Skip to content

abnormal_security,aws_bedrock,crowdstrike,nvidia_gpu: add required variables in system tests #15832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

abnormal_security,aws_bedrock,crowdstrike,nvidia_gpu: add required variables in system tests #15832

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a7289b3
Fix system tests
moxarth-rathod Oct 31, 2025
9974cb2
Address PR comments
moxarth-rathod Nov 5, 2025
43300a2
make `wait_interval` parameter as optional
moxarth-rathod Nov 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ streams:
type: text
title: Recent Message Grace Interval
multi: false
required: true
required: false
show_user: true
description: How long to wait before attempting to collect recent messages. This option allows the Abnormal AI API to complete analysis of messages before the agent attempts to collect them. This should not be greater than the initial interval. Supported units for this parameter are h/m/s.
- name: interval
Expand Down
12 changes: 6 additions & 6 deletions packages/abnormal_security/data_stream/ai_security_mailbox_not_analyzed/sample_event.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,22 @@
}
},
"agent": {
"ephemeral_id": "835b49c2-b5f8-4cd3-9915-0257c60f59ad",
"id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6",
"name": "elastic-agent-18300",
"ephemeral_id": "ea5725c7-abdf-4082-aa3f-38a44243aced",
"id": "bde1501c-c6c1-49fe-9125-c805f917c934",
"name": "elastic-agent-45073",
"type": "filebeat",
"version": "8.19.0"
},
"data_stream": {
"dataset": "abnormal_security.ai_security_mailbox_not_analyzed",
"namespace": "26882",
"namespace": "98484",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6",
"id": "bde1501c-c6c1-49fe-9125-c805f917c934",
"snapshot": false,
"version": "8.19.0"
},
Expand All @@ -51,7 +51,7 @@
],
"dataset": "abnormal_security.ai_security_mailbox_not_analyzed",
"id": "-1234567891234567891",
"ingested": "2025-09-16T10:25:44Z",
"ingested": "2025-10-30T07:35:02Z",
"kind": "event",
"original": "{\"abx_message_id\":-1234567891234567891,\"not_analyzed_reason\":\"PHISHING_SIMULATION\",\"recipient\":{\"email\":\"phishing@test.com\",\"name\":\"Phishing Test\"},\"reported_datetime\":\"2025-03-04T17:03:55Z\",\"reporter\":{\"email\":\"info@test.com\",\"name\":\"Info Test\"},\"subject\":\"Fwd: Forwarded email\"}",
"reason": "PHISHING_SIMULATION",
Expand Down
12 changes: 6 additions & 6 deletions packages/abnormal_security/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,22 +219,22 @@ An example event for `ai_security_mailbox_not_analyzed` looks as following:
}
},
"agent": {
"ephemeral_id": "835b49c2-b5f8-4cd3-9915-0257c60f59ad",
"id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6",
"name": "elastic-agent-18300",
"ephemeral_id": "ea5725c7-abdf-4082-aa3f-38a44243aced",
"id": "bde1501c-c6c1-49fe-9125-c805f917c934",
"name": "elastic-agent-45073",
"type": "filebeat",
"version": "8.19.0"
},
"data_stream": {
"dataset": "abnormal_security.ai_security_mailbox_not_analyzed",
"namespace": "26882",
"namespace": "98484",
"type": "logs"
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "129fb3a1-34d7-4b0f-8248-d13d3a7d46f6",
"id": "bde1501c-c6c1-49fe-9125-c805f917c934",
"snapshot": false,
"version": "8.19.0"
},
Expand All @@ -253,7 +253,7 @@ An example event for `ai_security_mailbox_not_analyzed` looks as following:
],
"dataset": "abnormal_security.ai_security_mailbox_not_analyzed",
"id": "-1234567891234567891",
"ingested": "2025-09-16T10:25:44Z",
"ingested": "2025-10-30T07:35:02Z",
"kind": "event",
"original": "{\"abx_message_id\":-1234567891234567891,\"not_analyzed_reason\":\"PHISHING_SIMULATION\",\"recipient\":{\"email\":\"phishing@test.com\",\"name\":\"Phishing Test\"},\"reported_datetime\":\"2025-03-04T17:03:55Z\",\"reporter\":{\"email\":\"info@test.com\",\"name\":\"Info Test\"},\"subject\":\"Fwd: Forwarded email\"}",
"reason": "PHISHING_SIMULATION",
Expand Down
1 change: 1 addition & 0 deletions packages/aws_bedrock/data_stream/invocation/_dev/test/system/test-default-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,6 @@ data_stream:
queue_url: '{{TF_OUTPUT_queue_url}}'
preserve_original_event: true
preserve_duplicate_custom_fields: true
file_selectors: ""
Copy link
Contributor

@efd6 efd6 Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The complaint from ep is that this should be an array. Should this not be null?

