def test_get_incident_data_command(requests_mock): """Tests lp-get-incident-data command function. Configures requests_mock instance to generate the appropriate /get_data_from_incident API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, get_incident_data_command mock_response = util_load_json( 'test_data/sample_incident_data_response.json') requests_mock.get('https://test.com/get_data_from_incident', json=mock_response) client = Client(base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/json'}) args = { "incident_obj_id": "5af12974007da85b99a3230b", "incident_id": "347b897e1f752cab7ae380918690b11e", "date": 1525754228.171028 } response = get_incident_data_command(client, args) assert response.outputs_prefix == 'LogPoint.Incidents.data' assert response.outputs_key_field == '' assert response.outputs == mock_response['rows']
def test_get_incident_states_command(requests_mock): """Tests lp-get-incident-states command function. Configures requests_mock instance to generate the appropriate /incident_states API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, get_incident_states_command # mock_response = SAMPLE_INCIDENT_STATES_RESPONSE mock_response = util_load_json( 'test_data/sample_incident_states_response.json') requests_mock.get('https://test.com/incident_states', json=mock_response) client = Client(base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/json'}) args = {'ts_from': 1607314566, 'ts_to': 1607228166, 'limit': 50} response = get_incident_states_command(client, args) assert response.outputs_prefix == 'LogPoint.Incidents.states' assert response.outputs_key_field == 'id' assert response.outputs == mock_response['states']
def test_get_searchid_command(requests_mock): """Tests lp-get-repos command function. Configures requests_mock instance to generate the appropriate /getalloweddata API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, get_searchid_command mock_response = util_load_json( 'test_data/sample_get_searchid_response.json') requests_mock.post('https://test.com/getsearchlogs', json=mock_response) client = Client( base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/x-www-form-urlencoded'}) args = { "query": '| chart count() by col_type', "time_range": 'Last 30 minutes', "limit": 10, "repos": [] } response = get_searchid_command(client, args) assert response.outputs_prefix == 'LogPoint.search_id' assert response.outputs == mock_response['search_id']
def test_get_devices_command(requests_mock): """Tests lp-get-repos command function. Configures requests_mock instance to generate the appropriate /getalloweddata API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, get_devices_command mock_response = util_load_json( 'test_data/sample_get_devices_response.json') allowed_devices = mock_response['allowed_devices'] device_list = [] for device in allowed_devices: for key, value in device.items(): device_list.append({ 'name': value, 'address': key, }) requests_mock.post('https://test.com/getalloweddata', json=mock_response) client = Client( base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/x-www-form-urlencoded'}) response = get_devices_command(client) assert response.outputs_prefix == 'LogPoint.Devices' assert response.outputs == device_list
def test_reopen_incidents_command(requests_mock): """Tests lp-reopen-incidents command function. Configures requests_mock instance to generate the appropriate /reopen_incident API response. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, reopen_incidents_command sample_reopen_incidents_response = { "success": True, "message": "Incidents reopened" } mock_response = sample_reopen_incidents_response requests_mock.post('https://test.com/reopen_incident', json=mock_response) client = Client(base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/json'}) args = { "version": "0.1", 'incident_obj_ids': "1262bd8cce113de890854455,1262bd8cce113de890854456" } response = reopen_incidents_command(client, args) assert response.outputs_prefix == 'LogPoint.Incidents.reopen' assert response.outputs_key_field == '' assert response.outputs == mock_response['message']
def test_fetch_incidents(requests_mock): """Tests fetch-incidents command function. """ from LogPoint_SIEM_Integration import Client, fetch_incidents mock_response = util_load_json('test_data/sample_incident_response.json') requests_mock.get( 'https://test.com/incidents', json=mock_response) client = Client( base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={ 'Content-Type': 'application/json' } ) first_fetch = "1608189921" max_fetch = 10 response = fetch_incidents(client, first_fetch, max_fetch) assert response == [ { 'name': 'Potential SQL Injection attack', 'occurred': '2018-05-08T04:37:08.171028Z', 'severity': 4, 'rawJSON': json.dumps(mock_response['incidents'][0]) } ]
def test_get_users_command(requests_mock): """Tests lp-get-users command function. Configures requests_mock instance to generate the appropriate /get_users API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, get_users_command mock_response = util_load_json('test_data/sample_get_users_response.json') requests_mock.get( 'https://test.com/get_users', json=mock_response) client = Client( base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={ 'Content-Type': 'application/json' } ) response = get_users_command(client) assert response.outputs_prefix == 'LogPoint.Incidents.users' assert response.outputs_key_field == 'id' assert response.outputs == mock_response['users']
def test_search_logs_command(requests_mock): """Tests lp-get-repos command function. Configures requests_mock instance to generate the appropriate /getalloweddata API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, search_logs_command mock_response = util_load_json( 'test_data/sample_search_logs_response.json') requests_mock.post('https://test.com/getsearchlogs', json=mock_response) client = Client( base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/x-www-form-urlencoded'}) args = {"search_id": mock_response.get('search_id')} response = search_logs_command(client, args) assert response.outputs_prefix == 'LogPoint.SearchLogs' assert response.outputs == mock_response['rows']
def test_get_users_preference_command(requests_mock): """Tests lp-get-users-preference command function. Configures requests_mock instance to generate the appropriate /getalloweddata API response, loaded from a json file. Checks the output of the command function with the expected output. """ from LogPoint_SIEM_Integration import Client, get_users_preference_command mock_response = util_load_json( 'test_data/sample_get_users_preference_response.json') requests_mock.post('https://test.com/getalloweddata', json=mock_response) client = Client( base_url='https://test.com', verify=False, proxy=False, username='******', apikey='apikey', headers={'Content-Type': 'application/x-www-form-urlencoded'}) response = get_users_preference_command(client) assert response.outputs_prefix == 'LogPoint.User.Preference' del mock_response['success'] assert response.outputs == mock_response