Skip to content

Commit 2ff00cf

Browse files
navnit-elasticnavnit-elastic
committed
add system test for govcloud url
1 parent 5f9980f commit 2ff00cf

File tree

5 files changed

+110
-6
lines changed

5 files changed

+110
-6
lines changed

packages/crowdstrike/_dev/deploy/docker/docker-compose.yml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,21 @@ services:
2626
- http-server
2727
- --addr=:8090
2828
- --config=/files/config-host.yml
29+
crowdstrike-govcloud-host:
30+
image: docker.elastic.co/observability/stream:v0.18.0
31+
hostname: api.laggar.gcw.crowdstrike.com
32+
ports:
33+
- 443
34+
volumes:
35+
- ./files:/files:ro
36+
environment:
37+
PORT: '443'
38+
command:
39+
- http-server
40+
- --addr=:443
41+
- --config=/files/config-host.yml
42+
- --tls-cert=/files/host-certificate.crt
43+
- --tls-key=/files/host-private.key
2944
crowdstrike-vulnerability:
3045
image: docker.elastic.co/observability/stream:v0.18.0
3146
hostname: crowdstrike-vulnerability

packages/crowdstrike/_dev/deploy/docker/files/host-certificate.crt

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDYzCCAksCFFGMQfCJCOhno5glfM2CgGiX4V/iMA0GCSqGSIb3DQEBCwUAMG4x
3+
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
4+
cm5ldCBXaWRnaXRzIFB0eSBMdGQxJzAlBgNVBAMMHmFwaS5sYWdnYXIuZ2N3LmNy
5+
b3dkc3RyaWtlLmNvbTAeFw0yNTExMTkwNjM5MjNaFw0yNjExMTkwNjM5MjNaMG4x
6+
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
7+
cm5ldCBXaWRnaXRzIFB0eSBMdGQxJzAlBgNVBAMMHmFwaS5sYWdnYXIuZ2N3LmNy
8+
b3dkc3RyaWtlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANKi
9+
08KNqljYfRFzpW2CT+moBn+ZPyzTkDCXc7REzjBWbC0l6gtsA4clB8IVVMXnoWWI
10+
/M4dyfL3AE4/5358H26yQeCp684VxjAuKTbNc2tLTQx+2PRyGeqtq+WBjznGz6Rq
11+
Q9GQUidI2Wnj0jsZTYVmQfVIh9e83TmvP4QIpdYkKcH5TTxiiBsZqUou2JmChViL
12+
c3C1nGEP8ZIzjvl4dqnWT36fKqBne5zXnAjdu/Ls3B+6klgRD6gRy71lEi52Bt+3
13+
LGygviNhyph0qOTVPpfMrdgQNomeF14HYAYnkQCbu6AlpldT1CYNrt7pXW/Ma71K
14+
s+Qhp5DKuCeDBLLwqbECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAM4uSZG6gL/Db
15+
PvINJypmPp1vkN5LmVs/DSk96nPUCCkch7KVQ9iIrDWSWv+o9mK4IVYNYN39t/Gw
16+
iPi9v5ukAdUF0t8HUeO0JEjFPmRkeGYdr422kD1/YweyBOTl9r8tCgz8M06xfR9g
17+
aS6HxY4yiVsDpI2DSihD8NOyCx6eBKFFssAkiDrt393BZSFfEfI7N1f1v2LnyfQb
18+
KDeYeM+qqcCiZqwsiiuNvF5W9WTsFGl3casq1rGQdcsZxK2oDTlbsEHjyCSn0knq
19+
L3Q8Xfh332MQEyBwEVHRRsJfvLqWMhwGX3cSvgfhyXCh+0H0ZMva+OpPzFnZLZU4
20+
zcmwS/EbaQ==
21+
-----END CERTIFICATE-----

