_api_int/apis/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import { getRegistryUrl as getRegistryUrlFromIngest } from '../../../plugins/ing
export default function endpointAPIIntegrationTests(providerContext: FtrProviderContext) {
const { loadTestFile, getService } = providerContext;

describe.skip('Endpoint plugin', function () {
describe('Endpoint plugin', function () {
const ingestManager = getService('ingestManager');

this.tags('ciGroup7');
Expand Down
26 changes: 26 additions & 0 deletions x-pack/test/security_solution_endpoint_api_int/apis/package.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,31 @@ export default function ({ getService }: FtrProviderContext) {
};

describe('Endpoint package', () => {
describe('network processors', () => {
let networkIndexData: InsertedEvents;

after(async () => {
await resolver.deleteData(networkIndexData);
});

it('handles events without the `network.protocol` field being defined', async () => {
const eventWithoutNetworkObject = generator.generateEvent();
// ensure that `network.protocol` does not exist in the event to test that the pipeline handles those type of events
delete eventWithoutNetworkObject.network;

// this call will fail if the pipeline fails
networkIndexData = await resolver.insertEvents([eventWithoutNetworkObject], networkIndex);
const eventWithBothIPs = await searchForID<SafeEndpointEvent>(
networkIndexData.eventsInfo[0]._id
);

// ensure that the event was inserted into ES
expect(eventWithBothIPs.body.hits.hits[0]._source.event?.id).to.be(
eventWithoutNetworkObject.event?.id
);
});
});

describe('dns processor', () => {
before(async () => {
await esArchiver.load('endpoint/pipeline/dns', { useCreate: true });
Expand Down Expand Up @@ -140,6 +165,7 @@ export default function ({ getService }: FtrProviderContext) {
const eventWithSourceOnly = generator.generateEvent({
extensions: { source: { ip: '8.8.8.8' } },
});

networkIndexData = await resolver.insertEvents(
[eventWithBothIPs, eventWithSourceOnly],
networkIndex
Expand Down

0 comments on commit 9d07a67

Please sign in to comment.