Beispiel #1
0
 def test_create_provider(self):
     """Test method."""
     qry_prov = QueryProvider("LocalData")
     qry_prov.connect()
     self.assertTrue(qry_prov.connected)
     queries = qry_prov.list_queries()
     self.assertGreaterEqual(len(queries), 8)
     self.assertIn("SecurityAlert.list_alerts", queries)
     self.assertIn("WindowsSecurity.list_host_events", queries)
     self.assertIn("Network.list_azure_network_flows_by_ip", queries)
Beispiel #2
0
 def test_additional_queries(self):
     """Test method."""
     data_path = get_test_data_path()
     query_path = str(Path(get_test_data_path()) / "localdata")
     qry_prov = QueryProvider("LocalData",
                              data_paths=[data_path],
                              query_paths=[query_path])
     queries = qry_prov.list_queries()
     self.assertGreaterEqual(len(queries), 11)
     for query in queries:
         qry_func = getattr(qry_prov, query)
         d_frame = qry_func()
         self.assertIsInstance(d_frame, pd.DataFrame)
         self.assertGreaterEqual(len(d_frame), 1)
Beispiel #3
0
    def test_load_yaml_def(self):
        la_provider = QueryProvider(
            data_environment="LogAnalytics", driver=self.provider
        )
        with self.assertRaises((ImportError, ValueError)) as cm:
            file_path = Path(_TEST_DATA, "data_q_meta_fail.yaml")
            la_provider.import_query_file(query_file=file_path)
            self.assertIn("no data families defined", str(cm.exception))

        with self.assertRaises((ImportError, ValueError)) as cm:
            file_path = Path(_TEST_DATA, "data_q_source_fail_param.yaml")
            la_provider.import_query_file(query_file=file_path)
            self.assertIn("Missing parameters are", str(cm.exception))

        with self.assertRaises((ImportError, ValueError)) as cm:
            file_path = Path(_TEST_DATA, "data_q_source_fail_type.yaml")
            la_provider.import_query_file(query_file=file_path)
            self.assertIn("Parameters with missing types", str(cm.exception))

        before_queries = len(list(la_provider.list_queries()))
        file_path = Path(_TEST_DATA, "data_q_success.yaml")
        la_provider.import_query_file(query_file=file_path)

        self.assertEqual(before_queries + 3, len(list(la_provider.list_queries())))
Beispiel #4
0
    def test_queries(self):
        """Test method."""
        data_path = Path(get_test_data_path()) / "localdata"
        qry_prov = QueryProvider("LocalData", data_paths=[str(data_path)])

        queries = qry_prov.list_queries()
        for query in queries:
            qry_func = getattr(qry_prov, query)
            d_frame = qry_func()
            self.assertIsInstance(d_frame, pd.DataFrame)
            self.assertGreater(len(d_frame), 1)

        schema = qry_prov.schema
        for cols in schema.values():
            self.assertIsInstance(cols, dict)
            self.assertGreater(len(cols), 10)
Beispiel #5
0
    def test_additional_queries(self):
        """Test method."""
        data_path = get_test_data_path()
        query_path = str(Path(get_test_data_path()) / "localdata")
        qry_prov = QueryProvider("LocalData",
                                 data_paths=[data_path],
                                 query_paths=[query_path])
        queries = qry_prov.list_queries()
        self.assertGreaterEqual(len(queries), 11)

        qry_params = {
            "start": -1,
            "end": 0,
            "ip_address_list": ["test"],
            "host_name": "test",
            "account_name": "test",
        }
        for query in queries:
            qry_func = getattr(qry_prov, query)
            d_frame = qry_func(**qry_params)
            self.assertIsInstance(d_frame, pd.DataFrame)
            self.assertGreaterEqual(len(d_frame), 1)