Copy link
Contributor Author

@moxarth-rathod moxarth-rathod Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It throws the same error when I use null. The other option was to use an empty array, like file_selectors: |
So, I’ve changed it to an empty string for consistency.

Copy link
Contributor

@efd6 efd6 Nov 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not use the empty array? file_selectors: [] (file_selectors: | is an empty string, depending on the lines that follow).

It seems to me that the validation is missing something if it allows a string in an array slot.

assert:
hit_count: 348
30 changes: 17 additions & 13 deletions packages/aws_bedrock/data_stream/invocation/sample_event.json
View file
Open in desktop

Large diffs are not rendered by default.

3 changes: 1 addition & 2 deletions packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ inputs:
streams:
- data_stream:
dataset: crowdstrike.fdr
type: logs
fields:
_conf:
enable_deduplication: false
Expand Down Expand Up @@ -83,7 +82,7 @@ inputs:
fields:
- crowdstrike
publisher_pipeline.disable_host: true
queue_url: null
queue_url: ""
sqs.notification_parsing_script.source: |
function parse(n) {
var m = JSON.parse(n);
Expand Down
1 change: 1 addition & 0 deletions packages/crowdstrike/data_stream/fdr/_dev/test/policy/test-default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@ vars:
token_url: http://host.tld/oauth2/token
data_stream:
vars:
queue_url: ""
preserve_original_event: true
preserve_duplicate_custom_fields: true
1 change: 1 addition & 0 deletions packages/nvidia_gpu/data_stream/stats/_dev/test/system/test-default-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ data_stream:
preserve_original_event: true
hosts:
- http://{{Hostname}}:{{Port}}/metrics
ssl: ""
assert:
hit_count: 3
85 changes: 20 additions & 65 deletions packages/nvidia_gpu/data_stream/stats/sample_event.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,99 +1,54 @@
{
"@timestamp": "2025-06-24T05:16:10.082Z",
"@timestamp": "2025-10-30T09:18:05.475Z",
"agent": {
"ephemeral_id": "158b1ab5-1d8f-40df-a960-73d24cffa507",
"id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0",
"name": "elastic-agent-58660",
"ephemeral_id": "54f22388-40a1-419e-91a1-206585ad0aa0",
"id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e",
"name": "elastic-agent-35074",
"type": "metricbeat",
"version": "8.17.0"
"version": "8.16.0"
},
"data_stream": {
"dataset": "nvidia_gpu.stats",
"namespace": "52265",
"namespace": "46457",
"type": "metrics"
},
"ecs": {
"version": "8.17.0"
},
"elastic_agent": {
"id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0",
"id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e",
"snapshot": false,
"version": "8.17.0"
"version": "8.16.0"
},
"event": {
"agent_id_status": "verified",
"dataset": "nvidia_gpu.stats",
"duration": 3737970,
"ingested": "2025-06-24T05:16:13Z",
"duration": 4476867,
"ingested": "2025-10-30T09:18:08Z",
"module": "prometheus"
},
"gpu": {
"clock": {
"mem_frequency": 405,
"streaming_multiprocessor_frequency": 300
},
"labels": {
"device": "nvidia0",
"driver_version": "525.105.17",
"gpu": "0",
"hostname": "924e17218b6f",
"job": "prometheus",
"model_name": "Tesla T4",
"pci_bus_id": "00000000:00:04.0",
"uuid": "GPU-2492e3fa-2252-1730-0d1a-8d12ab32cdf0"
},
"license_vgpu_status": 0,
"memory": {
"framebuffer": {
"free_size": 14923,
"used_size": 5
}
},
"nvlink": {