packages/crowdstrike/_dev/deploy/docker/files/host-private.key

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDSotPCjapY2H0R
3+
c6Vtgk/pqAZ/mT8s05Awl3O0RM4wVmwtJeoLbAOHJQfCFVTF56FliPzOHcny9wBO
4+
P+d+fB9uskHgqevOFcYwLik2zXNrS00Mftj0chnqravlgY85xs+kakPRkFInSNlp
5+
49I7GU2FZkH1SIfXvN05rz+ECKXWJCnB+U08YogbGalKLtiZgoVYi3NwtZxhD/GS
6+
M475eHap1k9+nyqgZ3uc15wI3bvy7NwfupJYEQ+oEcu9ZRIudgbftyxsoL4jYcqY
7+
dKjk1T6XzK3YEDaJnhdeB2AGJ5EAm7ugJaZXU9QmDa7e6V1vzGu9SrPkIaeQyrgn
8+
gwSy8KmxAgMBAAECggEBAMofRWTj3Br1Ys5kUtIKwfRNMC8xNtYlDbATJQxPGix4
9+
QcXxI+1h8OC2QAOVxItEAjQUh8KiAzAKpVhxKgrNwLvQgja713MiodOJ+DKGY8MJ
10+
tx3OexHWi9gOX20ULgQbKxVygzGNc8gOt9JMs2fSl/jyb0iYGQKEUSURbbmdMsWQ
11+
n5gmZSsJqJoSUw2GfRWLWNciwtSbv1n89s6ZoyeNrbf+iOwSD+XfLeGPI/ty0zQH
12+
NdAoFguVT7A5gCravh7YdmG0WfrYO8ftapbaYkpA8Vs3LDiY5zkNqyfOEEJrIswR
13+
gHOBIfC3sU7qZeMssesp/EYdG00uHiy+zMhx1+ODvaECgYEA9zu3kUNsQGP75AP3
14+
x1e+NIyUzSQ94SeY+Y2RhCxIDyQmhQ6PQVg+m3eJ824kLPoGFUx5Kn2+xSpIQmVQ
15+
YKf6kfMSNTJ/XTI4tnnLK6dw1T/ILe4efEslXmQwjGSKbDlWDXCdVsS/YnlMu8+n
16+
CrrX5haTrGBix3/+iwcZnnhg0K8CgYEA2hrlOcS7MN8YYFp2+8eT/pco2606AMMB
17+
Vnog8bA8EvVOFuydQ2yjHMfA+/ZetI7TIci+ypwsE/Qga6irXyCW68fmJcRUrOre
18+
0XkDErsM9SHLFqEjhXq7I8UDLluVXywUGMkr7pWBDyLjMGxrXiusnndLIgvlxxvI
19+
2SzK1b6zA58CgYBK11H/cFiRuXKkGKtmNeKHR9M3snPk97awPLHDQCBkLP5YIwss
20+
rcjuCSbCgSIEV3+F7Qt02HHqf502NDM7vz3z9pAZeHrjvHM8kev2AA8BDvjLJp0l
21+
5R2f0FZ9+WWJ02WAVgnbHV4OMkgPRpH7hooaxdTYRqlAWTe14GVZ+njcUwKBgQCo
22+
gG7oGp2kPDfQ+RNDogUshAwE6+gL/pxh+yjIkKdY3jveah91n9DEw27NOqIgTNfB
23+
Gh6M2esT31/MzRrY+4ydzGp6cxwYG7zZiOxe5DQ2jk0gxo1y6kb6c5LplcfpJ1y/
24+
aWyPfuGemA19s8Wfk45hPzjErPxwv36Eip6KVDJpcQKBgQDzEYFyKKhscwVdviX/
25+
abMbFBQmTmaFXlZqSM9lC/mTmuaWSesAPlAwgeErcnTz1ABzeT1f6fYUajoD+pnx
26+
yrfh5ppYQ3W30szYl/fQZzhL8pHZwEzt1rL2H3777F8cqYhLSrxfCLG1yfNqgRYs
27+
dIokPz0yzodkm4fGTH4/AtZZxA==
28+
-----END PRIVATE KEY-----

