Skip to content

[wiz] Initial Release for Wiz #7839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Oct 3, 2023
Merged

[wiz] Initial Release for Wiz #7839

merged 5 commits into from
Oct 3, 2023

Conversation

mohitjha-elastic
Copy link
Collaborator

What does this PR do?

  • Generated the skeleton of the Wiz integration package.
  • Added data stream.
  • Added data collection logic for the data stream.
  • Added the ingest pipeline for the data stream.
  • Mapped fields according to the ECS schema and added Fields metadata in the appropriate yml files.
  • Added test for pipeline for the data stream.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target is documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to: ^8.8.0

New Package

  • Screenshot of the "Add Integration" page on Fleet added

Log dataset changes

  • Pipeline tests exist (if applicable)
  • Generated output for at least 1 log file exists
  • Sample event (sample_event.json) exists

How to test this PR locally

  • Clone integrations repo.
  • Install elastic package locally.
  • Start elastic stack using elastic-package.
  • Move to integrations/packages/wiz directory.
  • Run the following command to run tests.

elastic-package test

Automated Test

elastic-package test -v
2023/09/15 15:39:24 DEBUG Enable verbose logging
2023/09/15 15:39:24  INFO New version is available - v0.87.0. Download from: https://github.com/elastic/elastic-package/releases/tag/v0.87.0
Run test suite for the package
Run system tests for the package
2023/09/15 15:39:24 DEBUG Running system tests for data stream
2023/09/15 15:39:24 DEBUG running test with configuration 'default'
2023/09/15 15:39:24 DEBUG setting up service...
2023/09/15 15:39:24 DEBUG setting up service using Docker Compose service deployer
2023/09/15 15:39:24 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:39:25 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:39:25 DEBUG output command: /usr/bin/docker network inspect elastic-package-stack_default
2023/09/15 15:39:25 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service up --build -d
Creating network "elastic-package-service_default" with the default driver
Pulling wiz-audit (docker.elastic.co/observability/stream:v0.10.0)...
v0.10.0: Pulling from observability/stream
2339bf019f39: Pull complete
95b0bf42c1e3: Pull complete
2e60ff250141: Pull complete
Creating elastic-package-service_wiz-audit_1         ... done
Creating elastic-package-service_wiz-vulnerability_1 ... done
Creating elastic-package-service_wiz-issue_1         ... done
2023/09/15 15:39:37 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service ps -q
2023/09/15 15:39:38 DEBUG Wait for healthy containers: 7bee07ea1b311501ff4c2e890b8cd6a3d5737087baa011dd72b310a1e401cea7,8c9f9df51cdfba5054447e63e117d4aa34795678fd8cad71a4ec598b1e234c9e,3a941901708dd333588e17022d95b040e9bae35a9eca492e417ab9b3f97d297a
2023/09/15 15:39:38 DEBUG output command: /usr/bin/docker inspect 7bee07ea1b311501ff4c2e890b8cd6a3d5737087baa011dd72b310a1e401cea7 8c9f9df51cdfba5054447e63e117d4aa34795678fd8cad71a4ec598b1e234c9e 3a941901708dd333588e17022d95b040e9bae35a9eca492e417ab9b3f97d297a
2023/09/15 15:39:38 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"9cb0519240182cec64495fe49a5051a02c46c09f6cf0eb68223ce966ddc067c0","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-audit","com.docker.compose.version":"1.23.2"}},"ID":"7bee07ea1b311501ff4c2e890b8cd6a3d5737087baa011dd72b310a1e401cea7","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:39:38 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"50d929901ea5fb3bdff12581057738ff03d748f60d264744cea1a5d386f1bce4","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-issue","com.docker.compose.version":"1.23.2"}},"ID":"8c9f9df51cdfba5054447e63e117d4aa34795678fd8cad71a4ec598b1e234c9e","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:39:38 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"b10498dabd03b7cc0ec403b52c22f8bfe5e1aae4845e963bf5c01a7fe4f571e6","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-vulnerability","com.docker.compose.version":"1.23.2"}},"ID":"3a941901708dd333588e17022d95b040e9bae35a9eca492e417ab9b3f97d297a","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:39:38 DEBUG run command: /usr/bin/docker network connect elastic-package-stack_default elastic-package-service_wiz-audit_1
2023/09/15 15:39:38 DEBUG adding service container elastic-package-service_wiz-audit_1 internal ports to context
2023/09/15 15:39:38 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service config
2023/09/15 15:39:39 DEBUG Installing package...
2023/09/15 15:39:39 DEBUG GET https://127.0.0.1:5601/api/status
2023/09/15 15:39:39 DEBUG Build directory: /root/integration/integrations/build/packages/wiz/0.1.0
2023/09/15 15:39:39 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/wiz/0.1.0)
2023/09/15 15:39:39 DEBUG Copy package content (source: /root/integration/integrations/packages/wiz)
2023/09/15 15:39:39 DEBUG Copy license file if needed
2023/09/15 15:39:39  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/09/15 15:39:39 DEBUG Encode dashboards
2023/09/15 15:39:39 DEBUG Resolve external fields
2023/09/15 15:39:39 DEBUG Package has external dependencies defined
2023/09/15 15:39:39 DEBUG data_stream/audit/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/audit/fields/beats.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/audit/fields/fields.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/issue/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/issue/fields/beats.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/issue/fields/fields.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/vulnerability/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/vulnerability/fields/beats.yml: source file hasn't been changed
2023/09/15 15:39:39 DEBUG data_stream/vulnerability/fields/fields.yml: source file hasn't been changed
2023/09/15 15:39:39  INFO Import ECS mappings into the built package (technical preview)
2023/09/15 15:39:39 DEBUG Build zipped package
2023/09/15 15:39:39 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/wiz-0.1.0.zip)
2023/09/15 15:39:39 DEBUG Create work directory for archiving: /tmp/elastic-package-750047086/wiz-0.1.0
2023/09/15 15:39:39 DEBUG Skip validation of the built .zip package
2023/09/15 15:39:39 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/09/15 15:39:40 DEBUG creating test policy...
2023/09/15 15:39:40 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies
2023/09/15 15:39:45 DEBUG adding package data stream to test policy...
2023/09/15 15:39:45 DEBUG POST https://127.0.0.1:5601/api/fleet/package_policies
2023/09/15 15:39:48 DEBUG deleting old data in data stream...
2023/09/15 15:39:48 DEBUG found 0 hits in logs-wiz.audit-ep data stream: index_not_found_exception: no such index [logs-wiz.audit-ep] Status=404
2023/09/15 15:39:48 DEBUG GET https://127.0.0.1:5601/api/fleet/agents
2023/09/15 15:39:49 DEBUG filter agents using criteria: NamePrefix=docker-fleet-agent
2023/09/15 15:39:49 DEBUG found 1 enrolled agent(s)
2023/09/15 15:39:49 DEBUG GET https://127.0.0.1:5601/api/fleet/agent_policies/fc1f0e60-53af-11ee-a280-558371a3cb72
2023/09/15 15:39:49 DEBUG assigning package data stream to agent...
2023/09/15 15:39:49 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66/reassign
