From c83a5a614badf8fdce247282cc5aaadc833f6f64 Mon Sep 17 00:00:00 2001
From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Date: Fri, 21 Jun 2024 18:29:39 +0530
Subject: [PATCH] Incorrect Integration Index Check (#3794)

(cherry picked from commit 675cad2ed4f343069b097f6928492b03f4d89f54)
---
 tests/test_all_rules.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/test_all_rules.py b/tests/test_all_rules.py
index 85994f02e..e438ea28d 100644
--- a/tests/test_all_rules.py
+++ b/tests/test_all_rules.py
@@ -679,15 +679,19 @@ class TestRuleMetadata(BaseRuleTest):
                             failures.append(err_msg)
 
                     # checks if an index pattern exists if the package integration tag exists
+                    # and is of pattern logs-{integration}*
                     integration_string = "|".join(indices)
-                    if not re.search(rule_integration, integration_string):
+                    if not re.search(f"logs-{rule_integration}*", integration_string):
                         if rule_integration == "windows" and re.search("winlog", integration_string) or \
                                 any(ri in [*map(str.lower, definitions.MACHINE_LEARNING_PACKAGES)]
                                     for ri in rule_integrations):
                             continue
+                        elif rule_integration == "apm" and \
+                                re.search("apm-*-transaction*|traces-apm*", integration_string):
+                            continue
                         elif rule.contents.data.type == 'threat_match':
                             continue
-                        err_msg = f'{self.rule_str(rule)} {rule_integration} tag, index pattern missing.'
+                        err_msg = f'{self.rule_str(rule)} {rule_integration} tag, index pattern missing or incorrect.'
                         failures.append(err_msg)
 
                 # checks if event.dataset exists in query object and a tag exists in metadata