def test_empty_cluster_name(mocker): global FETCHED_INCIDENT FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY PARAMETERS_DICT.update({ 'fieldsForClustering': 'field_1, field_2', 'fieldForClusterName': '' }) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) sub_dict_0 = { 'data': [2], 'dataType': 'incident', 'incidents_ids': ['1', '3'], 'name': 'Cluster 0', 'query': 'type:Phishing' } sub_dict_1 = { 'data': [2], 'dataType': 'incident', 'incidents_ids': ['2', '4'], 'name': 'Cluster 1', 'query': 'type:Phishing' } mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() output_json = json.loads(output_clustering_json) cluster_0 = output_json['data'][0] cluster_1 = output_json['data'][1] cond_1 = (all(item in cluster_0.items() for item in sub_dict_0.items()) and all(item in cluster_1.items() for item in sub_dict_1.items())) cond_2 = (all(item in cluster_0.items() for item in sub_dict_1.items()) and all(item in cluster_1.items() for item in sub_dict_0.items())) assert (cond_1 or cond_2)
def test_model_exist_and_expired(mocker): global FETCHED_INCIDENT global sub_dict_1 global sub_dict_0 FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY time = '1e-20' PARAMETERS_DICT.update({ 'fieldsForClustering': 'field_1, field_2', 'fieldForClusterName': 'entityname', 'forceRetrain': 'False', 'modelExpiration': time }) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() output_json = json.loads(output_clustering_json) cluster_0 = output_json['data'][0] cluster_1 = output_json['data'][1] cond_1 = (all(item in cluster_0.items() for item in sub_dict_0.items()) and all(item in cluster_1.items() for item in sub_dict_1.items())) cond_2 = (all(item in cluster_0.items() for item in sub_dict_1.items()) and all(item in cluster_1.items() for item in sub_dict_0.items())) assert (cond_1 or cond_2)
def test_missing_too_many_values(mocker): global FETCHED_INCIDENT FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY_WITH_NOT_ENOUGH_VALUES PARAMETERS_DICT.update( {'fieldsForClustering': 'field_1, field_2', 'fieldForClusterName': 'entityname'}) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() assert MESSAGE_INVALID_FIELD % 'field_2' in msg assert output_clustering_json assert model
def test_wrong_cluster_name(mocker): global FETCHED_INCIDENT FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY PARAMETERS_DICT.update( {'fieldsForClustering': 'field_1, field_2', 'fieldForClusterName': 'wrong_cluster_name_field'}) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() assert MESSAGE_INCORRECT_FIELD % 'wrong_cluster_name_field' in msg assert not output_clustering_json assert not model
def test_model_exist_and_valid(mocker): global FETCHED_INCIDENT FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY PARAMETERS_DICT.update({ 'fieldsForClustering': 'field_1, field_2, wrong_field', 'fieldForClusterName': 'entityname', 'forceRetrain': 'False' }) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() assert not msg assert output_clustering_json == {'data': 'data'}
def test_all_incorrect_fields(mocker): global FETCHED_INCIDENT FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY PARAMETERS_DICT.update( {'fieldsForClustering': 'field_1_wrong, field_2_wrong', 'fieldForClusterName': 'name'}) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() assert MESSAGE_INCORRECT_FIELD % ' , '.join(['field_1_wrong', 'field_2_wrong']) in msg assert MESSAGE_NO_FIELD_NAME_OR_CLUSTERING in msg assert not output_clustering_json assert not model
def test_same_cluster_name(mocker): global FETCHED_INCIDENT global sub_dict_1 global sub_dict_0 FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY_SAME_CLUSTER_NAME PARAMETERS_DICT.update( {'fieldsForClustering': 'field_1, field_2, wrong_field', 'fieldForClusterName': 'entityname'}) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT ) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() clusters_name = [x['clusterName'] for x in model.selected_clusters.values()] assert 'nmap' in clusters_name assert 'nmap_0' in clusters_name
def test_main_incident_nested(mocker): """ Test if fetched incident truncated - Should return MESSAGE_WARNING_TRUNCATED in the message :param mocker: :return: """ global FETCHED_INCIDENT FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY nested_field = 'xdralerts.cmd' PARAMETERS_DICT.update( {'fieldsForClustering': nested_field, 'fieldForClusterName': nested_field}) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT) mocker.patch.object(demisto, 'dt', return_value=['nested_val_1', 'nested_val_2']) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() assert not model assert not output_clustering_json assert MESSAGE_CLUSTERING_NOT_VALID in msg
def test_main_name_cluster_is_list(mocker): global FETCHED_INCIDENT global sub_dict_1 global sub_dict_0 FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY_MULTIPLE_NAME PARAMETERS_DICT.update( {'fieldsForClustering': 'field_1, field_2, wrong_field', 'fieldForClusterName': 'entityname'}) mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT ) mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand) model, output_clustering_json, msg = main() output_json = json.loads(output_clustering_json) cluster_0 = output_json['data'][0] cluster_1 = output_json['data'][1] assert MESSAGE_INCORRECT_FIELD % 'wrong_field' in msg cond_1 = (all(item in cluster_0.items() for item in sub_dict_0.items()) and all(item in cluster_1.items() for item in sub_dict_1.items())) cond_2 = (all(item in cluster_0.items() for item in sub_dict_1.items()) and all(item in cluster_1.items() for item in sub_dict_0.items())) assert (cond_1 or cond_2)