def test_check_config_default_url(self): test_config_ops = default_config_data.copy() try: check_config(test_config_ops) assert False except ValueError as e: assert e.args[0] == "esm_url is still the default value, this must be changed to run this function"
def test_check_config_no_esm_section(self): try: check_config({}) assert False except ValueError as e: assert e.args[ 0] == "[fn_mcafee_esm] section is not set in the config file"
def test_check_config_default_username(self): test_config_ops = default_config_data.copy() try: test_config_ops["esm_url"] = "somethingelse.com" check_config(test_config_ops) assert False except ValueError as e: assert e.args[0] == "esm_username is still the default value, this must be changed to run this function"
def test_check_config_no_url(self): test_config_ops = t_config_data.copy() try: del test_config_ops["esm_url"] check_config(test_config_ops) assert False except ValueError as e: assert e.args[0] == "esm_url is not set. You must set this value to run this function"
def test_check_config_default_trust_cert(self): test_config_ops = default_config_data.copy() try: test_config_ops["esm_url"] = "somethingelse.com" test_config_ops["esm_username"] = "******" test_config_ops["esm_password"] = "******" check_config(test_config_ops) assert False except ValueError as e: assert e.args[0] == "verify_cert is still the default value, this must be changed to run this function"
def test_case_get_list_of_cases(self, mocked_requests_post): ops = check_config(t_config_data) content1 = { "status": "success" } content2 = [{ "severity": 2, "summary": "test3", "openTime": "08/09/2018 21:07:29", "id": 2, "statusId": { "value": 1 } }, { "severity": 1, "summary": "test3", "openTime": "08/10/2018 19:18:43", "id": 3, "statusId": { "value": 1 } }] mocked_requests_post.side_effect = [generate_response(content1, 200), generate_response(content2, 200)] actual_response = case_get_case_list(ops) assert content2 == actual_response
def test_query_esm(self, mocked_requests_common): ops = check_config(t_config_data) content1 = { "totalRows": 0, "resultID": "123456789", "totalResultID": "0", "groupByString": "", "countColumn": 0, "labelColumn": 0, "attributeColumn": 0, "drilldownColumn": 1 } content2 = { 'totalRecords': 1, 'complete': True, 'milliseconds': 5, 'percentComplete': 100 } mocked_requests_common.execute_call_v2 = MagicMock() mocked_requests_common.execute_call_v2.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] data = '{"config": {"timeRange": "CUSTOM", "customStart": "2018-08-15T14:49:25.324Z", "customEnd": "2018-08-20T15:49:25.324Z", "order": [{"direction": "ASCENDING", "field": {"name": "FirstTime"}}], "includeTotal": "false", "fields": [{"name": "FirstTime"}, {"name": "LastTime"}, {"name": "DSIDSigID"}, {"name": "EventCount"}, {"name": "SrcIP"}, {"name": "Rule.msg"}, {"name": "AppID"}, {"name": "Filename"}, {"name": "HostID"}, {"name": "Object_Type"}, {"name" : "Threat_Name"}], "filters": [{"type": "EsmFieldFilter", "field": {"name": "DSIDSigID"}, "operator": "IN", "values": [{"type": "EsmBasicValue", "value": "306-50080"}]}]}}' r_ID, r = query_esm(mocked_requests_common, ops, {}, data, "EVENT") assert 1 == r assert '{"resultID": "123456789"}' == r_ID
def __init__(self, opts): """constructor provides access to the configuration options""" super(FunctionComponent, self).__init__(opts) self.options = opts.get("fn_mcafee_esm", {}) # Check config file and change trust_cert to Boolean self.options = check_config(self.options)
def selftest_function(opts): """ Simple test to verify McAfee ESM connectivity. """ options = opts.get("fn_mcafee_esm", {}) try: # Instantiate RequestsCommon object rc = RequestsCommon(opts=opts, function_opts=options) # Check config file and change trust_cert to Boolean options = check_config(options) url = options["esm_url"] + "/rs/esm/v2/caseGetCaseList" headers = get_authenticated_headers(rc, options["esm_url"], options["esm_username"], options["esm_password"], options["trust_cert"]) r = rc.execute_call_v2('post', url, headers=headers, verify=options["trust_cert"], proxies=rc.get_proxies()) if r.status_code == 200: return {"state": "success", "status_code": r.status_code} else: return {"state": "failure", "status_code": r.status_code} except Exception as e: return {"state": "failure", "status_code": e}
