def test_iot_get_device(requests_mock): """ Scenario: Get a device details from IoT Security Portal by device ID Given - A device ID provided When - Getting the device details from IoT security portal Then - Ensure the api URL is correct - Ensure the response is right """ mock_response = json.loads( '''{"hostname":"00:0a:e4:1c:62:26","ip_address":"10.10.65.96","profile_type":"Non_IoT"}''' ) requests_mock.get( 'https://test.com/pub/v4.0/device?customerid=foobar&deviceid=00:0a:e4:1c:62:26', json=mock_response) client = Client(base_url='https://test.com/pub/v4.0', tenant_id="foobar", verify=False) args = {'id': '00:0a:e4:1c:62:26'} outputs = iot_get_device(client, args).outputs assert outputs == mock_response
def test_iot_resolve_alert(requests_mock): """ Scenario: resolving alerts Given - An alert ID, reason and reason type When - Resolving an alert in IoT Security Portal Then - Ensure the api URL is correct with the right parameters and payload """ mock_response = json.loads( '''{"api":"/pub/v4.0/alert/update","ver":"v0.3"}''') adapter = requests_mock.put( 'https://test.com/pub/v4.0/alert/update?customerid=foobar&id=123', json=mock_response) client = Client(base_url='https://test.com/pub/v4.0', tenant_id="foobar", verify=False) args = {'id': '123', 'reason': 'test', 'reason_type': 'Issue Mitigated'} outputs = iot_resolve_alert(client, args).readable_output assert adapter.call_count == 1 assert adapter.called assert adapter.last_request.json() == { 'reason': 'test', 'reason_type': ['Issue Mitigated'], 'resolved': 'yes' } assert outputs == 'Alert 123 was resolved successfully'
def test_iot_list_devices(requests_mock): """ Scenario: Listing devices Given - offset and pagelength parameters When - Fetching devices list from IoT Security Portal Then - Ensure the api URL is correct with the right parameters """ mock_response = json.loads('''{"devices":[{},{}],"total":2}''') requests_mock.get( 'https://test.com/pub/v4.0/device/list?customerid=foobar&filter_monitored=no&offset=1' '&pagelength=2&detail=true&sortfield=MAC&sortdirection=asc', json=mock_response) client = Client(base_url='https://test.com/pub/v4.0', tenant_id="foobar", verify=False) args = {'offset': '1', 'limit': '2'} outputs = iot_list_devices(client, args).outputs assert len(outputs) == 2
def test_get_device_by_ip(requests_mock): """ Scenario: Geting device by ip Given - ip When - Fetching device details with IP Then - Ensure the IP is correct and return the device values. """ mock_response = json.loads( '''{"devices":{"hostname":"00:0a:e4:1c:62:26","ip_address":"1.1.1.1","profile_type":"Non_IoT"}}''' ) requests_mock.get('https://test.com/pub/v4.0/device/ip', json=mock_response) client = Client(base_url='https://test.com/pub/v4.0', tenant_id="foobar", verify=False) args = {'ip': "1.1.1.1"} outputs = iot_get_device_by_ip(client, args).outputs assert outputs == { "hostname": "00:0a:e4:1c:62:26", "ip_address": "1.1.1.1", "profile_type": "Non_IoT" }
def test_fetch_incidents(requests_mock, monkeypatch): """ Scenario: Fetch incidents normally Given - the lastRun with last_vulns_fetch=0 and no last_alerts_fetch When - Fetching alerts/vulnerabilities from IoT Security Portal Then - Ensure the api URL is correct with the parameters - Ensure the lastRun timestamps are updated correctly """ monkeypatch.setattr(demisto, "params", lambda: {'url': 'https://test.com'}) mock_alert_response = json.loads( '''{"ver":"v4.0","api":"/alert/list","items":[{"date":"2020-01-15T05:06:50.540Z", "name":"foo","description":"The baseline","zb_ticketid":"alert-Ob81iwWe"},{"date":"2020-01-15T05:06:50.540Z", "name":"bar","description":"x","zb_ticketid":"alert-Lqy4ikEz"}]}''') requests_mock.get( 'https://test.com/pub/v4.0/alert/list?customerid=foobar&offset=0&pagelength=10&stime=-1' '&type=policy_alert&resolved=no&sortfield=date&sortdirection=asc', json=mock_alert_response) mock_vuln_response = json.loads( '''{"ver":"v4.0","api":"/vulnerability/list","items":[{"name":"HPD41936", "ip":"10.55.132.114","deviceid":"a0:d3:c1:d4:19:36","detected_date":"2020-05-31T23:59:59.000Z", "vulnerability_name":"SMB v1 Usage"}]}''') requests_mock.get( 'https://test.com/pub/v4.0/vulnerability/list?customerid=foobar&offset=0&pagelength=10' '&stime=1970-01-01T00:00:00.001000Z&type=vulnerability&status=Confirmed&groupby=device', json=mock_vuln_response) client = Client(base_url='https://test.com/pub/v4.0', tenant_id="foobar", verify=False) last_run = {'last_vulns_fetch': 0} next_run, incidents = fetch_incidents(client, last_run) assert next_run == { 'last_alerts_fetch': 1579064810.54, 'last_vulns_fetch': 1590969599.0 } assert len(incidents) == 3
