def test_build_dbot_entry(self):
from CommonServerPython import build_dbot_entry
res = build_dbot_entry('*****@*****.**', 'Email', 'Vendor', 1)
assert res == {
'DBotScore': {
'Indicator': '*****@*****.**',
'Type': 'email',
'Vendor': 'Vendor',
'Score': 1
}
}
def test_build_dbot_entry_no_malicious(self):
from CommonServerPython import build_dbot_entry
res = build_dbot_entry('*****@*****.**',
'Email',
'Vendor',
3,
build_malicious=False)
assert res == {
'DBotScore': {
'Indicator': '*****@*****.**',
'Type': 'email',
'Vendor': 'Vendor',
'Score': 3
}
}
def test_file_indicators(self):
from CommonServerPython import build_dbot_entry, outputPaths
res = build_dbot_entry('md5hash', 'md5', 'Vendor', 3)
assert res == {
"DBotScore": {
"Indicator": "md5hash",
"Type": "file",
"Vendor": "Vendor",
"Score": 3
},
outputPaths['file']: {
"MD5": "md5hash",
"Malicious": {
"Vendor": "Vendor",
"Description": None
}
}
}
def test_build_dbot_entry_malicious(self):
from CommonServerPython import build_dbot_entry, outputPaths
res = build_dbot_entry('*****@*****.**', 'Email', 'Vendor', 3, 'Malicious email')
assert res == {
"DBotScore": {
"Vendor": "Vendor",
"Indicator": "*****@*****.**",
"Score": 3,
"Type": "email"
},
outputPaths['email']: {
"Malicious": {
"Vendor": "Vendor",
"Description": "Malicious email"
},
"Address": "*****@*****.**"
}
}
def test_illegal_indicator_type(self):
from CommonServerPython import build_dbot_entry, DemistoException
with raises(DemistoException, match='illegal indicator type'):
build_dbot_entry('1', 'NOTHING', 'Vendor', 2)
def test_illegal_dbot_score(self):
from CommonServerPython import build_dbot_entry, DemistoException
with raises(DemistoException, match='illegal DBot score'):
build_dbot_entry('1', 'ip', 'Vendor', 8)
