Fix tests

SEKOIA-IO · Dec 31, 2024 · 36ceb70 · 36ceb70
1 parent e5d8b93
commit 36ceb70
Show file tree

Hide file tree

Showing 3 changed files with 174 additions and 2 deletions.
diff --git a/Fortinet/fortigate/tests/test_group_field.json b/Fortinet/fortigate/tests/test_group_field.json
@@ -9,6 +9,84 @@
     }
   },
   "expected": {
-    "message": "time=09:35:30 devname=\"eee-111-111-ff-11\" devid=\"FG00000000000000\" eventtime=1735202130361752831 tz=\"+0100\" logid=\"0000000011\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"EFF\" srcip=1.2.3.4 srcport=10000 srcintf=\"EFF-WAN-0000\" srcintfrole=\"lan\" dstip=5.6.7.8 dstport=443 dstintf=\"EFF-DMZ-0000\" dstintfrole=\"lan\" srccountry=\"France\" dstcountry=\"France\" sessionid=400190000 proto=6 action=\"client-rst\" policyid=1018 policytype=\"policy\" poluuid=\"38fa6456-a819-51ef-3c99-000000000000000000\" service=\"HTTPS\" trandisp=\"dnat\" tranip=1.2.3.4 tranport=443 duration=6 sentbyte=100 rcvdbyte=52 sentpkt=2 rcvdpkt=1 appcat=\"unscanned\""
+    "message": "time=09:35:30 devname=\"eee-111-111-ff-11\" devid=\"FG00000000000000\" eventtime=1735202130361752831 tz=\"+0100\" logid=\"0000000011\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"EFF\" srcip=1.2.3.4 srcport=10000 srcintf=\"EFF-WAN-0000\" srcintfrole=\"lan\" dstip=5.6.7.8 dstport=443 dstintf=\"EFF-DMZ-0000\" dstintfrole=\"lan\" srccountry=\"France\" dstcountry=\"France\" sessionid=400190000 proto=6 action=\"client-rst\" policyid=1018 policytype=\"policy\" poluuid=\"38fa6456-a819-51ef-3c99-000000000000000000\" service=\"HTTPS\" trandisp=\"dnat\" tranip=1.2.3.4 tranport=443 duration=6 sentbyte=100 rcvdbyte=52 sentpkt=2 rcvdpkt=1 appcat=\"unscanned\"",
+    "event": {
+      "action": "client-rst",
+      "category": "traffic",
+      "code": "0000000011",
+      "dataset": "traffic:forward",
+      "outcome": "success",
+      "timezone": "+0100"
+    },
+    "@timestamp": "2024-12-26T08:35:30.361753Z",
+    "action": {
+      "name": "client-rst",
+      "outcome": "success",
+      "target": "network-traffic",
+      "type": "forward"
+    },
+    "destination": {
+      "address": "5.6.7.8",
+      "bytes": 52,
+      "ip": "5.6.7.8",
+      "nat": {
+        "ip": "1.2.3.4"
+      },
+      "packets": 1,
+      "port": 443
+    },
+    "fortinet": {
+      "fortigate": {
+        "event": {
+          "type": "traffic"
+        },
+        "policyid": "1018",
+        "poluuid": "38fa6456-a819-51ef-3c99-000000000000000000",
+        "virtual_domain": "EFF"
+      }
+    },
+    "log": {
+      "hostname": "eee-111-111-ff-11",
+      "level": "notice"
+    },
+    "network": {
+      "bytes": 152,
+      "protocol": "https",
+      "transport": "tcp"
+    },
+    "observer": {
+      "egress": {
+        "interface": {
+          "name": "EFF-DMZ-0000"
+        }
+      },
+      "hostname": "eee-111-111-ff-11",
+      "ingress": {
+        "interface": {
+          "name": "EFF-WAN-0000"
+        }
+      },
+      "serial_number": "FG00000000000000"
+    },
+    "related": {
+      "hosts": [
+        "eee-111-111-ff-11"
+      ],
+      "ip": [
+        "1.2.3.4",
+        "5.6.7.8"
+      ]
+    },
+    "rule": {
+      "category": "unscanned",
+      "ruleset": "policy"
+    },
+    "source": {
+      "address": "1.2.3.4",
+      "bytes": 100,
+      "ip": "1.2.3.4",
+      "packets": 2,
+      "port": 10000
+    }
   }
 }
diff --git a/Fortinet/fortigate/tests/test_group_field_1.json b/Fortinet/fortigate/tests/test_group_field_1.json
@@ -9,6 +9,97 @@
     }
   },
   "expected": {