2023/09/15 15:39:51 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:39:51 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"fc1f0e60-53af-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:39:51 DEBUG Wait until the policy (ID: fc1f0e60-53af-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:39:53 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:39:53 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"fc1f0e60-53af-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:39:53 DEBUG Wait until the policy (ID: fc1f0e60-53af-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:39:55 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:39:55 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"fc1f0e60-53af-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:39:55 DEBUG Wait until the policy (ID: fc1f0e60-53af-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:39:57 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:39:58 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"fc1f0e60-53af-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:39:58 DEBUG Wait until the policy (ID: fc1f0e60-53af-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:39:59 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:39:59 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"fc1f0e60-53af-11ee-a280-558371a3cb72","policy_revision":2,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:39:59 DEBUG Policy revision assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:39:59 DEBUG checking for expected data in data stream...
2023/09/15 15:39:59 DEBUG found 0 hits in logs-wiz.audit-ep data stream: index_not_found_exception: no such index [logs-wiz.audit-ep] Status=404
2023/09/15 15:40:00 DEBUG found 0 hits in logs-wiz.audit-ep data stream: index_not_found_exception: no such index [logs-wiz.audit-ep] Status=404
2023/09/15 15:40:01 DEBUG found 0 hits in logs-wiz.audit-ep data stream: index_not_found_exception: no such index [logs-wiz.audit-ep] Status=404
2023/09/15 15:40:02 DEBUG found 0 hits in logs-wiz.audit-ep data stream: index_not_found_exception: no such index [logs-wiz.audit-ep] Status=404
2023/09/15 15:40:03 DEBUG found 0 hits in logs-wiz.audit-ep data stream: index_not_found_exception: no such index [logs-wiz.audit-ep] Status=404
2023/09/15 15:40:04 DEBUG found 0 hits in logs-wiz.audit-ep data stream
2023/09/15 15:40:05 DEBUG found 1 hits in logs-wiz.audit-ep data stream
2023/09/15 15:40:09 DEBUG found 1 hits in logs-wiz.audit-ep data stream
2023/09/15 15:40:09 DEBUG check whether or not synthetics is enabled (component template logs-wiz.audit@package)...
2023/09/15 15:40:10 DEBUG data stream logs-wiz.audit-ep has synthetics enabled: false
2023/09/15 15:40:10 DEBUG assert hit count expected 1, observed 1
2023/09/15 15:40:10 DEBUG reassigning original policy back to agent...
2023/09/15 15:40:10 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66/reassign
2023/09/15 15:40:10 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:11 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:11 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:12 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:13 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:13 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:14 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:15 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:15 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:16 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:17 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:17 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:18 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:19 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","policy_revision":3,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:19 DEBUG Policy revision assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:19 DEBUG deleting test policy...
2023/09/15 15:40:19 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies/delete
2023/09/15 15:40:22 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/wiz-0.1.0
2023/09/15 15:40:24 DEBUG tearing down service...
2023/09/15 15:40:24 DEBUG tearing down service using Docker Compose runner
2023/09/15 15:40:24 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:25 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:25 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service logs
2023/09/15 15:40:25  INFO Write container logs to file: /root/integration/integrations/build/container-logs/wiz-audit-1694772625988466318.log
2023/09/15 15:40:25 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service down --volumes
Stopping elastic-package-service_wiz-issue_1         ... done
Stopping elastic-package-service_wiz-audit_1         ... done
Stopping elastic-package-service_wiz-vulnerability_1 ... done
Removing elastic-package-service_wiz-issue_1         ... done
Removing elastic-package-service_wiz-audit_1         ... done
Removing elastic-package-service_wiz-vulnerability_1 ... done
Removing network elastic-package-service_default
2023/09/15 15:40:27 DEBUG deleting data in data stream...
2023/09/15 15:40:27 DEBUG Dump Elastic stack data
2023/09/15 15:40:27 DEBUG Dump stack logs (location: /tmp/test-system-4160530835)
2023/09/15 15:40:27 DEBUG Dump stack logs for elasticsearch
2023/09/15 15:40:27 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:27 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:27 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elasticsearch
2023/09/15 15:40:28 DEBUG Dump stack logs for elastic-agent
2023/09/15 15:40:28 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:28 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:28 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elastic-agent
2023/09/15 15:40:29 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:30 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:30 DEBUG run command: /usr/bin/docker cp elastic-package-stack_elastic-agent_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-4160530835/logs/elastic-agent-internal
2023/09/15 15:40:30 DEBUG Dump stack logs for fleet-server
2023/09/15 15:40:30 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:30 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:30 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs fleet-server
2023/09/15 15:40:31 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:31 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:31 DEBUG run command: /usr/bin/docker cp elastic-package-stack_fleet-server_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-4160530835/logs/fleet-server-internal
2023/09/15 15:40:31 DEBUG Dump stack logs for kibana
2023/09/15 15:40:31 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:32 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:32 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs kibana
2023/09/15 15:40:32 DEBUG Dump stack logs for package-registry
2023/09/15 15:40:32 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:33 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:33 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs package-registry
2023/09/15 15:40:34 DEBUG skipped malformed docker-compose log line: Attaching to elastic-package-stack_elastic-agent_1
2023/09/15 15:40:34 DEBUG Running system tests for data stream
2023/09/15 15:40:34 DEBUG running test with configuration 'default'
2023/09/15 15:40:34 DEBUG setting up service...
2023/09/15 15:40:34 DEBUG setting up service using Docker Compose service deployer
2023/09/15 15:40:34 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:40:34 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:40:34 DEBUG output command: /usr/bin/docker network inspect elastic-package-stack_default
2023/09/15 15:40:34 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service up --build -d
Creating network "elastic-package-service_default" with the default driver
Creating elastic-package-service_wiz-audit_1         ... done
Creating elastic-package-service_wiz-vulnerability_1 ... done
