# # Copyright (C) 2021 The Falco Authors. # # This file is part of Falco. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # trace_files: !mux list_plugins: check_detection_counts: False rules_file: - rules/plugins/cloudtrail_create_instances.yaml conf_file: BUILD_DIR/test/confs/plugins/cloudtrail_json_create_instances.yaml addl_cmdline_opts: --list-plugins stdout_contains: "2 Plugins Loaded.*Name: cloudtrail.*Name: json.*" list_plugin_fields: check_detection_counts: False rules_file: - rules/plugins/cloudtrail_create_instances.yaml conf_file: BUILD_DIR/test/confs/plugins/cloudtrail_json_create_instances.yaml addl_cmdline_opts: --list stdout_contains: "ct.id" detect_create_instance: enable_source: aws_cloudtrail detect: True detect_level: INFO rules_file: - rules/plugins/cloudtrail_create_instances.yaml detect_counts: - 'Cloudtrail Create Instance': 1 conf_file: BUILD_DIR/test/confs/plugins/cloudtrail_json_create_instances.yaml detect_create_instance_bigevent: enable_source: aws_cloudtrail detect: True detect_level: INFO rules_file: - rules/plugins/cloudtrail_create_instances.yaml detect_counts: - 'Cloudtrail Create Instance': 1 conf_file: BUILD_DIR/test/confs/plugins/cloudtrail_json_create_instances_bigevent.yaml incompatible_extract_sources: exit_status: 1 stderr_contains: "Plugin '.*' has field extraction capability but is not compatible with any known event source" conf_file: BUILD_DIR/test/confs/plugins/incompatible_extract_sources.yaml rules_file: - rules/plugins/cloudtrail_create_instances.yaml overlap_extract_sources: exit_status: 1 stderr_contains: "Plugin '.*' supports extraction of field 'test.field' that is overlapping for source 'test_source'" conf_file: BUILD_DIR/test/confs/plugins/overlap_extract_sources.yaml rules_file: - rules/plugins/cloudtrail_create_instances.yaml incompat_plugin_api: exit_status: 1 stderr_contains: "plugin required API version '10000000.0.0' not compatible with the framework's API version '.*'" conf_file: BUILD_DIR/test/confs/plugins/incompatible_plugin_api.yaml rules_file: - rules/plugins/cloudtrail_create_instances.yaml incompat_plugin_rules_version: exit_status: 1 stderr_contains: "Plugin 'cloudtrail' version '.*' is not compatible with required plugin version '100000.0.0'" conf_file: BUILD_DIR/test/confs/plugins/cloudtrail_json_create_instances.yaml rules_file: - rules/plugins/cloudtrail_incompat_plugin_version.yaml wrong_plugin_path: exit_status: 1 stderr_contains: "cannot load plugin.*No such file or directory" conf_file: BUILD_DIR/test/confs/plugins/wrong_plugin_path.yaml rules_file: - rules/plugins/cloudtrail_incompat_plugin_version.yaml no_plugins_unknown_source: exit_status: 0 validate_warnings: - item_type: rule item_name: Cloudtrail Create Instance code: LOAD_UNKNOWN_SOURCE message: "Unknown source aws_cloudtrail, skipping" validate_rules_file: - rules/plugins/cloudtrail_create_instances.yaml no_plugins_unknown_source_rule_exception: exit_status: 0 validate_warnings: - item_type: rule item_name: Cloudtrail Create Instance code: LOAD_UNKNOWN_SOURCE message: "Unknown source aws_cloudtrail, skipping" validate_rules_file: - rules/plugins/cloudtrail_create_instances_exceptions.yaml