Resolve CI failures

bhargavnariyanicrest · Dec 10, 2024 · f0300ff · f0300ff
1 parent 6c09fe7
commit f0300ff
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 122 deletions.
diff --git a/ivanti_connect_secure/assets/logs/ivanti-connect-secure.yaml b/ivanti_connect_secure/assets/logs/ivanti-connect-secure.yaml
@@ -118,8 +118,7 @@ pipeline:
           seconds"}'
       grok:
         supportRules: ""
-        matchRules:
-          "common_rule (%{number} )?(<%{integer}>)?(%{integer} )?%{notSpace}
+        matchRules: "common_rule (%{number} )?(<%{integer}>)?(%{integer} )?%{notSpace}
           %{notSpace} %{notSpace}: %{notSpace} %{notSpace} %{notSpace}
           %{data::json}"
     - type: grok-parser
@@ -407,8 +406,7 @@ pipeline:
               18773, Newly Detected Files 10, Mismatched Files 10"
           grok:
             supportRules: ""
-            matchRules:
-              "integrity_scan_rule Integrity Scan Completed: Integrity Scan
+            matchRules: "integrity_scan_rule Integrity Scan Completed: Integrity Scan
               Results : Matched Files
               %{integer:ivanti_connect_secure.matched_files}, Newly Detected
               Files %{integer:ivanti_connect_secure.detected_files}, Mismatched
@@ -431,8 +429,7 @@ pipeline:
               (session:sid12345)
           grok:
             supportRules: ""
-            matchRules:
-              connection_requests_rule Closed connection to %{notSpace:hostname}
+            matchRules: connection_requests_rule Closed connection to %{notSpace:hostname}
               port %{port:network.destination.port} after
               %{integer:ivanti_connect_secure.duration} seconds, with
               %{integer:network.bytes_read} bytes read \(in

diff --git a/ivanti_connect_secure/assets/logs/ivanti-connect-secure_tests.yaml b/ivanti_connect_secure/assets/logs/ivanti-connect-secure_tests.yaml
@@ -11,120 +11,4 @@ tests:
       Safari/537.36","device_id":"","browser_id":"742cafa1236662fa57a7231740c11111","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"WebRequest
       completed, GET to [http://10.0.0.0:8080//test] from [10.0.0.0]
       result=[200] sent=[62] received=[49280] in [10] seconds"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"WEB30441","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"2","sev_string":"info","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"WebRequest
-      Failed : Host: example.com, Request: http://example.com/ Reason
-      failure-reason"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"WEB23290","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"3","sev_string":"info","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Access
-      blocked to invalid SSL site - Host: example.com, Port: 1234, Request:
-      http://example.com/"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"WEB20171","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"4","sev_string":"info","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Access
-      denied because outbound secure http connections are disabled - Host:
-      example.com, Request: http://example.com/"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"AUT31556","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"5","sev_string":"minor","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Unauthenticated
-      request url /test came from IP 10.10.10.10."}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"AUT23457","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"6","sev_string":"minor","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Login
-      failed using auth server System Local. Reason: failure reason"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"AUT21051","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"7","sev_string":"minor","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Login
-      rejected login from IP 10.10.10.10. Missing username or password."}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"AUT24326","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"8","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Primary
-      authentication failed for authentication successful for demouser/System
-      Local from 10.10.10.10"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"AUT24604","date":"2024-12-04","timestamp":"1733\
-      293104","us_timestamp":"1733293104.48858","opaque_id":"2304","g\
-      ateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_n\
-      um":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id\
-      ":"","useragent":"","device_id":"","browser_id":"","tenan\
-      t_id":"","cert_hash":"","additional_details":[],"raw_message":\
-      "SSL negotiation failed while client at source IP \'10.10.10.10\' was
-      trying to connect to \'10.0.0.0\'. Reason: \'http request\'"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"AUT20919","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Remote
-      address for user [email protected]/test-realm changed from 10.10.10.10 to
-      20.20.20.20 forwarded-for changed from 10.0.0.0 to ."}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"JAV20023","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Closed
-      connection to test.com port 3389 after 7 seconds, with 1286 bytes read (in
-      5 chunks) and 1364 bytes written (in 5 chunks)"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"ERR24670","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"10","sev_string":"critical","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"VPN
-      Tunneling: ACL count = 24."}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"ERR31271","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"10","sev_string":"critical","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"VPN
-      Tunneling: Optimized ACL count = 10."}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"NWC23464","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"VPN
-      Tunneling: Session started for user (session: sid1234) with IPv4 address
-      10.10.10.10, hostname demohost.com"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"STS20641","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Number
-      of concurrent users logged in to the device: 2"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"SYS32100","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Integrity
-      Scan Completed: Integrity Scan Results : Matched Files 18773, Newly
-      Detected Files 10, Mismatched Files 10"}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"ADM22798","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Login
-      failed from 10.10.10.10 for adminuser/System Local."}'
-    result: null
-  - sample: '577 <134>1 2024-12-04T01:18:24-05:00 test.com PulseSecure: - - -
-      {"message_id":"ADM22668","date":"2024-12-04","timestamp":"1733293104","us_timestamp":"1733293104.48858","opaque_id":"2304","gateway_id":"","gateway_name":"","unique_id":"uid_1234","sev_num":"9","sev_string":"major","source_ip":"10.10.10.10",
-      "macaddr":"",
-      "user":"[email protected]","realm_name":"","roles":"","session_id":"","useragent":"","device_id":"","browser_id":"","tenant_id":"","cert_hash":"","additional_details":[],"raw_message":"Login
-      succeeded for adminuser/System Local from IP 10.10.10.10 via 3221 port."}'
     result: null