Creating elastic-package-service_wiz-issue_1         ... done
2023/09/15 15:40:36 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service ps -q
2023/09/15 15:40:36 DEBUG Wait for healthy containers: a436593276cc0c2ee3f10068c3e89f493b6a11c26b3165afb4380d8c623597c6,bca2d4e31def035318ffac78c0094310c31f6ccca422fbab7634dbda2c5d9fcc,daa9a796b518ca40082ec04c6e1afad628f01af99fa50dd5b4b4e7dd1a8e9230
2023/09/15 15:40:36 DEBUG output command: /usr/bin/docker inspect a436593276cc0c2ee3f10068c3e89f493b6a11c26b3165afb4380d8c623597c6 bca2d4e31def035318ffac78c0094310c31f6ccca422fbab7634dbda2c5d9fcc daa9a796b518ca40082ec04c6e1afad628f01af99fa50dd5b4b4e7dd1a8e9230
2023/09/15 15:40:36 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"9cb0519240182cec64495fe49a5051a02c46c09f6cf0eb68223ce966ddc067c0","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-audit","com.docker.compose.version":"1.23.2"}},"ID":"a436593276cc0c2ee3f10068c3e89f493b6a11c26b3165afb4380d8c623597c6","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:40:36 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"50d929901ea5fb3bdff12581057738ff03d748f60d264744cea1a5d386f1bce4","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-issue","com.docker.compose.version":"1.23.2"}},"ID":"bca2d4e31def035318ffac78c0094310c31f6ccca422fbab7634dbda2c5d9fcc","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:40:36 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"b10498dabd03b7cc0ec403b52c22f8bfe5e1aae4845e963bf5c01a7fe4f571e6","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-vulnerability","com.docker.compose.version":"1.23.2"}},"ID":"daa9a796b518ca40082ec04c6e1afad628f01af99fa50dd5b4b4e7dd1a8e9230","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:40:36 DEBUG run command: /usr/bin/docker network connect elastic-package-stack_default elastic-package-service_wiz-issue_1
2023/09/15 15:40:36 DEBUG adding service container elastic-package-service_wiz-issue_1 internal ports to context
2023/09/15 15:40:36 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service config
2023/09/15 15:40:37 DEBUG Installing package...
2023/09/15 15:40:37 DEBUG GET https://127.0.0.1:5601/api/status
2023/09/15 15:40:37 DEBUG Build directory: /root/integration/integrations/build/packages/wiz/0.1.0
2023/09/15 15:40:37 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/wiz/0.1.0)
2023/09/15 15:40:37 DEBUG Copy package content (source: /root/integration/integrations/packages/wiz)
2023/09/15 15:40:37 DEBUG Copy license file if needed
2023/09/15 15:40:37  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/09/15 15:40:37 DEBUG Encode dashboards
2023/09/15 15:40:37 DEBUG Resolve external fields
2023/09/15 15:40:37 DEBUG Package has external dependencies defined
2023/09/15 15:40:37 DEBUG data_stream/audit/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/audit/fields/beats.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/audit/fields/fields.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/issue/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/issue/fields/beats.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/issue/fields/fields.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/vulnerability/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/vulnerability/fields/beats.yml: source file hasn't been changed
2023/09/15 15:40:37 DEBUG data_stream/vulnerability/fields/fields.yml: source file hasn't been changed
2023/09/15 15:40:37  INFO Import ECS mappings into the built package (technical preview)
2023/09/15 15:40:37 DEBUG Build zipped package
2023/09/15 15:40:37 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/wiz-0.1.0.zip)
2023/09/15 15:40:37 DEBUG Create work directory for archiving: /tmp/elastic-package-1329267868/wiz-0.1.0
2023/09/15 15:40:37 DEBUG Skip validation of the built .zip package
2023/09/15 15:40:37 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/09/15 15:40:39 DEBUG creating test policy...
2023/09/15 15:40:39 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies
2023/09/15 15:40:43 DEBUG adding package data stream to test policy...
2023/09/15 15:40:43 DEBUG POST https://127.0.0.1:5601/api/fleet/package_policies
2023/09/15 15:40:46 DEBUG deleting old data in data stream...
2023/09/15 15:40:46 DEBUG found 0 hits in logs-wiz.issue-ep data stream: index_not_found_exception: no such index [logs-wiz.issue-ep] Status=404
2023/09/15 15:40:46 DEBUG GET https://127.0.0.1:5601/api/fleet/agents
2023/09/15 15:40:47 DEBUG filter agents using criteria: NamePrefix=docker-fleet-agent
2023/09/15 15:40:47 DEBUG found 1 enrolled agent(s)
2023/09/15 15:40:47 DEBUG GET https://127.0.0.1:5601/api/fleet/agent_policies/1ec52490-53b0-11ee-a280-558371a3cb72
2023/09/15 15:40:47 DEBUG assigning package data stream to agent...
2023/09/15 15:40:47 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66/reassign
2023/09/15 15:40:48 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:49 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"1ec52490-53b0-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:49 DEBUG Wait until the policy (ID: 1ec52490-53b0-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:50 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:51 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"1ec52490-53b0-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:51 DEBUG Wait until the policy (ID: 1ec52490-53b0-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:52 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:53 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"1ec52490-53b0-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:53 DEBUG Wait until the policy (ID: 1ec52490-53b0-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:54 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:40:55 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"1ec52490-53b0-11ee-a280-558371a3cb72","policy_revision":2,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:40:55 DEBUG Policy revision assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:40:55 DEBUG checking for expected data in data stream...
2023/09/15 15:40:55 DEBUG found 0 hits in logs-wiz.issue-ep data stream: index_not_found_exception: no such index [logs-wiz.issue-ep] Status=404
2023/09/15 15:40:56 DEBUG found 0 hits in logs-wiz.issue-ep data stream: index_not_found_exception: no such index [logs-wiz.issue-ep] Status=404
2023/09/15 15:40:57 DEBUG found 0 hits in logs-wiz.issue-ep data stream: index_not_found_exception: no such index [logs-wiz.issue-ep] Status=404
2023/09/15 15:40:58 DEBUG found 0 hits in logs-wiz.issue-ep data stream: index_not_found_exception: no such index [logs-wiz.issue-ep] Status=404
2023/09/15 15:40:59 DEBUG found 0 hits in logs-wiz.issue-ep data stream: index_not_found_exception: no such index [logs-wiz.issue-ep] Status=404
2023/09/15 15:41:00 DEBUG found 0 hits in logs-wiz.issue-ep data stream
2023/09/15 15:41:01 DEBUG found 1 hits in logs-wiz.issue-ep data stream
2023/09/15 15:41:05 DEBUG found 1 hits in logs-wiz.issue-ep data stream
2023/09/15 15:41:05 DEBUG check whether or not synthetics is enabled (component template logs-wiz.issue@package)...
2023/09/15 15:41:05 DEBUG data stream logs-wiz.issue-ep has synthetics enabled: false
2023/09/15 15:41:05 DEBUG assert hit count expected 1, observed 1
2023/09/15 15:41:05 DEBUG reassigning original policy back to agent...
2023/09/15 15:41:05 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66/reassign
