Example #1
0
def selftest_function(opts):
    """
    Placeholder for selftest function. An example use would be to test package api connectivity.
    Suggested return values are be unimplemented, success, or failure.
    """
    try:

        options = opts.get("fn_qradar_integration", {})
        res_options = opts.get("resilient", {})

        log.info("Verifying app.config values for fn_qradar_integration")

        if res_options["cafile"].lower() == "false":
            qradar_client = qradar_utils.QRadarClient(options["host"],
                                                      username=options["username"],
                                                      password=options["qradarpassword"],
                                                      token=None,
                                                      cafile=False)
        else:
            qradar_client = qradar_utils.QRadarClient(options["host"],
                                                      username=options["username"],
                                                      password=options["qradarpassword"],
                                                      token=None,
                                                      cafile=res_options["cafile"])

        connected = qradar_client.verify_connect()

        log.info("Verifying QRadar connection...")

        log.info("Test was successful")

        return {
            "state": "success"
        }

    except Exception as err:
        err_reason_msg = """Could not connect to QRadar.
            error: {0}
            ---------
            Current Configs in app.config file::
            ---------
            host: {1}
            username: {2}
            qradarpassword: {3}
            qradartoken: {4}\n""".format(
            err,
            options["host"],
            options["username"],
            options["qradarpassword"],
            options["qradartoken"])

        log.error(err_reason_msg)

        return {
            "state": "failure",
            "reason": err_reason_msg
        }
Example #2
0
def test_find_all_ref_set_contains(mocked_search_ref_set,
                                   mocked_get_all_ref_set):

    qradar_client = qradar_utils.QRadarClient(host,
                                              username=username,
                                              password=password,
                                              token=None,
                                              cafile=cafile)

    all_sets = [{
        "timeout_type": "FIRST_SEEN",
        "name": "Reference Set 1",
        "element_type": "IP"
    }, {
        "timeout_type": "FIRST_SEEN",
        "name": "Reference Set 2",
        "element_type": "Hash-512"
    }]

    mocked_get_all_ref_set.return_value = all_sets

    ret1 = {"found": "False", "content": None}
    content = {"item_name": "Item1"}
    ret2 = {"found": "True", "content": content}

    mocked_search_ref_set.side_effect = [ret1, ret2]

    ret = qradar_client.find_all_ref_set_contains("Item1")

    assert len(ret) == 1
    assert ret[0] == content
Example #3
0
def test_ariel_search_more(mocked_perform_search):
    qradar_client = qradar_utils.QRadarClient(host,
                                              username=username,
                                              password=password,
                                              token=None,
                                              cafile=cafile)
    query_string = "SELECT * FROM events"
    query_all_results = False
    range_start = 1
    range_end = 10
    time_out = 1000
    ret_events = {
        "events": [{
            "starttime": "12345",
            "category": "cat1"
        }, {
            "starttime": "23456",
            "category": "cat2"
        }]
    }
    mocked_perform_search.return_value = ret_events
    ret = qradar_client.ariel_search(query_string, query_all_results,
                                     range_start, range_end, time_out)

    assert ret == ret_events