Skip to content

Commit f0b65ce

Browse files
moxarth-rathodmoxarth-rathod
authored
[O365] Add policy tests and benchmarks (#15554)
o365: add policy tests and benchmarks for integration quality checks
1 parent 58fefb8 commit f0b65ce

File tree

12 files changed

+4112
-0
lines changed

12 files changed

+4112
-0
lines changed

packages/o365/_dev/benchmark/rally/audit-benchmark.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
---
2+
description: Benchmark 100000 o365.audit events ingested.
3+
data_stream:
4+
name: audit
5+
corpora:
6+
generator:
7+
total_events: 100000
8+
template:
9+
type: gotext
10+
path: ./audit-benchmark/template.ndjson
11+
config:
12+
path: ./audit-benchmark/config.yml
13+
fields:
14+
path: ./audit-benchmark/fields.yml

packages/o365/_dev/benchmark/rally/audit-benchmark/config.yml

Lines changed: 140 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,140 @@
1+
fields:
2+
- name: Actor
3+
fields:
4+
- name: ID
5+
range:
6+
min: 100000000000000000
7+
max: 999999999999999999
8+
cardinality: 10000
9+
- name: Type
10+
range:
11+
min: 1
12+
max: 9
13+
cardinality: 10
14+
- name: ActorContextId
15+
enum:
16+
- b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
17+
- a86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
18+
- c86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
19+
- d86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
20+
- e86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
21+
- name: ExtendedProperties
22+
fields:
23+
- name: Name
24+
enum:
25+
- actorContextId
26+
- actorObjectId
27+
- actorObjectClass
28+
- actorUPN
29+
- actorAppID
30+
- actorPUID
31+
- teamName
32+
- targetContextId
33+
- targetObjectId
34+
- extendedAuditEventCategory
35+
- targetName
36+
- targetIncludedUpdatedProperties
37+
- correlationId
38+
- version
39+
- name: Value
40+
- b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
41+
- 755e500a-6c03-46b0-b53b-282f23374e3b
42+
- User
43+
- [email protected]
44+
- 18ed3507-a475-4ccb-b669-d66bc9f2a36e
45+
- 1003200096971F55
46+
- MSODS.
47+
- b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
48+
- 08d8bb01-c269-4a92-9929-a1a89b729512
49+
- name: Id
50+
range:
51+
min: 100000000000000000
52+
max: 999999999999999999
53+
cardinality: 10000
54+
- name: ObjectId
55+
enum:
56+
- Not Available
57+
- 71a0194b-b70c-44a6-82f2-d4670aee4585
58+
- c5393580-f805-4401-95e8-94b7a6ef2fc2;https://manage.office.com;https://manage.office365.us;https://manage.protection.apps.mil;https://manage-gcc.office.com
59+
- 71a0194b-b70c-44a6-82f2-d4670aee4585
60+
- name: Operation
61+
enum:
62+
- Add app role assignment to service principal.
63+
- Add OAuth2PermissionGrant.
64+
- Consent to application.
65+
- Add app role assignment grant to user.
66+
- Update application.
67+
- name: OrganizationId
68+
enum:
69+
- b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
70+
- a86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
71+
- c86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
72+
- d86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
73+
- e86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
74+
- name: RecordType
75+
range:
76+
min: 1
77+
max: 181
78+
cardinality: 100
79+
- name: ResultStatus
80+
enum:
81+
- Success
82+
- Succeeded
83+
- 'True'
84+
- failed
85+
- 'false'
86+
- partiallysucceeded
87+
- name: SupportTicketId
88+
range:
89+
min: 1000
90+
max: 9999
91+
cardinality: 10
92+
- name: Target
93+
fields:
94+
- name: ID
95+
enum:
96+
- Application_08d8bb01-c269-4a92-9929-a1a89b729512
97+
- 08d8bb01-c269-4a92-9929-a1a89b729512
98+
- Application
99+
- siem
100+
- name: Type
101+
range:
102+
min: 1
103+
max: 9
104+
cardinality: 10
105+
- name: TargetContextId
106+
enum:
107+
- b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
108+
- a86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
109+
- c86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
110+
- d86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
111+
- e86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd
112+
- name: UserId
113+
enum:
114+
- [email protected]
115+
- [email protected]
116+
- name: UserKey
117+
enum:
118+
- [email protected]
119+
- [email protected]
120+
- name: UserType
121+
range:
122+
min: 1
123+
max: 9
124+
cardinality: 10
125+
- name: Version
126+
range:
127+
min: 1
128+
max: 5
129+
cardinality: 10
130+
- name: Workload
131+
enum:
132+
- ExchangeAdmin
133+
- ExchangeItem
134+
- ExchangeItemGroup
135+
- SharePoint
136+
- SharePointFileOperation
137+
- OneDrive
138+
- AzureActiveDirectory
139+
- AzureActiveDirectoryAccountLogon
140+
- DataCenterSecurityCmdlet