2023/09/15 15:41:06 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:07 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:07 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:08 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:09 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:09 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:10 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:11 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:11 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:12 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:13 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","policy_revision":3,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:13 DEBUG Policy revision assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:13 DEBUG deleting test policy...
2023/09/15 15:41:13 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies/delete
2023/09/15 15:41:16 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/wiz-0.1.0
2023/09/15 15:41:18 DEBUG tearing down service...
2023/09/15 15:41:18 DEBUG tearing down service using Docker Compose runner
2023/09/15 15:41:18 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:18 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:18 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service logs
2023/09/15 15:41:19  INFO Write container logs to file: /root/integration/integrations/build/container-logs/wiz-issue-1694772679248687680.log
2023/09/15 15:41:19 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service down --volumes
Stopping elastic-package-service_wiz-issue_1         ... done
Stopping elastic-package-service_wiz-audit_1         ... done
Stopping elastic-package-service_wiz-vulnerability_1 ... done
Removing elastic-package-service_wiz-issue_1         ... done
Removing elastic-package-service_wiz-audit_1         ... done
Removing elastic-package-service_wiz-vulnerability_1 ... done
Removing network elastic-package-service_default
2023/09/15 15:41:20 DEBUG deleting data in data stream...
2023/09/15 15:41:20 DEBUG Dump Elastic stack data
2023/09/15 15:41:20 DEBUG Dump stack logs (location: /tmp/test-system-1054151260)
2023/09/15 15:41:20 DEBUG Dump stack logs for elasticsearch
2023/09/15 15:41:20 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:20 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:20 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elasticsearch
2023/09/15 15:41:21 DEBUG Dump stack logs for elastic-agent
2023/09/15 15:41:21 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:22 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:22 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elastic-agent
2023/09/15 15:41:22 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:23 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:23 DEBUG run command: /usr/bin/docker cp elastic-package-stack_elastic-agent_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-1054151260/logs/elastic-agent-internal
2023/09/15 15:41:23 DEBUG Dump stack logs for fleet-server
2023/09/15 15:41:23 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:23 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:23 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs fleet-server
2023/09/15 15:41:24 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:24 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:24 DEBUG run command: /usr/bin/docker cp elastic-package-stack_fleet-server_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-1054151260/logs/fleet-server-internal
2023/09/15 15:41:25 DEBUG Dump stack logs for kibana
2023/09/15 15:41:25 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:25 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:25 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs kibana
2023/09/15 15:41:26 DEBUG Dump stack logs for package-registry
2023/09/15 15:41:26 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:26 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:26 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs package-registry
2023/09/15 15:41:27 DEBUG skipped malformed docker-compose log line: Attaching to elastic-package-stack_elastic-agent_1
2023/09/15 15:41:27 DEBUG Running system tests for data stream
2023/09/15 15:41:27 DEBUG running test with configuration 'default'
2023/09/15 15:41:27 DEBUG setting up service...
2023/09/15 15:41:27 DEBUG setting up service using Docker Compose service deployer
2023/09/15 15:41:27 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:41:27 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:41:27 DEBUG output command: /usr/bin/docker network inspect elastic-package-stack_default
2023/09/15 15:41:27 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service up --build -d
Creating network "elastic-package-service_default" with the default driver
Creating elastic-package-service_wiz-audit_1         ... done
Creating elastic-package-service_wiz-issue_1         ... done
Creating elastic-package-service_wiz-vulnerability_1 ... done
2023/09/15 15:41:29 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service ps -q
2023/09/15 15:41:29 DEBUG Wait for healthy containers: b509ce01061e94aa43d566a3a6061e2891a073f145e3097794af60b86fe61f80,dc9fa998d8871150705cb2a506e8676ea2e589c94001405295f9214e6ac82470,2b50396c841bb030859e8108b240b05f2ec09ae0a1796b6077308f2457db4276
2023/09/15 15:41:29 DEBUG output command: /usr/bin/docker inspect b509ce01061e94aa43d566a3a6061e2891a073f145e3097794af60b86fe61f80 dc9fa998d8871150705cb2a506e8676ea2e589c94001405295f9214e6ac82470 2b50396c841bb030859e8108b240b05f2ec09ae0a1796b6077308f2457db4276
2023/09/15 15:41:29 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"9cb0519240182cec64495fe49a5051a02c46c09f6cf0eb68223ce966ddc067c0","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-audit","com.docker.compose.version":"1.23.2"}},"ID":"b509ce01061e94aa43d566a3a6061e2891a073f145e3097794af60b86fe61f80","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:41:29 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"50d929901ea5fb3bdff12581057738ff03d748f60d264744cea1a5d386f1bce4","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-issue","com.docker.compose.version":"1.23.2"}},"ID":"dc9fa998d8871150705cb2a506e8676ea2e589c94001405295f9214e6ac82470","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:41:29 DEBUG Container status: {"Config":{"Image":"docker.elastic.co/observability/stream:v0.10.0","Labels":{"BRANCH_NAME":"v0.10.0","GIT_SHA":"2a076c9b1acdf1c35b5f5c2f8c23904c7c2c441a","GO_VERSION":"1.19.5","TIMESTAMP":"2023-01-30_11:29","com.docker.compose.config-hash":"b10498dabd03b7cc0ec403b52c22f8bfe5e1aae4845e963bf5c01a7fe4f571e6","com.docker.compose.container-number":"1","com.docker.compose.oneoff":"False","com.docker.compose.project":"elastic-package-service","com.docker.compose.service":"wiz-vulnerability","com.docker.compose.version":"1.23.2"}},"ID":"2b50396c841bb030859e8108b240b05f2ec09ae0a1796b6077308f2457db4276","State":{"Status":"running","ExitCode":0,"Health":null}}
2023/09/15 15:41:29 DEBUG run command: /usr/bin/docker network connect elastic-package-stack_default elastic-package-service_wiz-vulnerability_1
2023/09/15 15:41:29 DEBUG adding service container elastic-package-service_wiz-vulnerability_1 internal ports to context
2023/09/15 15:41:29 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service config
2023/09/15 15:41:30 DEBUG Installing package...
2023/09/15 15:41:30 DEBUG GET https://127.0.0.1:5601/api/status
2023/09/15 15:41:30 DEBUG Build directory: /root/integration/integrations/build/packages/wiz/0.1.0
2023/09/15 15:41:30 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/wiz/0.1.0)
2023/09/15 15:41:30 DEBUG Copy package content (source: /root/integration/integrations/packages/wiz)
2023/09/15 15:41:30 DEBUG Copy license file if needed
2023/09/15 15:41:30  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/09/15 15:41:30 DEBUG Encode dashboards
2023/09/15 15:41:30 DEBUG Resolve external fields