-    "message": "time=14:53:11 devname=\"FFF00D_TEST02\" devid=\"FGT3HD300000000\" eventtime=1735000001620000000 tz=\"+0100\" logid=\"0000000010\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" srcip=1.2.3.4 srcport=50000 srcintf=\"ssl.root\" srcintfrole=\"undefined\" dstip=5.6.5.7 dstport=80 dstintf=\"VPNM-TEST\" dstintfrole=\"undefined\" srccountry=\"Reserved\" dstcountry=\"Reserved\" sessionid=100100046 proto=6 action=\"close\" policyid=274 policytype=\"policy\" poluuid=\"ac8ed64c-54e7-51eb-3525-d610000000000\" user=\"[email protected]\" group=\"TEST-SAML\" authserver=\"azure-saml\" service=\"HTTP\" trandisp=\"snat\" transip=1.0.5.8 transport=50066 duration=7 sentbyte=18800 rcvdbyte=7900 sentpkt=30 rcvdpkt=29 vpn=\"VPNM-TEST\" vpntype=\"ipsec-static\" appcat=\"unscanned\""
+    "message": "time=14:53:11 devname=\"FFF00D_TEST02\" devid=\"FGT3HD300000000\" eventtime=1735000001620000000 tz=\"+0100\" logid=\"0000000010\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd=\"root\" srcip=1.2.3.4 srcport=50000 srcintf=\"ssl.root\" srcintfrole=\"undefined\" dstip=5.6.5.7 dstport=80 dstintf=\"VPNM-TEST\" dstintfrole=\"undefined\" srccountry=\"Reserved\" dstcountry=\"Reserved\" sessionid=100100046 proto=6 action=\"close\" policyid=274 policytype=\"policy\" poluuid=\"ac8ed64c-54e7-51eb-3525-d610000000000\" user=\"[email protected]\" group=\"TEST-SAML\" authserver=\"azure-saml\" service=\"HTTP\" trandisp=\"snat\" transip=1.0.5.8 transport=50066 duration=7 sentbyte=18800 rcvdbyte=7900 sentpkt=30 rcvdpkt=29 vpn=\"VPNM-TEST\" vpntype=\"ipsec-static\" appcat=\"unscanned\"",
+    "event": {
+      "action": "close",
+      "category": "traffic",
+      "code": "0000000010",
+      "dataset": "traffic:forward",
+      "outcome": "success",
+      "timezone": "+0100"
+    },
+    "@timestamp": "2024-12-24T00:26:41.620000Z",
+    "action": {
+      "name": "close",
+      "outcome": "success",
+      "target": "network-traffic",
+      "type": "forward"
+    },
+    "destination": {
+      "address": "5.6.5.7",
+      "bytes": 7900,
+      "ip": "5.6.5.7",
+      "packets": 29,
+      "port": 80
+    },
+    "fortinet": {
+      "fortigate": {
+        "event": {
+          "type": "traffic"
+        },
+        "policyid": "274",
+        "poluuid": "ac8ed64c-54e7-51eb-3525-d610000000000",
+        "virtual_domain": "root"
+      }
+    },
+    "group": {
+      "name": "TEST-SAML"
+    },
+    "log": {
+      "hostname": "FFF00D_TEST02",
+      "level": "notice"
+    },
+    "network": {
+      "bytes": 26700,
+      "protocol": "http",
+      "transport": "tcp"
+    },
+    "observer": {
+      "egress": {
+        "interface": {
+          "name": "VPNM-TEST"
+        }
+      },
+      "hostname": "FFF00D_TEST02",
+      "ingress": {
+        "interface": {
+          "name": "ssl.root"
+        }
+      },
+      "serial_number": "FGT3HD300000000"
+    },
+    "related": {
+      "hosts": [
+        "FFF00D_TEST02"
+      ],
+      "ip": [
+        "1.0.5.8",
+        "1.2.3.4",
+        "5.6.5.7"
+      ],
+      "user": [
+        "[email protected]"
+      ]
+    },
+    "rule": {
+      "category": "unscanned",
+      "ruleset": "policy"
+    },
+    "source": {
+      "address": "1.2.3.4",
+      "bytes": 18800,
+      "ip": "1.2.3.4",
+      "nat": {
+        "ip": "1.0.5.8"
+      },
+      "packets": 30,
+      "port": 50000,
+      "user": {
+        "name": "[email protected]"
+      }
+    },
+    "user": {
+      "name": "[email protected]"
+    }
   }
 }
diff --git a/Fortinet/fortigate/tests/tunnel.json b/Fortinet/fortigate/tests/tunnel.json
@@ -37,6 +37,9 @@
         "virtual_domain": "IPSEC"
       }
     },
+    "group": {
+      "name": "GRP_Generic_JAIL_VPN"
+    },
     "log": {
       "description": "SSL VPN statistics",
       "hostname": "abc",