"bandwidth_total": 0
"job": "prometheus"
},
"pcie": {
"replay": 0
},
"power": {
"energy_consumption_total": 27649212030,
"usage": 12.239
},
"temperature": {
"gpu": 36,
"memory": 0
},
"utilization": {
"decoder": {
"pct": 0
},
"encoder": {
"pct": 0
},
"gpu": {
"pct": 0
},
"memory_copy": {
"pct": 0
}
}
"up": "1"
},
"host": {
"architecture": "x86_64",
"containerized": true,
"hostname": "elastic-agent-58660",
"hostname": "elastic-agent-35074",
"ip": [
"172.18.0.7",
"192.168.32.2"
"192.168.251.5",
"192.168.252.2"
],
"mac": [
"A6-27-18-C5-0D-F0",
"EA-10-B8-A2-8C-94"
"02-42-C0-A8-FB-05",
"02-42-C0-A8-FC-02"
],
"name": "elastic-agent-58660",
"name": "elastic-agent-35074",
"os": {
"family": "",
"kernel": "5.15.153.1-microsoft-standard-WSL2",
"kernel": "3.10.0-1160.92.1.el7.x86_64",
"name": "Wolfi",
"platform": "wolfi",
"type": "linux",
Expand All @@ -111,4 +66,4 @@
"address": "http://svc-nvidia_gpu:9400/metrics",
"type": "prometheus"
}
}
}
83 changes: 19 additions & 64 deletions packages/nvidia_gpu/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,101 +56,56 @@ An example event for `stats` looks as following:

```json
{
"@timestamp": "2025-06-24T05:16:10.082Z",
"@timestamp": "2025-10-30T09:18:05.475Z",
"agent": {
"ephemeral_id": "158b1ab5-1d8f-40df-a960-73d24cffa507",
"id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0",
"name": "elastic-agent-58660",
"ephemeral_id": "54f22388-40a1-419e-91a1-206585ad0aa0",
"id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e",
"name": "elastic-agent-35074",
"type": "metricbeat",
"version": "8.17.0"
"version": "8.16.0"
},
"data_stream": {
"dataset": "nvidia_gpu.stats",
"namespace": "52265",
"namespace": "46457",
"type": "metrics"
},
"ecs": {
"version": "8.17.0"
},
"elastic_agent": {
"id": "c509a40e-38fb-4be5-8e70-ba382ce8eff0",
"id": "74bc8c8b-cd00-4a4e-8457-41b9fc85489e",
"snapshot": false,
"version": "8.17.0"
"version": "8.16.0"
},
"event": {
"agent_id_status": "verified",
"dataset": "nvidia_gpu.stats",
"duration": 3737970,
"ingested": "2025-06-24T05:16:13Z",
"duration": 4476867,
"ingested": "2025-10-30T09:18:08Z",
"module": "prometheus"
},
"gpu": {
"clock": {
"mem_frequency": 405,
"streaming_multiprocessor_frequency": 300
},
"labels": {
"device": "nvidia0",
"driver_version": "525.105.17",
"gpu": "0",
"hostname": "924e17218b6f",
"job": "prometheus",
"model_name": "Tesla T4",
"pci_bus_id": "00000000:00:04.0",
"uuid": "GPU-2492e3fa-2252-1730-0d1a-8d12ab32cdf0"
},
"license_vgpu_status": 0,
"memory": {
"framebuffer": {
"free_size": 14923,
"used_size": 5
}
},
"nvlink": {
"bandwidth_total": 0
"job": "prometheus"
},
"pcie": {
"replay": 0
},
"power": {
"energy_consumption_total": 27649212030,
"usage": 12.239
},
"temperature": {
"gpu": 36,
"memory": 0
},
"utilization": {
"decoder": {
"pct": 0
},
"encoder": {
"pct": 0
},
"gpu": {
"pct": 0
},
"memory_copy": {
"pct": 0
}
}
"up": "1"
},
"host": {
"architecture": "x86_64",
"containerized": true,
"hostname": "elastic-agent-58660",
"hostname": "elastic-agent-35074",
"ip": [
"172.18.0.7",
"192.168.32.2"
"192.168.251.5",
"192.168.252.2"
],
"mac": [
"A6-27-18-C5-0D-F0",
"EA-10-B8-A2-8C-94"
"02-42-C0-A8-FB-05",
"02-42-C0-A8-FC-02"
],
"name": "elastic-agent-58660",
"name": "elastic-agent-35074",
"os": {
"family": "",
"kernel": "5.15.153.1-microsoft-standard-WSL2",
"kernel": "3.10.0-1160.92.1.el7.x86_64",
"name": "Wolfi",
"platform": "wolfi",
"type": "linux",
Expand Down