2023/09/15 15:41:30 DEBUG Package has external dependencies defined
2023/09/15 15:41:30 DEBUG data_stream/audit/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/audit/fields/beats.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/audit/fields/fields.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/issue/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/issue/fields/beats.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/issue/fields/fields.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/vulnerability/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/vulnerability/fields/beats.yml: source file hasn't been changed
2023/09/15 15:41:30 DEBUG data_stream/vulnerability/fields/fields.yml: source file hasn't been changed
2023/09/15 15:41:30  INFO Import ECS mappings into the built package (technical preview)
2023/09/15 15:41:30 DEBUG Build zipped package
2023/09/15 15:41:30 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/wiz-0.1.0.zip)
2023/09/15 15:41:30 DEBUG Create work directory for archiving: /tmp/elastic-package-3979473631/wiz-0.1.0
2023/09/15 15:41:30 DEBUG Skip validation of the built .zip package
2023/09/15 15:41:30 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/09/15 15:41:32 DEBUG creating test policy...
2023/09/15 15:41:32 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies
2023/09/15 15:41:36 DEBUG adding package data stream to test policy...
2023/09/15 15:41:36 DEBUG POST https://127.0.0.1:5601/api/fleet/package_policies
2023/09/15 15:41:38 DEBUG deleting old data in data stream...
2023/09/15 15:41:38 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream: index_not_found_exception: no such index [logs-wiz.vulnerability-ep] Status=404
2023/09/15 15:41:38 DEBUG GET https://127.0.0.1:5601/api/fleet/agents
2023/09/15 15:41:39 DEBUG filter agents using criteria: NamePrefix=docker-fleet-agent
2023/09/15 15:41:39 DEBUG found 1 enrolled agent(s)
2023/09/15 15:41:39 DEBUG GET https://127.0.0.1:5601/api/fleet/agent_policies/3e6dd940-53b0-11ee-a280-558371a3cb72
2023/09/15 15:41:39 DEBUG assigning package data stream to agent...
2023/09/15 15:41:39 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66/reassign
2023/09/15 15:41:40 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:41 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"3e6dd940-53b0-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:41 DEBUG Wait until the policy (ID: 3e6dd940-53b0-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:42 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:43 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"3e6dd940-53b0-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:43 DEBUG Wait until the policy (ID: 3e6dd940-53b0-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:44 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:45 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"3e6dd940-53b0-11ee-a280-558371a3cb72","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:45 DEBUG Wait until the policy (ID: 3e6dd940-53b0-11ee-a280-558371a3cb72, revision: 2) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:46 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:47 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"3e6dd940-53b0-11ee-a280-558371a3cb72","policy_revision":2,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:47 DEBUG Policy revision assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:41:47 DEBUG checking for expected data in data stream...
2023/09/15 15:41:47 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream: index_not_found_exception: no such index [logs-wiz.vulnerability-ep] Status=404
2023/09/15 15:41:48 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream: index_not_found_exception: no such index [logs-wiz.vulnerability-ep] Status=404
2023/09/15 15:41:49 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream: index_not_found_exception: no such index [logs-wiz.vulnerability-ep] Status=404
2023/09/15 15:41:50 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream: index_not_found_exception: no such index [logs-wiz.vulnerability-ep] Status=404
2023/09/15 15:41:51 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream: index_not_found_exception: no such index [logs-wiz.vulnerability-ep] Status=404
2023/09/15 15:41:52 DEBUG found 0 hits in logs-wiz.vulnerability-ep data stream
2023/09/15 15:41:53 DEBUG found 1 hits in logs-wiz.vulnerability-ep data stream
2023/09/15 15:41:57 DEBUG found 1 hits in logs-wiz.vulnerability-ep data stream
2023/09/15 15:41:57 DEBUG check whether or not synthetics is enabled (component template logs-wiz.vulnerability@package)...
2023/09/15 15:41:57 DEBUG data stream logs-wiz.vulnerability-ep has synthetics enabled: false
2023/09/15 15:41:57 DEBUG assert hit count expected 1, observed 1
2023/09/15 15:41:57 DEBUG reassigning original policy back to agent...
2023/09/15 15:41:57 DEBUG PUT https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66/reassign
2023/09/15 15:41:59 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:41:59 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:41:59 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:42:01 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:42:01 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:42:01 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:42:03 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:42:03 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:42:03 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:42:05 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:42:05 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:42:05 DEBUG Wait until the policy (ID: elastic-agent-managed-ep, revision: 3) is assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:42:07 DEBUG GET https://127.0.0.1:5601/api/fleet/agents/a0ba1e1e-137f-48f5-81a4-2fb011d44a66
2023/09/15 15:42:07 DEBUG Agent data: {"id":"a0ba1e1e-137f-48f5-81a4-2fb011d44a66","policy_id":"elastic-agent-managed-ep","policy_revision":3,"local_metadata":{"host":{"name":"docker-fleet-agent"}}}
2023/09/15 15:42:07 DEBUG Policy revision assigned to the agent (ID: a0ba1e1e-137f-48f5-81a4-2fb011d44a66)...
2023/09/15 15:42:07 DEBUG deleting test policy...
2023/09/15 15:42:07 DEBUG POST https://127.0.0.1:5601/api/fleet/agent_policies/delete
2023/09/15 15:42:09 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/wiz-0.1.0
2023/09/15 15:42:11 DEBUG tearing down service...
2023/09/15 15:42:11 DEBUG tearing down service using Docker Compose runner
2023/09/15 15:42:11 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:11 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:11 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service logs
2023/09/15 15:42:12  INFO Write container logs to file: /root/integration/integrations/build/container-logs/wiz-vulnerability-1694772732235539712.log
2023/09/15 15:42:12 DEBUG running command: /usr/local/bin/docker-compose -f /root/integration/integrations/packages/wiz/_dev/deploy/docker/docker-compose.yml -p elastic-package-service down --volumes
Stopping elastic-package-service_wiz-vulnerability_1 ... done
Stopping elastic-package-service_wiz-issue_1         ... done
Stopping elastic-package-service_wiz-audit_1         ... done
Removing elastic-package-service_wiz-vulnerability_1 ... done
Removing elastic-package-service_wiz-issue_1         ... done
Removing elastic-package-service_wiz-audit_1         ... done
Removing network elastic-package-service_default
2023/09/15 15:42:13 DEBUG deleting data in data stream...
2023/09/15 15:42:13 DEBUG Dump Elastic stack data
2023/09/15 15:42:13 DEBUG Dump stack logs (location: /tmp/test-system-2961718966)
2023/09/15 15:42:13 DEBUG Dump stack logs for elasticsearch
