Skip to content

[SIEM] Additional Endgame Row Renderer Code Coverage#48722

Merged
andrew-goldstein merged 2 commits intoelastic:masterfrom
andrew-goldstein:additional-endgame-rowrenderer-tests
Oct 22, 2019
Merged

[SIEM] Additional Endgame Row Renderer Code Coverage#48722
andrew-goldstein merged 2 commits intoelastic:masterfrom
andrew-goldstein:additional-endgame-rowrenderer-tests

Conversation

@andrew-goldstein
Copy link
Contributor

[SIEM] Additional Endgame Row Renderer Code Coverage

Adds additional unit test coverage for the Endgame row renderers

Endgame Event Types / Subtypes

Additional unit tests were added for the following Endgame event types / subtypes:

  • DNS (dns_event)
    • request_event
  • File (FIM) (file_event)
    • file_create_event
    • file_delete_event
  • Network (network_event)
    • ipv4_connection_accept_event
    • ipv6_connection_accept_event
    • ipv4_disconnect_received_event
    • ipv6_disconnect_received_event
  • Security (Authentication) (security_event)
    • user_logon
    • admin_logon
    • explicit_user_logon
    • user_logoff
  • Process (process_event)
    • creation_event
    • termination_event

Non-Endgame Events

Additional unit tests for some non-Endgame events were also added, including:

  • FIM file created events
  • FIM file deleted events
  • Socket socket_opened events
  • Socket socket_closed events

https://github.com/elastic/ecs-dev/issues/178

Adds additional unit test coverage for the [Endgame row renderers](elastic#48277)

### Endgame Event Types / Subtypes

Additional unit tests were added for the following Endgame event types / subtypes:

* DNS (`dns_event`)
  - [X] `request_event`
* File (FIM) (`file_event`)
  - [X] `file_create_event`
  - [X] `file_delete_event`
* Network (`network_event`)
  - [X] `ipv4_connection_accept_event`
  - [X] `ipv6_connection_accept_event`
  - [X] `ipv4_disconnect_received_event`
  - [X] `ipv6_disconnect_received_event`
* Security (Authentication) (`security_event`)
  - [X] `user_logon`
  - [X] `admin_logon`
  - [X] `explicit_user_logon`
  - [X] `user_logoff`
* Process (`process_event`)
  - [X] `creation_event`
  - [X] `termination_event`

### Non-Endgame Events

Additional unit tests for some non-Endgame events were also added, including:

* FIM file `created` events
* FIM file `deleted` events
* Socket `socket_opened` events
* Socket `socket_closed` events

elastic/ecs-dev#178
@andrew-goldstein andrew-goldstein added Team:SIEM v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.5.0 labels Oct 19, 2019
@andrew-goldstein andrew-goldstein self-assigned this Oct 19, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Copy link
Contributor

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More code coverage is always greatly appreciated... way to cover your tracks ;)

LGTM!

@andrew-goldstein
Copy link
Contributor Author

@elasticmachine update branch

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@andrew-goldstein andrew-goldstein merged commit c496b9b into elastic:master Oct 22, 2019
@andrew-goldstein andrew-goldstein deleted the additional-endgame-rowrenderer-tests branch October 22, 2019 16:15
andrew-goldstein added a commit to andrew-goldstein/kibana that referenced this pull request Oct 22, 2019
## [SIEM] Additional Endgame Row Renderer Code Coverage

Adds additional unit test coverage for the [Endgame row renderers](elastic#48277)

### Endgame Event Types / Subtypes

Additional unit tests were added for the following Endgame event types / subtypes:

* DNS (`dns_event`)
  - [X] `request_event`
* File (FIM) (`file_event`)
  - [X] `file_create_event`
  - [X] `file_delete_event`
* Network (`network_event`)
  - [X] `ipv4_connection_accept_event`
  - [X] `ipv6_connection_accept_event`
  - [X] `ipv4_disconnect_received_event`
  - [X] `ipv6_disconnect_received_event`
* Security (Authentication) (`security_event`)
  - [X] `user_logon`
  - [X] `admin_logon`
  - [X] `explicit_user_logon`
  - [X] `user_logoff`
* Process (`process_event`)
  - [X] `creation_event`
  - [X] `termination_event`

### Non-Endgame Events

Additional unit tests for some non-Endgame events were also added, including:

* FIM file `created` events
* FIM file `deleted` events
* Socket `socket_opened` events
* Socket `socket_closed` events

elastic/ecs-dev#178
andrew-goldstein added a commit that referenced this pull request Oct 22, 2019
## [SIEM] Additional Endgame Row Renderer Code Coverage

Adds additional unit test coverage for the [Endgame row renderers](#48277)

### Endgame Event Types / Subtypes

Additional unit tests were added for the following Endgame event types / subtypes:

* DNS (`dns_event`)
  - [X] `request_event`
* File (FIM) (`file_event`)
  - [X] `file_create_event`
  - [X] `file_delete_event`
* Network (`network_event`)
  - [X] `ipv4_connection_accept_event`
  - [X] `ipv6_connection_accept_event`
  - [X] `ipv4_disconnect_received_event`
  - [X] `ipv6_disconnect_received_event`
* Security (Authentication) (`security_event`)
  - [X] `user_logon`
  - [X] `admin_logon`
  - [X] `explicit_user_logon`
  - [X] `user_logoff`
* Process (`process_event`)
  - [X] `creation_event`
  - [X] `termination_event`

### Non-Endgame Events

Additional unit tests for some non-Endgame events were also added, including:

* FIM file `created` events
* FIM file `deleted` events
* Socket `socket_opened` events
* Socket `socket_closed` events

elastic/ecs-dev#178
andrew-goldstein added a commit that referenced this pull request Oct 22, 2019
## [SIEM] Additional Endgame Row Renderer Code Coverage

Adds additional unit test coverage for the [Endgame row renderers](#48277)

### Endgame Event Types / Subtypes

Additional unit tests were added for the following Endgame event types / subtypes:

* DNS (`dns_event`)
  - [X] `request_event`
* File (FIM) (`file_event`)
  - [X] `file_create_event`
  - [X] `file_delete_event`
* Network (`network_event`)
  - [X] `ipv4_connection_accept_event`
  - [X] `ipv6_connection_accept_event`
  - [X] `ipv4_disconnect_received_event`
  - [X] `ipv6_disconnect_received_event`
* Security (Authentication) (`security_event`)
  - [X] `user_logon`
  - [X] `admin_logon`
  - [X] `explicit_user_logon`
  - [X] `user_logoff`
* Process (`process_event`)
  - [X] `creation_event`
  - [X] `termination_event`

### Non-Endgame Events

Additional unit tests for some non-Endgame events were also added, including:

* FIM file `created` events
* FIM file `deleted` events
* Socket `socket_opened` events
* Socket `socket_closed` events

elastic/ecs-dev#178
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

release_note:skip Skip the PR/issue when compiling release notes Team:SIEM v7.5.0 v7.6.0 v8.0.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants