def test_print(self):
data = download_testing_data()
manager = msiempy.NitroList(alist=data[:30])
manager[10]['County'] = msiempy.NitroList(alist=data[:5])
manager[20]['County'] = data[:5]
print('CSV')
print(manager.get_text(format='csv'))
print('NORMAL')
print(manager.text)
print('SPECIFIC FIELDS')
print(manager.get_text(fields=['County', 'Eco_Name']))
def test_print(self):
data = get_testing_data()
manager = msiempy.NitroList(alist=data[:30])
# Messing arround with the list
manager[10]['Rule.msg'] = msiempy.NitroList(alist=data[:5])
manager[20]['Rule.msg'] = data[:5]
print('CSV')
print(manager.get_text(format='csv'))
print('NORMAL')
print(manager.text)
print('SPECIFIC FIELDS')
print(manager.get_text(fields=['Rule.msg', 'Alert.LastTime']))
def test_manager(self):
sublist = msiempy.NitroList(
alist=[item for item in T.manager if item['CLIM_RANK'] == '1']
) #.search('CLIM_RANK.*0','Eco_Name.*north')#.search('County.*GLENN') #len = 52
sublist.perform(test_add_money_money,
progress=True,
asynch=True,
workers=500)
for item in sublist:
self.assertRegex(item['pct_hex'], '1|2', "Perform method issue ")
sublist.perform(test_add_money_money,
progress=True,
asynch=True,
func_args=dict(how_much=2),
workers=500)
for item in sublist:
self.assertRegex(item['pct_hex'], '2|3|4', "Perform method issue ")
mycouty = sublist.search('County.*GLENN')
self.assertGreater(len(mycouty), 0, 'Search method issue')
mycouty.perform(test_add_money_money,
progress=True,
asynch=True,
func_args=dict(how_much=500),
workers=500)
for item in mycouty:
self.assertRegex(item['pct_hex'], '502|503|504',
"Perform method issue ")
class T(unittest.TestCase):
manager = msiempy.NitroList(alist=get_testing_data())
def test_json(self):
json_dump = T.manager.json
try:
loaded = json.loads(json_dump)
self.assertEqual(
len(T.manager), len(loaded),
"Json dump doesn't have the same lengh as manger object")
for i in range(len(loaded)):
self.assertEqual(
dict(T.manager[i]), loaded[i],
"Json dump doesn't present the same info in the same order"
)
except Exception as e:
self.fail("Can't load json object :" + str(e))
def test_item(self):
pass
def test_manager(self):
sublist = msiempy.NitroList(
alist=[
item for item in T.manager if item['Alert.EventCount'] == '1'
]
) #.search('CLIM_RANK.*0','Eco_Name.*north')#.search('County.*GLENN') #len = 52
# sublist.perform(self.test_add_money_money, progress=True, asynch=True, workers=500)
# for item in sublist :
# self.assertRegex(item['CLIM_RANK'], '1|2', "Perform method issue ")
# sublist.perform(self.test_add_money_money, progress=True, asynch=True, func_args=dict(how_much=2), workers=500)
# for item in sublist :
# self.assertRegex(item['pct_hex'], '2|3|4', "Perform method issue ")
# mycouty=sublist.search('County.*GLENN')
# self.assertGreater(len(mycouty), 0, 'Search method issue')
# mycouty.perform(self.test_add_money_money, progress=True, asynch=True, func_args=dict(how_much=500), workers=500)
# for item in mycouty :
# self.assertRegex(item['pct_hex'], '502|503|504', "Perform method issue ")
def test_print(self):
data = get_testing_data()
manager = msiempy.NitroList(alist=data[:30])
# Messing arround with the list
manager[10]['Rule.msg'] = msiempy.NitroList(alist=data[:5])
manager[20]['Rule.msg'] = data[:5]
print('CSV')
print(manager.get_text(format='csv'))
print('NORMAL')
print(manager.text)
print('SPECIFIC FIELDS')
print(manager.get_text(fields=['Rule.msg', 'Alert.LastTime']))
def find(time_range, hostname_must_contains=[], vendors=[]):
events = msiempy.event.EventManager(
fields=["HostID", "UserIDSrc", "SrcIP", "SrcMac", "DSIDSigID"],
time_range=time_range,
filters=[
msiempy.event.FieldFilter("Alert.DSIDSigID",
[DHCP_RENEW, RADIUS_START])
],
limit=500,
)
print("Loading data...")
events.load_data(slots=10, workers=5, max_query_depth=2)
print("{} events have been loaded from the SIEM".format(len(events)))
if len(vendors) > 0:
print("Filtering vendors...")
mac = manuf.MacParser(update=True)
vendor_filtered_events = list()
for event in events:
device_vendor = mac.get_manuf(event["Alert.SrcMac"])
if device_vendor == None:
continue
for vendor in vendors:
if vendor.lower() in device_vendor.lower():
vendor_filtered_events.append(event)
break
events = vendor_filtered_events
print("{} events matches the vendor(s)".format(len(events)))
print("Aggregating events and devices...")
devices = aggregate_list_based_on_SrcMac(events)
print("{} unique devices in total".format(len(devices)))
# Apply host filters
host_filtered_devices = list()
for dev in devices:
if len(hostname_must_contains) == 0 or any([
match.lower() in dev.get("host").lower()
for match in hostname_must_contains
]):
host_filtered_devices.append(dev)
if len(devices) > len(host_filtered_devices):
devices = host_filtered_devices
print("{} devices matches hostname filter(s)".format(len(devices)))
return msiempy.NitroList(alist=devices)
def test_manager(self):
sublist = msiempy.NitroList(
alist=[item for item in T.manager if item['CLIM_RANK'] == '1']
) #.search('CLIM_RANK.*0','Eco_Name.*north')#.search('County.*GLENN') #len = 52