packages/o365/_dev/benchmark/rally/audit-benchmark/fields.yml

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
- name: Actor
2+
type: group
3+
fields:
4+
- name: ID
5+
type: keyword
6+
- name: Type
7+
type: integer
8+
- name: ActorContextId
9+
type: keyword
10+
- name: ExtendedProperties
11+
type: group
12+
fields:
13+
- name: Name
14+
type: keyword
15+
- name: Value
16+
type: keyword
17+
- name: Id
18+
type: keyword
19+
- name: ModifiedProperties
20+
type: group
21+
fields:
22+
- name: Name
23+
type: keyword
24+
- name: NewValue
25+
type: keyword
26+
- name: OldValue
27+
type: keyword
28+
- name: ObjectId
29+
type: keyword
30+
- name: Operation
31+
type: keyword
32+
- name: OrganizationId
33+
type: keyword
34+
- name: RecordType
35+
type: integer
36+
- name: ResultStatus
37+
type: keyword
38+
- name: SupportTicketId
39+
type: keyword
40+
- name: Target
41+
type: group
42+
fields:
43+
- name: ID
44+
type: keyword
45+
- name: Type
46+
type: integer
47+
- name: TargetContextId
48+
type: keyword
49+
- name: UserId
50+
type: keyword
51+
- name: UserKey
52+
type: keyword
53+
- name: UserType
54+
type: integer
55+
- name: Version
56+
type: integer
57+
- name: Workload
58+
type: keyword

packages/o365/_dev/benchmark/rally/audit-benchmark/template.ndjson

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{{- $ID := generate "Actor.ID" }}
2+
{{- $Type := generate "Actor.Type" }}
3+
{{- $ActorContextId := generate "ActorContextId" }}
4+
{{- $Name := generate "ExtendedProperties.Name" }}
5+
{{- $Value := generate "ExtendedProperties.Value" }}
6+
{{- $Id := generate "Id" }}
7+
{{- $NewValue := generate "ModifiedProperties.NewValue" }}
8+
{{- $OldValue := generate "ModifiedProperties.OldValue" }}
9+
{{- $ObjectId := generate "ObjectId" }}
10+
{{- $Operation := generate "Operation" }}
11+
{{- $OrganizationId := generate "OrganizationId" }}
12+
{{- $RecordType := generate "RecordType" }}
13+
{{- $ResultStatus := generate "ResultStatus" }}
14+
{{- $SupportTicketId := generate "SupportTicketId" }}
15+
{{- $TargetContextId := generate "TargetContextId" }}
16+
{{- $UserId := generate "UserId" }}
17+
{{- $UserKey := generate "UserKey" }}
18+
{{- $UserType := generate "UserType" }}
19+
{{- $Version := generate "Version" }}
20+
{{- $Workload := generate "Workload" }}
21+
22+
{
23+
"o365audit": {
24+
"Actor": [
25+
{
26+
"ID": "{{ $ID }}",
27+
"Type": {{ $Type }}
28+
}
29+
],
30+
"ActorContextId": "{{ $ActorContextId }}",
31+
"ExtendedProperties": [
32+
{
33+
"Name": "{{ $Name }}",
34+
"Value": "{{ $Value }}"
35+
}
36+
],
37+
"Id": "{{ $Id }}",
38+
"ModifiedProperties": [
39+
{
40+
"Name": "{{ $Name }}",
41+
"NewValue": "{{ $NewValue }}",
42+
"OldValue": "{{ $OldValue }}"
43+
}
44+
],
45+
"ObjectId": "{{ $ObjectId }}",
46+
"Operation": "{{ $Operation }}",
47+
"OrganizationId": "{{ $OrganizationId }}",
48+
"RecordType": {{ $RecordType }},
49+
"ResultStatus": "{{ $ResultStatus }}",
50+
"SupportTicketId": "{{ $SupportTicketId }}",
51+
"Target": [
52+
{
53+
"ID": "{{ $ID }}",
54+
"Type": {{ $Type }}
55+
}
56+
],
57+
"TargetContextId": "{{ $TargetContextId }}",
58+
"UserId": "{{ $UserId }}",
59+
"UserKey": "{{ $UserKey }}",
60+
"UserType": {{ $UserType }},
61+
"Version": {{ $Version }},
62+
"Workload": "{{ $Workload }}"
63+
}
64+
}

0 commit comments

Comments
 (0)