def jinja_available_actions(self):
result = []
if self.exists:
result.append(ObservableActionDownloadFile())
result.append(ObservableActionDownloadFileAsZip())
result.append(ObservableActionSeparator())
result.append(ObservableActionViewAsHex())
result.append(ObservableActionViewAsText())
if integration_enabled('vt') or integration_enabled(
'vx') or integration_enabled('falcon_sandbox'):
result.append(ObservableActionSeparator())
if integration_enabled('vt'):
result.append(ObservableActionUploadToVt())
if integration_enabled('vx'):
result.append(ObservableActionUploadToVx())
if integration_enabled('falcon_sandbox'):
result.append(ObservableActionUploadToFalconSandbox())
result.append(ObservableActionSeparator())
result.append(ObservableActionViewInVt())
if integration_enabled('vx'):
result.append(ObservableActionViewInVx())
if integration_enabled('falcon_sandbox'):
result.append(ObservableActionViewInFalconSandbox())
result.append(ObservableActionSeparator())
result.extend(super().jinja_available_actions)
return result
def setUp(self):
super().setUp()
if not integration_enabled('splunk'):
raise unittest.SkipTest("skipping splunk tests (splunk integration not enabled)")
ips_txt = 'hunts/test/splunk/ips.txt'
with open(ips_txt, 'w') as fp:
fp.write('1.1.1.1\n')
saq.CONFIG['splunk']['uri'] = 'https://localhost:8089'
def setUp(self, *args, **kwargs):
super().setUp(*args, **kwargs)
if not integration_enabled('bro'):
raise unittest.SkipTest(
"skipping bro tests (bro integration not enabled)")
self.bro_smtp_dir = os.path.join(saq.DATA_DIR,
saq.CONFIG['bro']['smtp_dir'])
if os.path.exists(self.bro_smtp_dir):
shutil.rmtree(self.bro_smtp_dir)
os.makedirs(self.bro_smtp_dir)
def setUp(self, *args, **kwargs):
super().setUp(*args, **kwargs)
if not integration_enabled('bro'):
raise unittest.SkipTest(
"skipping bro tests (bro integration not enabled)")