2023/09/15 15:42:13 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:13 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:13 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elasticsearch
2023/09/15 15:42:14 DEBUG Dump stack logs for elastic-agent
2023/09/15 15:42:14 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:15 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:15 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs elastic-agent
2023/09/15 15:42:15 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:16 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:16 DEBUG run command: /usr/bin/docker cp elastic-package-stack_elastic-agent_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-2961718966/logs/elastic-agent-internal
2023/09/15 15:42:16 DEBUG Dump stack logs for fleet-server
2023/09/15 15:42:16 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:16 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:16 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs fleet-server
2023/09/15 15:42:17 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:18 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:18 DEBUG run command: /usr/bin/docker cp elastic-package-stack_fleet-server_1:/usr/share/elastic-agent/state/data/logs/ /tmp/test-system-2961718966/logs/fleet-server-internal
2023/09/15 15:42:18 DEBUG Dump stack logs for kibana
2023/09/15 15:42:18 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:18 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:18 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs kibana
2023/09/15 15:42:19 DEBUG Dump stack logs for package-registry
2023/09/15 15:42:19 DEBUG running command: /usr/local/bin/docker-compose version --short
2023/09/15 15:42:19 DEBUG Determined Docker Compose version: 1.23.2, the tool will use Compose V1
2023/09/15 15:42:19 DEBUG running command: /usr/local/bin/docker-compose -f /root/.elastic-package/profiles/default/stack/snapshot.yml -p elastic-package-stack logs package-registry
2023/09/15 15:42:20 DEBUG skipped malformed docker-compose log line: Attaching to elastic-package-stack_elastic-agent_1
--- Test results for package: wiz - START ---
╭─────────┬───────────────┬───────────┬───────────┬────────┬───────────────╮
│ PACKAGE │ DATA STREAM   │ TEST TYPE │ TEST NAME │ RESULT │  TIME ELAPSED │
├─────────┼───────────────┼───────────┼───────────┼────────┼───────────────┤
│ wiz     │ audit         │ system    │ default   │ PASS   │ 45.507678138s │
│ wiz     │ issue         │ system    │ default   │ PASS   │  30.97361727s │
│ wiz     │ vulnerability │ system    │ default   │ PASS   │ 29.929750931s │
╰─────────┴───────────────┴───────────┴───────────┴────────┴───────────────╯
--- Test results for package: wiz - END   ---
Done
Run asset tests for the package
2023/09/15 15:42:20 DEBUG installing package...
2023/09/15 15:42:20 DEBUG GET https://127.0.0.1:5601/api/status
2023/09/15 15:42:20 DEBUG Build directory: /root/integration/integrations/build/packages/wiz/0.1.0
2023/09/15 15:42:20 DEBUG Clear target directory (path: /root/integration/integrations/build/packages/wiz/0.1.0)
2023/09/15 15:42:20 DEBUG Copy package content (source: /root/integration/integrations/packages/wiz)
2023/09/15 15:42:20 DEBUG Copy license file if needed
2023/09/15 15:42:20  INFO License text found in "/root/integration/integrations/LICENSE.txt" will be included in package
2023/09/15 15:42:20 DEBUG Encode dashboards
2023/09/15 15:42:20 DEBUG Resolve external fields
2023/09/15 15:42:20 DEBUG Package has external dependencies defined
2023/09/15 15:42:20 DEBUG data_stream/audit/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/audit/fields/beats.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/audit/fields/fields.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/issue/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/issue/fields/beats.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/issue/fields/fields.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/vulnerability/fields/base-fields.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/vulnerability/fields/beats.yml: source file hasn't been changed
2023/09/15 15:42:20 DEBUG data_stream/vulnerability/fields/fields.yml: source file hasn't been changed
2023/09/15 15:42:20  INFO Import ECS mappings into the built package (technical preview)
2023/09/15 15:42:20 DEBUG Build zipped package
2023/09/15 15:42:20 DEBUG Compress using archiver.Zip (destination: /root/integration/integrations/build/packages/wiz-0.1.0.zip)
2023/09/15 15:42:20 DEBUG Create work directory for archiving: /tmp/elastic-package-1493598552/wiz-0.1.0
2023/09/15 15:42:20 DEBUG Skip validation of the built .zip package
2023/09/15 15:42:20 DEBUG POST https://127.0.0.1:5601/api/fleet/epm/packages
2023/09/15 15:42:22 DEBUG removing package...
2023/09/15 15:42:22 DEBUG DELETE https://127.0.0.1:5601/api/fleet/epm/packages/wiz-0.1.0
--- Test results for package: wiz - START ---
╭─────────┬───────────────┬───────────┬────────────────────────────────────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM   │ TEST TYPE │ TEST NAME                                              │ RESULT │ TIME ELAPSED │
├─────────┼───────────────┼───────────┼────────────────────────────────────────────────────────┼────────┼──────────────┤
│ wiz     │ audit         │ asset     │ index_template logs-wiz.audit is loaded                │ PASS   │      1.201µs │
│ wiz     │ audit         │ asset     │ ingest_pipeline logs-wiz.audit-0.1.0 is loaded         │ PASS   │        158ns │
│ wiz     │ issue         │ asset     │ index_template logs-wiz.issue is loaded                │ PASS   │        167ns │
│ wiz     │ issue         │ asset     │ ingest_pipeline logs-wiz.issue-0.1.0 is loaded         │ PASS   │        123ns │
│ wiz     │ vulnerability │ asset     │ index_template logs-wiz.vulnerability is loaded        │ PASS   │        220ns │
│ wiz     │ vulnerability │ asset     │ ingest_pipeline logs-wiz.vulnerability-0.1.0 is loaded │ PASS   │        368ns │
╰─────────┴───────────────┴───────────┴────────────────────────────────────────────────────────┴────────┴──────────────╯
--- Test results for package: wiz - END   ---
Done
Run pipeline tests for the package
--- Test results for package: wiz - START ---
╭─────────┬───────────────┬───────────┬────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM   │ TEST TYPE │ TEST NAME              │ RESULT │ TIME ELAPSED │
├─────────┼───────────────┼───────────┼────────────────────────┼────────┼──────────────┤
│ wiz     │ audit         │ pipeline  │ test-audit.log         │ PASS   │   8.478727ms │
│ wiz     │ issue         │ pipeline  │ test-issue.log         │ PASS   │   4.440734ms │
│ wiz     │ vulnerability │ pipeline  │ test-vulnerability.log │ PASS   │   4.727321ms │
╰─────────┴───────────────┴───────────┴────────────────────────┴────────┴──────────────╯
--- Test results for package: wiz - END   ---
Done
Run static tests for the package
--- Test results for package: wiz - START ---
╭─────────┬───────────────┬───────────┬──────────────────────────┬────────┬──────────────╮
│ PACKAGE │ DATA STREAM   │ TEST TYPE │ TEST NAME                │ RESULT │ TIME ELAPSED │
├─────────┼───────────────┼───────────┼──────────────────────────┼────────┼──────────────┤
│ wiz     │ audit         │ static    │ Verify sample_event.json │ PASS   │ 124.295134ms │
│ wiz     │ issue         │ static    │ Verify sample_event.json │ PASS   │ 104.113108ms │
│ wiz     │ vulnerability │ static    │ Verify sample_event.json │ PASS   │ 129.554667ms │
╰─────────┴───────────────┴───────────┴──────────────────────────┴────────┴──────────────╯
--- Test results for package: wiz - END   ---
Done

