Skip to content

Commit

Permalink
Incorrect Integration Index Check (#3794)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shashank-elastic
shashank-elastic authored Jun 21, 2024
1 parent 11aab02 commit 675cad2
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions tests/test_all_rules.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -679,15 +679,19 @@ def test_integration_tag(self):
failures.append(err_msg)

# checks if an index pattern exists if the package integration tag exists
# and is of pattern logs-{integration}*
integration_string = "|".join(indices)
if not re.search(rule_integration, integration_string):
if not re.search(f"logs-{rule_integration}*", integration_string):
if rule_integration == "windows" and re.search("winlog", integration_string) or \
any(ri in [*map(str.lower, definitions.MACHINE_LEARNING_PACKAGES)]
for ri in rule_integrations):
continue
elif rule_integration == "apm" and \
re.search("apm-*-transaction*|traces-apm*", integration_string):
continue
elif rule.contents.data.type == 'threat_match':
continue
err_msg = f'{self.rule_str(rule)} {rule_integration} tag, index pattern missing.'
err_msg = f'{self.rule_str(rule)} {rule_integration} tag, index pattern missing or incorrect.'
failures.append(err_msg)

# checks if event.dataset exists in query object and a tag exists in metadata
Expand Down

0 comments on commit 675cad2

Please sign in to comment.