def test_iot_resolve_vuln(requests_mock): """ Scenario: resolving vulnerabilities Given - A vulnerability ID, reason and full vulnerability name When - Resolving a vulnerability in IoT Security Portal Then - Ensure the api URL is correct with the right parameters and payload """ mock_response = json.loads( '''{"api":"/vulnerability/update","ver":"v4.0","updatedVulnerInstanceList":[{ "newScore":10,"newLevel":"Low","newAnomalyMap":{"application":0,"protocol":0,"payload":0,"external":0,"internal":0}}]}''' ) adapter = requests_mock.put( 'https://test.com/pub/v4.0/vulnerability/update?customerid=foobar', json=mock_response) client = Client(base_url='https://test.com/pub/v4.0', tenant_id="foobar", verify=False) args = { 'id': '123', 'full_name': 'vuln_full_name', 'reason': 'test', } outputs = iot_resolve_vuln(client, args).readable_output assert adapter.call_count == 1 assert adapter.called assert adapter.last_request.json() == { 'reason': 'test', 'ticketIdList': ['123'], 'action': 'mitigate', 'full_name': 'vuln_full_name' } assert outputs == 'Vulnerability 123 was resolved successfully'
def test_fetch_incidents_special(requests_mock, monkeypatch): """ Scenario: Fetch incidents corner cases due to the same timestamps Given - A few incidents with the same timestamps at the edge of the pagination When - Fetching alerts/vulnerabilities from IoT Security Portal Then - Ensure the correct number of alerts/vulnerabilities are fetched - Ensure the lastRun timestamps are updated correctly """ monkeypatch.setattr(demisto, "params", lambda: {'url': 'https://test.com'}) mock_alert_response = json.loads('''{"items": [ { "name": "alert1", "date": "2019-11-07T23:11:30.509Z", "zb_ticketid": "zb_ticketid1", "deviceid": "zb_ticketid1" }, { "name": "alert2", "date": "2019-11-07T23:11:31.509Z", "zb_ticketid": "zb_ticketid2" } ]}''') requests_mock.get( 'https://test.com/pub/v4.0/alert/list?customerid=foobar&offset=0&pagelength=2&stime=-1' '&type=policy_alert&resolved=no&sortfield=date&sortdirection=asc', json=mock_alert_response) mock_alert_response = json.loads('''{"items": [ { "name": "alert3", "date": "2019-11-07T23:11:31.509Z", "zb_ticketid": "zb_ticketid3" }, { "name": "alert4", "date": "2019-11-07T23:11:31.509Z", "zb_ticketid": "zb_ticketid4" } ]}''') requests_mock.get( 'https://test.com/pub/v4.0/alert/list?customerid=foobar&offset=2&pagelength=2&stime=-1' '&type=policy_alert&resolved=no&sortfield=date&sortdirection=asc', json=mock_alert_response) mock_alert_response = json.loads('''{"items": [ { "name": "alert5", "date": "2019-11-07T23:11:31.509Z", "zb_ticketid": "zb_ticketid5" }, { "name": "alert6", "date": "2019-12-07T12:01:32.509Z", "zb_ticketid": "zb_ticketid6" } ]}''') requests_mock.get( 'https://test.com/pub/v4.0/alert/list?customerid=foobar&offset=4&pagelength=2&stime=-1' '&type=policy_alert&resolved=no&sortfield=date&sortdirection=asc', json=mock_alert_response) mock_vuln_response = json.loads('''{"items": [ { "name": "vuln1", "detected_date": "2019-11-07T23:11:30.509Z", "ip": "ip1", "vulnerability_name": "vname1", "deviceid": "deviceid1" }, { "name": "vuln2", "detected_date": "2019-11-07T23:11:31.509Z", "ip": "ip2", "vulnerability_name": "vname2", "deviceid": "deviceid2" } ]}''') requests_mock.get( 'https://test.com/pub/v4.0/vulnerability/list?customerid=foobar&offset=0&pagelength=2&stime=-1' '&type=vulnerability&status=Confirmed&groupby=device', json=mock_vuln_response) mock_vuln_response = json.loads('''{"items": []}''') requests_mock.get( 'https://test.com/pub/v4.0/vulnerability/list?customerid=foobar&offset=2&pagelength=2&stime=-1' '&type=vulnerability&status=Confirmed&groupby=device', json=mock_vuln_response) client = Client(base_url='https://test.com/pub/v4.0', max_fetch=2, tenant_id="foobar", verify=False) next_run, incidents = fetch_incidents(client, {}) assert next_run == { 'last_alerts_fetch': 1573168291.509, 'last_vulns_fetch': 1573168291.509 } assert len(incidents) == 7 # 5 alerts + 2 vulns