Screenshot

wiz-ss1
wiz-ss2

@elasticmachine
Copy link

elasticmachine commented Sep 15, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-10-03T11:56:40.860+0000

  • Duration: 19 min 59 sec

Test stats 🧪

Test Results
Failed 0
Passed 15
Skipped 0
Total 15

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@piyush-elastic
Copy link
Contributor

/test

@jamiehynds jamiehynds requested a review from a team September 19, 2023 15:08
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added the New Integration Issue or pull request for creating a new integration package. label Sep 19, 2023
@efd6
Copy link
Contributor

efd6 commented Sep 20, 2023

/test

@elasticmachine
Copy link

elasticmachine commented Sep 20, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (3/3) 💚
Files 100.0% (3/3) 💚
Classes 100.0% (3/3) 💚
Methods 100.0% (39/39) 💚 24.242
Lines 93.987% (1141/1214) 👎 -6.013
Conditionals 100.0% (0/0) 💚

bhapas
bhapas reviewed Sep 20, 2023
View reviewed changes
efd6
efd6 reviewed Sep 20, 2023
View reviewed changes
packages/wiz/data_stream/audit/agent/stream/input.yml.hbs Outdated
initial_interval: {{initial_interval}}
want_more: false
batch_size: {{batch_size}}
query: "query AuditLogTable($first: Int $after: String $filterBy: AuditLogEntryFilters){ auditLogEntries(first: $first after: $after filterBy: $filterBy) { nodes { id action requestId status timestamp actionParameters userAgent sourceIP serviceAccount { id name } user { id name } } pageInfo { hasNextPage endCursor } } }"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to make this more readable? What is the format that is expected, must it all be on one line? If so suggest

Suggested change
query: "query AuditLogTable($first: Int $after: String $filterBy: AuditLogEntryFilters){ auditLogEntries(first: $first after: $after filterBy: $filterBy) { nodes { id action requestId status timestamp actionParameters userAgent sourceIP serviceAccount { id name } user { id name } } pageInfo { hasNextPage endCursor } } }"
query: >-
query AuditLogTable($first: Int $after: String $filterBy: AuditLogEntryFilters){
auditLogEntries(first: $first after: $after filterBy: $filterBy) {
nodes {
id
action
requestId
status
timestamp
actionParameters
userAgent
sourceIP
serviceAccount {
id
name
}
user {
id
name
}
}
pageInfo {
hasNextPage
endCursor
}
}
}

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it should be one line only otherwise it throws an error.

packages/wiz/data_stream/audit/agent/stream/input.yml.hbs Outdated
state.url + "/graphql",
"application/json",
'''{
"query": ''' + state.query.encode_json() + ''',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this being JSON encoded?

packages/wiz/data_stream/audit/agent/stream/input.yml.hbs Outdated
post_request(
state.url + "/graphql",
"application/json",
'''{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little confused about why this is being done. Can you not construct an object and JSON encode it below?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @efd6, we tried constructing an object and JSON encoding it below but that throws failed eval: failed to marshal value to JSON: json: unsupported type: map[ref.Val]ref.Val error so we found this workaround to use string concatenation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make a minimal reproducer for me? This should not happen.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be fixed in v8.9. Can you check that?

packages/wiz/data_stream/vulnerability/agent/stream/input.yml.hbs Outdated
initial_interval: {{initial_interval}}
want_more: false
batch_size: {{batch_size}}
query: "query VulnerabilityFindingsPage( $filterBy: VulnerabilityFindingFilters $first: Int $after: String $orderBy: VulnerabilityFindingOrder ) { vulnerabilityFindings( filterBy: $filterBy first: $first after: $after orderBy: $orderBy ) { nodes { id portalUrl name CVEDescription CVSSSeverity score exploitabilityScore impactScore dataSourceName hasExploit hasCisaKevExploit status vendorSeverity firstDetectedAt lastDetectedAt resolvedAt description remediation detailedName version fixedVersion detectionMethod link locationPath resolutionReason epssSeverity epssPercentile epssProbability validatedInRuntime layerMetadata{ id details isBaseLayer } projects { id name slug businessUnit riskProfile { businessImpact } } ignoreRules{ id name enabled expiredAt } vulnerableAsset { ... on VulnerableAssetBase { id type name region providerUniqueId cloudProviderURL cloudPlatform status subscriptionName subscriptionExternalId subscriptionId tags hasLimitedInternetExposure hasWideInternetExposure isAccessibleFromVPN isAccessibleFromOtherVnets isAccessibleFromOtherSubscriptions } ... on VulnerableAssetVirtualMachine { operatingSystem ipAddresses } ... on VulnerableAssetServerless { runtime } ... on VulnerableAssetContainerImage { imageId } ... on VulnerableAssetContainer { ImageExternalId VmExternalId ServerlessContainer PodNamespace PodName NodeName } } } pageInfo { hasNextPage endCursor } } }"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reformat.

packages/wiz/data_stream/vulnerability/agent/stream/input.yml.hbs Outdated
post_request(
state.url + "/graphql",
"application/json",
'''{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Query approach.

packages/wiz/data_stream/vulnerability/agent/stream/input.yml.hbs Outdated
{{#if processors}}
processors:
{{processors}}
{{/if}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Final new line.

packages/wiz/img/sample-screenshot.png Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it is leftover from the template.

packages/wiz/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml Outdated
- append:
field: error.message
value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}'
- date:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use set.

