def test_is_async(self, mock_api_client):
mock_api_client.return_value = None
entry_point = EntryPoint()
check_async = entry_point.is_async()
assert check_async is False
def test_is_async(self, mock_api_client):
mock_api_client.return_value = None
entry_point = EntryPoint()
config = {"auth": {"SEC": "bla"}}
connection = {"host": "hostbla", "port": "8080", "ceft": "cert"}
check_async = entry_point.is_async()
assert check_async is False
import unittest
import json
from stix_shifter_utils.stix_translation.src.json_to_stix.json_to_stix import json_to_stix_translator
from stix_shifter_modules.elastic_ecs.entry_point import EntryPoint
from stix_shifter.stix_translation import stix_translation
from stix_shifter_utils.stix_translation.src.utils.transformer_utils import get_module_transformers
MODULE = "elastic_ecs"
entry_point = EntryPoint()
map_data = entry_point.get_results_translator().map_data
data_source = {
"type": "identity",
"id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3",
"name": "ElasticEcs",
"identity_class": "events"
}
options = {}
data = {
"@timestamp": "2019-04-21T11:05:07.000Z",
"event": {
"action":
"get",
"dataset":
"apache.access",
"original":
"10.42.42.42 - - [07/Dec/2018:11:05:07 +0100] \"GET /blog HTTP/1.1\" 200 2571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\""
},
"process": {
"args": ["/System/Library/CoreServices/SubmitDiagInfo", "server-init"],
"pid": 609,
def test_query_flow(self, mock_results_response, mock_api_client):
mock_api_client.return_value = None
results_mock = """ {
"hits" : {
"total" : {
"value" : 5,
"relation" : "eq"
},
"max_score" : 3.0,
"hits" : [
{
"_source": {
"@timestamp": "2019-04-12T12:41:07.237Z",
"client": {
"port": 64966,
"bytes": 39,
"ip": "0.0.0.0"
},
"source": {
"port": 64966,
"bytes": 39,
"ip": "0.0.0.0"
},
"event": {
"duration": 96890000,
"kind": "event",
"start": "2019-04-12T12:41:07.237Z",
"end": "2019-04-12T12:41:07.334Z",
"category": "network_traffic",
"dataset": "dns"
}
}
}
]
}
} """
mock_results_response.return_value = ElasticEcsMockResponse(
200, results_mock)
config = {"auth": {"SEC": "bla"}}
connection = {"host": "hostbla", "port": "8080", "ceft": "cert"}
query = '(source.port : "64966" OR client.port : "64966")'
transmission = stix_transmission.StixTransmission(
'elastic_ecs', connection, config)
query_response = transmission.query(query)
assert query_response is not None
assert 'search_id' in query_response
assert query_response[
'search_id'] == '(source.port : "64966" OR client.port : "64966")'
offset = 0
length = 1
entry_point = EntryPoint(connection, config)
results_response = entry_point.create_results_connection(
query, offset, length)
assert results_response is not None
assert 'data' in results_response
assert len(results_response['data']) > 0
from stix_shifter_utils.stix_translation.src.json_to_stix.json_to_stix import json_to_stix_translator
from stix_shifter_utils.stix_translation.src.utils import transformers
from stix_shifter_modules.elastic_ecs.entry_point import EntryPoint
from stix_shifter.stix_translation import stix_translation
import json
import unittest
entry_point = EntryPoint()
map_file = open(
entry_point.get_results_translator().default_mapping_file_path).read()
map_data = json.loads(map_file)
map_data = json.loads(map_file)
data_source = {
"type": "identity",
"id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3",
"name": "ElasticEcs",
"identity_class": "events"
}
options = {}
data = {
"@timestamp": "2019-04-21T11:05:07.000Z",
"event": {
"action":
"get",
"dataset":
"apache.access",
"original":
"10.42.42.42 - - [07/Dec/2018:11:05:07 +0100] \"GET /blog HTTP/1.1\" 200 2571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\""