-
Install dependecies
yarn -
Change
config.jsonand provide credentials for elasticsearch.
You can proide apiKey for Cloud/Serverless, or just username/password
Examles of config:
{
"elastic": {
"node": "https://test.es.us-west2.gcp.elastic-cloud.com",
"apiKey": "ASdlkk=="
},
"kibana": {
"node": "https://test.kb.us-west2.gcp.elastic-cloud.com:9243",
"apiKey": "asdasdasd=="
}
}
{
"elastic": {
"node": "http://localhost:9200",
"username": "elastic",
"password": "changeme"
},
"kibana": {
"node": "http://127.0.0.1:5601",
"username": "elastic",
"password": "changeme"
},
"eventIndex": ""
}
yarn start entity-store - Generate data for entity store
yarn start clean-entity-store - Clean data for entity store
yarn start help - To see the commands list
yarn start generate-alerts -n <number of alerts> -h <number of hosts within the alerts> -u <number of users within the alerts> -s <optional space>
yarn start delete-alerts - Delete all alerts
yarn start test-risk-score - Test risk score API time response
To modify alert document, you can change createAlert.ts file.
Example list of command for testing Risk Score API woth 10.000 alerts.
yarn start delete-alerts
yarn start generate-alerts -n 10000 -h 100 -u 100
yarn start test-risk-score
-
Get your Elasticsearch url.
Go to Cloud -> Projects -> Your serverless project.
Then click Endpoints -> View and copy paste your ES URL to
config.jsonintoelastic.nodefield. -
Generate API key
Go to Cloud -> Projects -> Api Keys -> Manage project API keys
Create a new API key and past it to
config.jsonintoelastic.apiKeyfield. -
(Optional) Change if you want index name in
config.jsonineventIndexfield.By default -
logs-testlogs-default -
(Optional) Change mappings in
eventMappings.jsonfile. -
(Optional) Change event structure in
createEvents.tsfile -
Run
yarn start generate-events n. Wherenis the amount of documents that will be generated. -
yarn start delete-eventsto remove all documents from event index after your test.