packages/crowdstrike/data_stream/host/_dev/test/system/test-govcloudurl-config.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
input: cel
2+
service: crowdstrike-govcloud-host
3+
vars:
4+
url: https://api.laggar.gcw.crowdstrike.com
5+
client_id: xxxx
6+
client_secret: xxxx
7+
token_url: https://api.laggar.gcw.crowdstrike.com/oauth2/token
8+
ssl: |
9+
certificate_authorities:
10+
- |
11+
-----BEGIN CERTIFICATE-----
12+
MIIDYzCCAksCFFGMQfCJCOhno5glfM2CgGiX4V/iMA0GCSqGSIb3DQEBCwUAMG4x
13+
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
14+
cm5ldCBXaWRnaXRzIFB0eSBMdGQxJzAlBgNVBAMMHmFwaS5sYWdnYXIuZ2N3LmNy
15+
b3dkc3RyaWtlLmNvbTAeFw0yNTExMTkwNjM5MjNaFw0yNjExMTkwNjM5MjNaMG4x
16+
CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
17+
cm5ldCBXaWRnaXRzIFB0eSBMdGQxJzAlBgNVBAMMHmFwaS5sYWdnYXIuZ2N3LmNy
18+
b3dkc3RyaWtlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANKi
19+
08KNqljYfRFzpW2CT+moBn+ZPyzTkDCXc7REzjBWbC0l6gtsA4clB8IVVMXnoWWI
20+
/M4dyfL3AE4/5358H26yQeCp684VxjAuKTbNc2tLTQx+2PRyGeqtq+WBjznGz6Rq
21+
Q9GQUidI2Wnj0jsZTYVmQfVIh9e83TmvP4QIpdYkKcH5TTxiiBsZqUou2JmChViL
22+
c3C1nGEP8ZIzjvl4dqnWT36fKqBne5zXnAjdu/Ls3B+6klgRD6gRy71lEi52Bt+3
23+
LGygviNhyph0qOTVPpfMrdgQNomeF14HYAYnkQCbu6AlpldT1CYNrt7pXW/Ma71K
24+
s+Qhp5DKuCeDBLLwqbECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAM4uSZG6gL/Db
25+
PvINJypmPp1vkN5LmVs/DSk96nPUCCkch7KVQ9iIrDWSWv+o9mK4IVYNYN39t/Gw
26+
iPi9v5ukAdUF0t8HUeO0JEjFPmRkeGYdr422kD1/YweyBOTl9r8tCgz8M06xfR9g
27+
aS6HxY4yiVsDpI2DSihD8NOyCx6eBKFFssAkiDrt393BZSFfEfI7N1f1v2LnyfQb
28+
KDeYeM+qqcCiZqwsiiuNvF5W9WTsFGl3casq1rGQdcsZxK2oDTlbsEHjyCSn0knq
29+
L3Q8Xfh332MQEyBwEVHRRsJfvLqWMhwGX3cSvgfhyXCh+0H0ZMva+OpPzFnZLZU4
30+
zcmwS/EbaQ==
31+
-----END CERTIFICATE-----
32+
data_stream:
33+
vars:
34+
interval: 10s
35+
batch_size: 1
36+
preserve_original_event: true
37+
preserve_duplicate_custom_fields: true
38+
gov_cloud: false
39+
assert:
40+
hit_count: 2

