diff --git a/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py b/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py index 30e91e97..87a69df4 100644 --- a/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py +++ b/contentctl/actions/detection_testing/infrastructures/DetectionTestingInfrastructure.py @@ -1481,16 +1481,19 @@ def hec_raw_replay( "host": attack_data_file.host or self.sync_obj.replay_host, } - if self.infrastructure.instance_address.strip().lower().startswith("https://"): - address_with_scheme = self.infrastructure.instance_address.strip().lower() - elif self.infrastructure.instance_address.strip().lower().startswith("http://"): + hec_instance_address = ( + self.infrastructure.hec_instance_address + if self.infrastructure.hec_instance_address + else self.infrastructure.instance_address + ) + if hec_instance_address.strip().lower().startswith("https://"): + address_with_scheme = hec_instance_address.strip().lower() + elif hec_instance_address.strip().lower().startswith("http://"): address_with_scheme = ( - self.infrastructure.instance_address.strip() - .lower() - .replace("http://", "https://") + hec_instance_address.strip().lower().replace("http://", "https://") ) else: - address_with_scheme = f"https://{self.infrastructure.instance_address}" + address_with_scheme = f"https://{hec_instance_address}" # Generate the full URL, including the host, the path, and the params. # We can be a lot smarter about this (and pulling the port from the url, checking diff --git a/contentctl/objects/config.py b/contentctl/objects/config.py index bffa66d6..16b1a831 100644 --- a/contentctl/objects/config.py +++ b/contentctl/objects/config.py @@ -713,6 +713,10 @@ class Infrastructure(BaseModel): web_ui_port: int = Field(default=8000, gt=1, lt=65536, title="Web UI Port") api_port: int = Field(default=8089, gt=1, lt=65536, title="REST API Port") instance_name: str = Field(...) + hec_instance_address: Optional[str] = Field( + default=None, + description="HTTP Event Collector Address. May be Edge Processor Address, if not provided instance_address will used.", + ) class Container(Infrastructure): @@ -1260,6 +1264,16 @@ class test_servers(test_common): "Note that these test_instances may be hosted on the same system, such as localhost/127.0.0.1 or a docker server, or different hosts.\n" f"This value may also be passed by setting the environment variable [{TEST_ARGS_ENV}] with the value above.", ) + hec_server_overrides: Optional[str] = Field( + None, + validate_default=True, + description="String override servers to use for testing. The list MUST be in the format:\n" + "hec_address_override;hec_address_override_2" + "\nFor example, the following string will use 2 preconfigured hec instances:\n" + "127.0.0.1;1.2.3.4\n" + "Note that these hec_server_overrides may be hosted on the same system, such as localhost/127.0.0.1 or a docker server or different hosts.\n" + "Note that this assumes that Splunk hec token is valid for that server and that the hec port is the same as the hec_port for respective server.\n", + ) @model_validator(mode="before") @classmethod @@ -1279,11 +1293,21 @@ def parse_config(cls, data: Any, info: ValidationInfo) -> Any: infrastructures: List[Infrastructure] = [] + split_hec_server_overrides = [] + hec_server_overrides = data.get("hec_server_overrides") + if hec_server_overrides: + split_hec_server_overrides = hec_server_overrides.split(";") + index = 0 for server in server_info.split(";"): address, username, password, web_ui_port, hec_port, api_port = server.split( "," ) + hec_address = ( + split_hec_server_overrides[index] + if len(split_hec_server_overrides) > index + else address + ) infrastructures.append( Infrastructure( splunk_app_username=username, @@ -1293,6 +1317,7 @@ def parse_config(cls, data: Any, info: ValidationInfo) -> Any: web_ui_port=int(web_ui_port), api_port=int(api_port), instance_name=f"test_server_{index}", + hec_instance_address=hec_address, ) ) index += 1