fix sigmahq tests

crowdsecurity · Dec 18, 2024 · 4d2d8fd · 4d2d8fd
1 parent 9a62b8e
commit 4d2d8fd
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 5 deletions.
diff --git a/.tests/lnx_auditd_auditing_config_change/scenario.assert b/.tests/lnx_auditd_auditing_config_change/scenario.assert
@@ -16,7 +16,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[0].GetMeta("dev") == "fc:01"
 results[0].Overflow.Alert.Events[0].GetMeta("inode") == "21889652"
 results[0].Overflow.Alert.Events[0].GetMeta("item") == "0"
-results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "path"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "auditd_path"
 results[0].Overflow.Alert.Events[0].GetMeta("mode") == "0100640"
 results[0].Overflow.Alert.Events[0].GetMeta("name") == "/etc/audit/audit.rules"
 results[0].Overflow.Alert.Events[0].GetMeta("nametype") == "NORMAL"

diff --git a/.tests/lnx_auditd_find_cred_in_files/scenario.assert b/.tests/lnx_auditd_find_cred_in_files/scenario.assert
@@ -9,7 +9,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("auditd_type") == "EXECVE"
 results[0].Overflow.Alert.Events[0].GetMeta("datasource_path") == "lnx_auditd_find_cred_in_files.log"
 results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[0].GetMeta("execve_full_str") == "grep --color=auto password /tmp/foo"
-results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "execve"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "auditd_execve"
 results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2024-12-17T16:23:56Z"
 results[0].Overflow.Alert.GetScenario() == "sigmahq/lnx_auditd_find_cred_in_files"
 results[0].Overflow.Alert.Remediation == false

diff --git a/.tests/lnx_auditd_ld_so_preload_mod/scenario.assert b/.tests/lnx_auditd_ld_so_preload_mod/scenario.assert
@@ -16,7 +16,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[0].GetMeta("dev") == "fc:01"
 results[0].Overflow.Alert.Events[0].GetMeta("inode") == "21761059"
 results[0].Overflow.Alert.Events[0].GetMeta("item") == "1"
-results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "path"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "auditd_path"
 results[0].Overflow.Alert.Events[0].GetMeta("mode") == "0100644"
 results[0].Overflow.Alert.Events[0].GetMeta("name") == "/etc/ld.so.preload"
 results[0].Overflow.Alert.Events[0].GetMeta("nametype") == "CREATE"

diff --git a/.tests/lnx_auditd_load_module_insmod/scenario.assert b/.tests/lnx_auditd_load_module_insmod/scenario.assert
@@ -13,7 +13,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[0].GetMeta("euid") == "0"
 results[0].Overflow.Alert.Events[0].GetMeta("exe") == "/usr/bin/kmod"
 results[0].Overflow.Alert.Events[0].GetMeta("gid") == "0"
-results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "syscall_execve"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "auditd_syscall_execve"
 results[0].Overflow.Alert.Events[0].GetMeta("pid") == "13801"
 results[0].Overflow.Alert.Events[0].GetMeta("ppid") == "13783"
 results[0].Overflow.Alert.Events[0].GetMeta("ses") == "3"

diff --git a/.tests/lnx_auditd_logging_config_change/scenario.assert b/.tests/lnx_auditd_logging_config_change/scenario.assert
@@ -16,7 +16,7 @@ results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
 results[0].Overflow.Alert.Events[0].GetMeta("dev") == "fc:01"
 results[0].Overflow.Alert.Events[0].GetMeta("inode") == "21761060"
 results[0].Overflow.Alert.Events[0].GetMeta("item") == "0"
-results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "path"
+results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "auditd_path"
 results[0].Overflow.Alert.Events[0].GetMeta("mode") == "0100644"
 results[0].Overflow.Alert.Events[0].GetMeta("name") == "/etc/rsyslog.conf"
 results[0].Overflow.Alert.Events[0].GetMeta("nametype") == "NORMAL"