@efd6
Copy link
Contributor

efd6 commented Sep 28, 2023

/test

bhapas
bhapas reviewed Sep 28, 2023
View reviewed changes
packages/wiz/_dev/deploy/docker/files/config-audit.yml Outdated
@@ -20,4 +20,4 @@ rules:
Content-Type:
- application/json
body: |
{"data": {"auditLogEntries": {"nodes": [{"id": "8f7fa6bd-ce32-4f11-91b4-a0377438561e","action": " user Login","requestId": "8f7fa6bd-ce32-4f11-91b4-a0377438561e","status": "SUCCESS","timestamp": "2023-08-24T08:54:21.44203Z","actionParameters": {"clientID": "kr7ngoiolk3d9i8ravmuutlb6","groups": null,"name": "op-us","products": ["*"],"role": "","scopes": ["read:issues","read:reports","read:vulnerabilities","read:cloud_configuration","update:reports","create:reports"],"userEmail": "","userID": "mlipebtwsndhxdmnzdwrxzmiojxkszrh6qzfufevkpmdguxfv4cxg","userpoolID": "us-east-2_GQ3gwvxsQ"},"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36","sourceIP": null,"serviceAccount": {"id": "mlipebtwsndhxdmnzdwrxzmiojxkszrh6qzfufevkpmdguxfv4cxg","name": "op-us"},"user": null}],"pageInfo": {"hasNextPage": false,"endCursor": "eyJmaWVsZHMiOlt7IkZpZWxkIjoiVGltZXN0YW1wIiwiVmFsdWUiOiIyMDIzLTA5LTA0VDExOjE5OjM3LjgwMTU0MVoifV19"}}}}
{"data": {"auditLogEntries": {"nodes": [{"id": "8f7fa6bd-ce32-4f11-91b4-a0377438561e","action": " user Login","requestId": "8f7fa6bd-ce32-4f11-91b4-a0377438561e","status": "SUCCESS","timestamp": "2023-08-24T08:54:21.44203Z","actionParameters": {"clientID": "kr7ngoiolk3d9i8ravmuutlb6","groups": null,"name": "op-us","products": ["*"],"role": "","scopes": ["read:issues","read:reports","read:vulnerabilities","read:cloud_configuration","update:reports","create:reports"],"userEmail": "","userID": "mlipebtwsndhxdmnzdwrxzmiojxkszrh6qzfufevkpmdguxfv4cxg","userpoolID": "us-east-2_GQ3gwvxsQ"},"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36","sourceIP": null,"serviceAccount": {"id": "mlipebtwsndhxdmnzdwrxzmiojxkszrh6qzfufevkpmdguxfv4cxg","name": "op-us"},"user": null},{"id": "823b5f36-3c20-4e91-955c-9aaa486cdeab","action": "Login","requestId": "823b5f36-3c20-4e91-955c-9aaa486cdeab","status": "SUCCESS","timestamp": "2023-09-21T07:07:27.176978Z","actionParameters": {"clientID": "kr7ngoiolk3d9i8ravmuutlb6","groups": null,"name": "aembit","products": ["*"],"role": "","scopes": ["read:resources","read:reports","update:reports","create:reports"],"userEmail": "","userID": "mlipebtwsndhxdmnzdwrxzmiokcvchjpebavkufblyt6u3qowslxg","userpoolID": "us-east-2_GQ3gwvxsQ"},"userAgent": null,"sourceIP": null,"serviceAccount": {"id": "mlipebtwsndhxdmnzdwrxzmiokcvchjpebavkufblyt6u3qowslxg","name": "aembit"},"user": null},{"id": "aad8ab9c-f1bf-4a80-a1e1-13bc8769caf4","action": "Login","requestId": "aad8ab9c-f1bf-4a80-a1e1-13bc8769caf4","status": "SUCCESS","timestamp": "2023-09-21T07:07:21.105685Z","actionParameters": {"clientID": "kr7ngoiolk3d9i8ravmuutlb6","groups": null,"name": "elastic","products": ["*"],"role": "","scopes": ["read:issues","read:reports","read:vulnerabilities","update:reports","create:reports","admin:audit"],"userEmail": "","userID": "mlipebtwsndhxdmnzdwrxzmiolvzt6topjvv4nugzctcsyarazrhg","userpoolID": "us-east-2_GQ3gwvxsQ"},"userAgent": null,"sourceIP": null,"serviceAccount": {"id": "mlipebtwsndhxdmnzdwrxzmiolvzt6topjvv4nugzctcsyarazrhg","name": "elastic"},"user": null}],"pageInfo": {"hasNextPage": false,"endCursor": "eyJmaWVsZHMiOlt7IkZpZWxkIjoiVGltZXN0YW1wIiwiVmFsdWUiOiIyMDIzLTA5LTA0VDExOjE5OjM3LjgwMTU0MVoifV19"}}}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I am more interested in paginated responses is to have "hasNextPage": true and a new request that uses the endCursor so that the agent config behaves as expected with cursor information and pagination.

Applies to all data_streams

efd6
efd6 approved these changes Sep 28, 2023
View reviewed changes
Copy link
Contributor

@efd6 efd6 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM when #7839 (comment) is satisfied.

bhapas
bhapas approved these changes Oct 3, 2023
View reviewed changes
Copy link
Contributor

@bhapas bhapas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@P1llus P1llus merged commit 0b9c00e into elastic:main Oct 3, 2023
@elasticmachine
Copy link

Package wiz - 0.1.0 containing this change is available at https://epr.elastic.co/search?package=wiz

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efd6 efd6 efd6 approved these changes

@bhapas bhapas bhapas approved these changes

Assignees
No one assigned
Labels
Integration:wiz Wiz New Integration Issue or pull request for creating a new integration package.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@mohitjha-elastic @elasticmachine @piyush-elastic @efd6 @bhapas @andrewkroh @P1llus @jamiehynds