def test_case_edit_case_details(self, mocked_requests_post): ops = check_config(t_config_data) content1 = {"status": "success"} content2 = { "dataSourceList": None, "assignedTo": 1, "orgId": 1, "closeTime": "08/22/2018 21:27:34", "eventList": [], "deviceList": None, "notes": [{ "changes": [], "content": "", "username": "******", "action": "Open", "timestamp": "08/22/2018 21:27:34(GMT)" }], "noteAdded": "", "history": [{ "changes": [], "content": "", "username": "******", "action": "Viewed", "timestamp": "08/22/2018 21:28:24(GMT)" }], "severity": 1, "summary": "test5", "openTime": "08/22/2018 21:27:34", "id": 8194, "statusId": { "value": 1 } } mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200), generate_response({}, 200) ] payload = { "caseDetail": { "summary": "This is a new summary", "severity": "2" } } case_edit_case_details(ops, payload, 1) # Doesn't return anything, if it made it here it passed successfully assert True
def test_check_config_valid_trust_cert(self): test_config_data = t_config_data.copy() test_config_data["verify_cert"] = "True" expected_config_ops = t_config_data.copy() expected_config_ops["verify_cert"] = "True" expected_config_ops["trust_cert"] = True actual_config_ops = check_config(test_config_data) assert expected_config_ops == actual_config_ops
def __init__(self, opts): """constructor provides access to the configuration options""" super(ESM_CasePolling, self).__init__(opts) self.opts = opts self.options = opts.get("fn_mcafee_esm", {}) # Check config file and change trust_cert to Boolean self.options = check_config(self.options) self.main()
def test_get_case_event_detail(self, mocked_requests_post): ops = check_config(t_config_data) content1 = {"status": "success"} content2 = [{ "lastTime": "08/22/2018 17:39:05", "id": "144115188075855872|1422", "message": "Failed User Logon" }] mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] actual_response = case_get_case_events_details(ops, 1) assert content2 == actual_response
def test_case_edit_case_details(self, mocked_requests_post): ops = check_config(t_config_data) content = { "dataSourceList": None, "assignedTo": 1, "orgId": 1, "closeTime": "08/22/2018 21:27:34", "eventList": [], "deviceList": None, "notes": [{ "changes": [], "content": "", "username": "******", "action": "Open", "timestamp": "08/22/2018 21:27:34(GMT)" }], "noteAdded": "", "history": [{ "changes": [], "content": "", "username": "******", "action": "Viewed", "timestamp": "08/22/2018 21:28:24(GMT)" }], "severity": 1, "summary": "test5", "openTime": "08/22/2018 21:27:34", "id": 8194, "statusId": { "value": 1 } } mocked_requests_post.return_value = generate_response(content, 200) case = case_get_case_detail(ops, {}, 1) assert content == case
def test_get_authenticated_headers(self, mocked_requests_post): ops = check_config(t_config_data) content = {"status": "success"} mocked_requests_post.return_value = generate_response(content, 200) expected_headers = { "content-type": "application/json", "cache-control": "no-cache", "Cookie": "JWTToken=mock_cookie_token", "X-Xsrf-Token": "mock_header_token" } actual_headers = get_authenticated_headers(ops.get("esm_url"), ops.get("esm_username"), ops.get("esm_password"), ops.get("verify_cert")) assert expected_headers == actual_headers
def test_get_results(self, mocked_requests_common): ops = check_config(t_config_data) content = { u'rows': [{ u'values': [ u'08/20/2018 14:58:23', u'08/20/2018 14:58:23', u'306-50080', u'1', u'::', u'A physical network interface connection has been made or removed', u'', u'', u'', u'', u'' ] }], u'columns': [{ u'name': u'Alert.FirstTime' }, { u'name': u'Alert.LastTime' }, { u'name': u'Alert.DSIDSigID' }, { u'name': u'Alert.EventCount' }, { u'name': u'Alert.SrcIP' }, { u'name': u'Rule.msg' }, { u'name': u'Alert.BIN(1)' }, { u'name': u'Alert.4259843' }, { u'name': u'Alert.BIN(4)' }, { u'name': u'Alert.BIN(10)' }, { u'name': u'Alert.65538' }] } mocked_requests_common.execute_call_v2 = MagicMock() mocked_requests_common.execute_call_v2.return_value = generate_response( content, 200) response = get_results(mocked_requests_common, ops, {}, "123456789") assert content == response
def test_case_get_list_of_cases(self, mocked_requests_post): ops = check_config(t_config_data) content1 = {"status": "success"} content2 = [{ "severity": 50, "summary": "Signature ID 'Failed User Logon' (306-31) match found", "assignee": "admin", "triggeredDate": "08/27/2018 18:47:14", "acknowledgedDate": "", "acknowledgedUsername": "", "alarmName": "Failed User Logon", "conditionType": 22, "id": 8195 }] mocked_requests_post.side_effect = [ generate_response(content1, 200), generate_response(content2, 200) ] params = {"triggeredTimeRange": "CURRENT_DAY"} actual_response = alarm_get_triggered_alarms(ops, params) assert content2 == actual_response
def test_check_config_valid(self): expected_config_ops = t_config_data.copy() expected_config_ops["trust_cert"] = False actual_config_ops = check_config(t_config_data) assert expected_config_ops == actual_config_ops