packages/crowdstrike/data_stream/host/sample_event.json

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
{
22
"@timestamp": "2023-11-07T10:26:53.000Z",
33
"agent": {
4-
"ephemeral_id": "fb2b4183-e05d-42d4-b755-d556d0ded61c",
5-
"id": "d935a6d7-9399-4410-a411-3aaacb68704d",
6-
"name": "elastic-agent-31711",
4+
"ephemeral_id": "a6f81e7f-864b-4344-b8ec-f6041238c4fc",
5+
"id": "765abad7-087d-47bb-8b19-9c1cbdd02841",
6+
"name": "elastic-agent-62044",
77
"type": "filebeat",
88
"version": "8.18.0"
99
},
@@ -147,7 +147,7 @@
147147
},
148148
"data_stream": {
149149
"dataset": "crowdstrike.host",
150-
"namespace": "28079",
150+
"namespace": "49463",
151151
"type": "logs"
152152
},
153153
"device": {
@@ -157,7 +157,7 @@
157157
"version": "8.17.0"
158158
},
159159
"elastic_agent": {
160-
"id": "d935a6d7-9399-4410-a411-3aaacb68704d",
160+
"id": "765abad7-087d-47bb-8b19-9c1cbdd02841",
161161
"snapshot": true,
162162
"version": "8.18.0"
163163
},
@@ -167,7 +167,7 @@
167167
"host"
168168
],
169169
"dataset": "crowdstrike.host",
170-
"ingested": "2025-11-19T05:39:55Z",
170+
"ingested": "2025-11-19T07:13:45Z",
171171
"kind": "event",
172172
"original": "{\"agent_load_flags\":\"0\",\"agent_local_time\":\"2023-11-07T04:51:16.678Z\",\"agent_version\":\"7.05.17603.0\",\"bios_manufacturer\":\"ABCInc.\",\"bios_version\":\"2020.0.1.0.0(iBridge:22.11.000.0.0,0)\",\"chassis_type\":\"9\",\"chassis_type_desc\":\"Laptop\",\"cid\":\"92012896127c4948236ba7601b886b0\",\"config_id_base\":\"6594763\",\"config_id_build\":\"1703\",\"config_id_platform\":\"4\",\"connection_ip\":\"81.2.69.192\",\"cpu_signature\":\"460517\",\"device_id\":\"3114433dbce478ca48d9a828b9b34be\",\"device_policies\":{\"device_control\":{\"applied\":true,\"applied_date\":\"2023-06-20T08:45:26.341093915Z\",\"assigned_date\":\"2023-06-20T08:43:47.736146738Z\",\"policy_id\":\"2f88daf0177f467dae69262a5ce71775\",\"policy_type\":\"device-control\"},\"firewall\":{\"applied\":true,\"applied_date\":\"2023-09-11T10:33:44.174488832Z\",\"assigned_date\":\"2023-09-11T10:32:47.853976945Z\",\"policy_id\":\"1ee301f7e3e24e96ad6a23c73aaac1e3\",\"policy_type\":\"firewall\",\"rule_set_id\":\"1ee301f7e3e24e96ad6a23c73aaac1e3\"},\"global_config\":{\"applied\":true,\"applied_date\":\"2023-11-07T04:52:59.515775409Z\",\"assigned_date\":\"2023-11-07T04:51:18.94671252Z\",\"policy_id\":\"7e3078b60976486cac5dc998808d9135\",\"policy_type\":\"globalconfig\",\"settings_hash\":\"f01def74\"},\"prevention\":{\"applied\":true,\"applied_date\":\"2023-06-08T10:04:47.643357971Z\",\"assigned_date\":\"2023-06-08T10:03:49.505180252Z\",\"policy_id\":\"1024fac1b279424fa7300b8ac2d56be5\",\"policy_type\":\"prevention\",\"rule_groups\":[],\"settings_hash\":\"f7a54ca1\"},\"remote_response\":{\"applied\":true,\"applied_date\":\"2023-06-08T10:04:47.01735027Z\",\"assigned_date\":\"2023-06-08T10:03:49.505163572Z\",\"policy_id\":\"dabb4def99034f11b9b3d52271584c9f\",\"policy_type\":\"remote-response\",\"settings_hash\":\"8a548e5e\"},\"sensor_update\":{\"applied\":true,\"applied_date\":\"2023-11-07T04:52:59.659583066Z\",\"assigned_date\":\"2023-11-07T04:47:43.342175341Z\",\"policy_id\":\"64bfa2bbcd4e46da92a66b107933da11\",\"policy_type\":\"sensor-update\",\"settings_hash\":\"tagged|18;101\",\"uninstall_protection\":\"ENABLED\"}},\"external_ip\":\"81.2.69.192\",\"first_seen\":\"2023-06-08T10:00:19Z\",\"group_hash\":\"b607fe25348a46d421ff46e19741b0caf5bbc70bb6da1637f56e97b4e1454d77\",\"groups\":[\"182388a8dbea4c44b5e019cfd32c2695\"],\"hostname\":\"CLM101-131.local\",\"kernel_version\":\"22.6.0\",\"last_seen\":\"2023-11-07T10:25:24Z\",\"local_ip\":\"81.2.69.142\",\"mac_address\":\"14-7d-da-ad-ac-71\",\"machine_domain\":\"SYS\",\"major_version\":\"22\",\"meta\":{\"version\":\"6002\",\"version_string\":\"7:43570272778\"},\"minor_version\":\"6\",\"modified_timestamp\":\"2023-11-07T10:26:53Z\",\"os_build\":\"22G120\",\"os_version\":\"Ventura(13)\",\"platform_id\":\"1\",\"platform_name\":\"Mac\",\"policies\":[{\"applied\":true,\"applied_date\":\"2023-06-08T10:04:47.643357971Z\",\"assigned_date\":\"2023-06-08T10:03:49.505180252Z\",\"policy_id\":\"1024fac1b279424fa7300b8ac2d56be5\",\"policy_type\":\"prevention\",\"rule_groups\":[],\"settings_hash\":\"f7a54ca1\"}],\"product_type_desc\":\"Workstation\",\"provision_status\":\"Provisioned\",\"reduced_functionality_mode\":\"no\",\"serial_number\":\"FVFDH73HMNHX\",\"site_name\":\"Default-First-Site-Name\",\"status\":\"normal\",\"system_manufacturer\":\"ABCInc.\",\"system_product_name\":\"Air,1\",\"tags\":[\"tags\"]}",
173173
"type": [

0 commit comments

Comments
 (0)