updating assertion messages

Author: sourabh

cloudwatchevents/test/test-guardduty-benchmark.py

@@ -87,6 +87,7 @@ def __init__(self, source_category, finding_types, delay):
         self.source_category = source_category
         self.findings = copy.deepcopy(finding_types)
         self.findings.append("CreateSampleFindings")
+        self.findings.append("Exfiltration:IAMUser/AnomalousBehavior")
         print("Initialization complete for SumoLogicResource Object.")
 
     @property
@@ -136,7 +137,8 @@ def assert_logs(self):
                 assert any((("type" in d and d["type"] == finding_type)
                             or ("eventName" in d and d["eventName"] == finding_type)) for d in messages)
             except AssertionError as e:
-                self.verificationErrors.append(str(e))
+                self.verificationErrors.append(
+                    "Finding Type \" %s \" not found in the Logs fetched from Sumo Logic." % finding_type)
 
     def assert_collector(self, collector_id, assertions):
         collector_details, etag = self.sumo.collector(collector_id)
@@ -155,7 +157,9 @@ def assertions(self, data, assertions):
             try:
                 assert value == data[key] or value in data[key]
             except AssertionError as e:
-                self.verificationErrors.append(str(e))
+                self.verificationErrors.append(
+                    "Expected Value \" %s \" does not match the current value \" %s \" for the Key "
+                    "as \" %s \"." % (value, data[key], key))
 
 
 class CloudFormation(object):

sumologic-app-utils/src/sumoresource.py

@@ -945,7 +945,7 @@ def extract_params(self, event):
 
 
 class SumoLogicFieldExtractionRule(SumoResource):
-    def _get_fer_by_name(self, fer_name):
+    def get_fer_by_name(self, fer_name):
         token = ""
         page_limit = 100
         response = self.sumologic_cli.get_all_field_extraction_rules(limit=page_limit, token=token)
@@ -1348,55 +1348,52 @@ def extract_params(self, event):
 
 if __name__ == '__main__':
     props = {
-        "SumoAccessID": "",
-        "SumoAccessKey": "",
+        "SumoAccessID": "suU2PzuEzdacyE",
+        "SumoAccessKey": "dZks62YfZ8n3pPXzLFpNrJOMlxyJ5soUEHcKL7nOCOFJCGmefwreHaP6UUC7IAIp",
         "SumoDeployment": "us1",
     }
-    app_prefix = "CloudTrail"
-    # app_prefix = "GuardDuty"
-    collector_id = None
-    collector_type = "Hosted"
-    collector_name = "%sCollector" % app_prefix
-    source_name = "%sEvents" % app_prefix
-    source_category = "Labs/AWS/%s" % app_prefix
-    # appname = "Global Intelligence for Amazon GuardDuty"
-    appname = "Global Intelligence for AWS CloudTrail"
-    appid = "570bdc0d-f824-4fcb-96b2-3230d4497180"
-    # appid = "ceb7fac5-1137-4a04-a5b8-2e49190be3d4"
-    # appid = None
-    # source_params = {
-    #     "logsrc": "_sourceCategory=%s" % source_category
-    # }
-    source_params = {
-        "cloudtraillogsource": "_sourceCategory=%s" % source_category,
-        "indexname": '%rnd%',
-        "incrementalindex": "%rnd%"
-    }
-    # col = Collector(**params)
-    # src = HTTPSource(**params)
-    app = App(props)
-
-    # create
-    # _, collector_id = col.create(collector_type, collector_name, source_category)
-    # _, source_id = src.create(collector_id, source_name, source_category)
-
-    _, app_folder_id = app.create(appname, source_params, appid)
-    app.delete(app_folder_id, True)
-
-    # update
-    # _, new_collector_id = col.update(collector_id, collector_type, "%sCollectorNew" % app_prefix, "Labs/AWS/%sNew" % app_prefix, description="%s Collector" % app_prefix)
-    # assert(collector_id == new_collector_id)
-    # _, new_source_id = src.update(collector_id, source_id, "%sEventsNew" % app_prefix, "Labs/AWS/%sNew" % app_prefix, date_format="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", date_locator='\"createTime\":(.*),')
-    # assert(source_id == new_source_id)
-    # new_source_params = {
-    #     "logsrc": "_sourceCategory=%s" % ("Labs/AWS/%sNew" % app_prefix)
-    # }
-
-    # _, new_app_folder_id = app.update(app_folder_id, appname, new_source_params, appid)
-    # assert(app_folder_id != new_app_folder_id)
-
-    # delete
-    # src.delete(collector_id, source_id, True)
-    # col.delete(collector_id, True)
-    # app.delete(new_app_folder_id, True)
+
+    # Delete the FER
+    fer_names = ["AwsObservabilityAlbAccessLogsFER", "AwsObservabilityApiGatewayCloudTrailLogsFER",
+                 "AwsObservabilityDynamoDBCloudTrailLogsFER", "AwsObservabilityECSCloudTrailLogsFER",
+                 "AwsObservabilityElastiCacheCloudTrailLogsFER", "AwsObservabilityFieldExtractionRule",
+                 "AwsObservabilityLambdaCloudWatchLogsFER", "AwsObservabilityNlbAccessLogsFER",
+                 "AwsObservabilityRdsCloudTrailLogsFER"]
+    fer_resource = SumoLogicFieldExtractionRule(props)
+    for fer_name in fer_names:
+        try:
+            fer_details = fer_resource.get_fer_by_name(fer_name)
+            fer_resource.delete(fer_details["id"], True)
+        except Exception as e:
+            print("FER Not Found")
+
+    # Delete the Metric Rules
+    metric_rule_names = ["AwsObservabilityALBMetricsEntityRule", "AwsObservabilityApiGatewayMetricsEntityRule",
+                         "AwsObservabilityDynamoDBMetricsEntityRule", "AwsObservabilityEC2MetricsEntityRule",
+                         "AwsObservabilityECSMetricsEntityRule", "AwsObservabilityElastiCacheMetricsEntityRule",
+                         "AwsObservabilityLambdaMetricsEntityRule", "AwsObservabilityNLBMetricsEntityRule",
+                         "AwsObservabilityRDSClusterMetricsEntityRule", "AwsObservabilityRDSInstanceMetricsEntityRule"]
+    metric_resource = SumoLogicMetricRules(props)
+    for metric_rule_name in metric_rule_names:
+        metric_resource.delete(metric_rule_name, metric_rule_name, True)
+
+    # Delete the Hierarchy
+    explorer_resource = SumoLogicAWSExplorer(props)
+    try:
+        id = explorer_resource.get_explorer_id("AWS Observability")
+        explorer_resource.delete(id, "AWS Observability", True)
+    except Exception as e:
+        print("Explorer Not Found")
+
+    # Delete the Fields
+    fields = ["loadbalancer", "apiname", "account", "region", "namespace", "tablename", "instanceid", "clustername",
+              "cacheclusterid", "functionname", "networkloadbalancer", "dbidentifier", "dbinstanceidentifier",
+              "dbclusteridentifier"]
+    field_resource = SumoLogicFieldsSchema(props)
+    for field in fields:
+        try:
+            id = field_resource.get_field_id(field)
+            field_resource.delete(id, field, True)
+        except Exception as e:
+            print("Field Not Found")