test suite: initial tests

[mmguero]

I'm going to collect a list of initial tests that need to be created for the automated testing feature (#486):

• connectivity
  • test_malcolm_exists - Asserts that the Malcolm VM is running
  • test_malcolm_response - Asserts that the Malcolm instance is up and API is responsive
  • test_malcolm_db_health - Asserts that the Malcolm opensearch API is responsive and returns a "yellow" or "green" health status
• components/interfaces/features
  • dashboards/kibana
    • ensure that OpenSearch Dashboards page is served
    • if possible, try to use reporting (API?) to generate PDF for a dashboard
  • Arkime
    • ensure that Arkime UI is is served
    • ensure that Arkime responds to its APIs
      • connections
      • hunt (might be tricky)
      • fields
      • files
      • valueactions
      • fieldactions
      • sessions
      • spiview
      • spigraph
      • unique
      • pcap retrieval
      • views
  • local account management
    • ensure that local account management page is served
    • if possible, actually use it, but IDK if that's possible with pytest/requests
  • upload
    • ensure that network traffic artifact upload page is served
  • cyberchef
    • ensure that cyberchef UI is served
  • netbox
    • ensure that netbox UI is served
    • after insertion with autodiscovery, check that various network entities have been populated
    • test that enrichment has been performed on zeek logs and suricata alerts
    • test a netbox restore operation (not supported by Malcolm-Test framework yet)
    • test a netbox backup operation (not supported by Malcolm-Test framework yet)
  • file extraction
    • ensure that file extraction download UI is served
    • ensure that files are extracted and quarantined and/or preserved
    • ensure extracted file can be downloaded and unzipped/decrypted
  • severity
    • checks for event severity scoring (all categories)
• Malcolm APIs
  • test dashboard export API
  • test document lookup API
  • test event logging API
  • test fields API
  • test indices API
• protocols/enrichment
  • test_ot_protocols - perform field aggregation to check for all expected OT protocols
  • test_common_protocols - perform field aggregation to check for all expected common protocols
  • test_detection_packages - perform field aggregation to check for results from CVE/etc. detections
  • check for uploaded windows event (evtx) logs
  • spot check data for all enrichment sources (freq, geoip, etc.)
  • check that Zeek intel triggers (not supported by Malcolm-Test framework yet)
  • check for logs written by all zeek plugins

EDIT: I've stricken some that aren't going to be possible in this initial batch, but might be good for later additions.