Skip to content

Commit 3725440

Browse files
JulienOrainJulienOrain
committed
add tests
1 parent 58d7975 commit 3725440

2 files changed

Lines changed: 76 additions & 0 deletions

File tree

packages/azure/data_stream/firewall_logs/_dev/test/pipeline/test-threatintel-raw.log

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
{"category":"AZFWThreatIntel","properties":{"Action":"Deny","DestinationIp":"175.16.199.1","DestinationPort":443,"Fqdn":"","IsTlsInspected":false,"Protocol":"TCP","SourceIp":"192.168.0.2","SourcePort":51890,"ThreatDescription":"Destination reported by Threat Intelligence","Url":""},"resourceId":"/SUBSCRIPTIONS/23103928-B2CF-472A-8CDB-0146E2849129/RESOURCEGROUPS/TEST-FW-RG/PROVIDERS/MICROSOFT.NETWORK/AZUREFIREWALLS/TEST-FW01","time":"2025-05-16T07:34:42.525499+00:00"}

packages/azure/data_stream/firewall_logs/_dev/test/pipeline/test-threatintel-raw.log-expected.json

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
{
2+
"expected": [
3+
{
4+
"@timestamp": "2025-05-16T07:34:42.525Z",
5+
"azure": {
6+
"firewall": {
7+
"category": "AZFWThreatIntel",
8+
"is_tls_inspected": false
9+
},
10+
"resource": {
11+
"group": "TEST-FW-RG",
12+
"id": "/SUBSCRIPTIONS/23103928-B2CF-472A-8CDB-0146E2849129/RESOURCEGROUPS/TEST-FW-RG/PROVIDERS/MICROSOFT.NETWORK/AZUREFIREWALLS/TEST-FW01",
13+
"name": "TEST-FW01",
14+
"provider": "MICROSOFT.NETWORK/AZUREFIREWALLS"
15+
},
16+
"subscription_id": "23103928-B2CF-472A-8CDB-0146E2849129"
17+
},
18+
"cloud": {
19+
"account": {
20+
"id": "23103928-B2CF-472A-8CDB-0146E2849129"
21+
},
22+
"provider": "azure"
23+
},
24+
"destination": {
25+
"geo": {
26+
"city_name": "Changchun",
27+
"continent_name": "Asia",
28+
"country_iso_code": "CN",
29+
"country_name": "China",
30+
"location": {
31+
"lat": 43.88,
32+
"lon": 125.3228
33+
},
34+
"region_iso_code": "CN-22",
35+
"region_name": "Jilin Sheng"
36+
},
37+
"ip": "175.16.199.1",
38+
"port": 443
39+
},
40+
"ecs": {
41+
"version": "8.11.0"
42+
},
43+
"event": {
44+
"action": "Deny",
45+
"category": [
46+
"network"
47+
],
48+
"kind": "event",
49+
"original": "{\"category\":\"AZFWThreatIntel\",\"properties\":{\"Action\":\"Deny\",\"DestinationIp\":\"175.16.199.1\",\"DestinationPort\":443,\"Fqdn\":\"\",\"IsTlsInspected\":false,\"Protocol\":\"TCP\",\"SourceIp\":\"192.168.0.2\",\"SourcePort\":51890,\"ThreatDescription\":\"Destination reported by Threat Intelligence\",\"Url\":\"\"},\"resourceId\":\"/SUBSCRIPTIONS/23103928-B2CF-472A-8CDB-0146E2849129/RESOURCEGROUPS/TEST-FW-RG/PROVIDERS/MICROSOFT.NETWORK/AZUREFIREWALLS/TEST-FW01\",\"time\":\"2025-05-16T07:34:42.525499+00:00\"}",
50+
"type": [
51+
"connection"
52+
]
53+
},
54+
"observer": {
55+
"name": "TEST-FW01",
56+
"product": "Network Firewall",
57+
"type": "firewall",
58+
"vendor": "Azure"
59+
},
60+
"related": {
61+
"ip": [
62+
"192.168.0.2",
63+
"175.16.199.1"
64+
]
65+
},
66+
"source": {
67+
"ip": "192.168.0.2",
68+
"port": 51890
69+
},
70+
"tags": [
71+
"preserve_original_event"
72+
]
73+
}
74+
]
75+
}

0 commit comments

Comments
 (0)