def test_empty_cluster_name(mocker):
global FETCHED_INCIDENT
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY
PARAMETERS_DICT.update({
'fieldsForClustering': 'field_1, field_2',
'fieldForClusterName': ''
})
mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT)
sub_dict_0 = {
'data': [2],
'dataType': 'incident',
'incidents_ids': ['1', '3'],
'name': 'Cluster 0',
'query': 'type:Phishing'
}
sub_dict_1 = {
'data': [2],
'dataType': 'incident',
'incidents_ids': ['2', '4'],
'name': 'Cluster 1',
'query': 'type:Phishing'
}
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
output_json = json.loads(output_clustering_json)
cluster_0 = output_json['data'][0]
cluster_1 = output_json['data'][1]
cond_1 = (all(item in cluster_0.items() for item in sub_dict_0.items())
and all(item in cluster_1.items()
for item in sub_dict_1.items()))
cond_2 = (all(item in cluster_0.items() for item in sub_dict_1.items())
and all(item in cluster_1.items()
for item in sub_dict_0.items()))
assert (cond_1 or cond_2)
def test_model_exist_and_expired(mocker):
global FETCHED_INCIDENT
global sub_dict_1
global sub_dict_0
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY
time = '1e-20'
PARAMETERS_DICT.update({
'fieldsForClustering': 'field_1, field_2',
'fieldForClusterName': 'entityname',
'forceRetrain': 'False',
'modelExpiration': time
})
mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
output_json = json.loads(output_clustering_json)
cluster_0 = output_json['data'][0]
cluster_1 = output_json['data'][1]
cond_1 = (all(item in cluster_0.items() for item in sub_dict_0.items())
and all(item in cluster_1.items()
for item in sub_dict_1.items()))
cond_2 = (all(item in cluster_0.items() for item in sub_dict_1.items())
and all(item in cluster_1.items()
for item in sub_dict_0.items()))
assert (cond_1 or cond_2)
def test_missing_too_many_values(mocker):
global FETCHED_INCIDENT
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY_WITH_NOT_ENOUGH_VALUES
PARAMETERS_DICT.update(
{'fieldsForClustering': 'field_1, field_2', 'fieldForClusterName': 'entityname'})
mocker.patch.object(demisto, 'args',
return_value=PARAMETERS_DICT)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
assert MESSAGE_INVALID_FIELD % 'field_2' in msg
assert output_clustering_json
assert model
def test_wrong_cluster_name(mocker):
global FETCHED_INCIDENT
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY
PARAMETERS_DICT.update(
{'fieldsForClustering': 'field_1, field_2', 'fieldForClusterName': 'wrong_cluster_name_field'})
mocker.patch.object(demisto, 'args',
return_value=PARAMETERS_DICT)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
assert MESSAGE_INCORRECT_FIELD % 'wrong_cluster_name_field' in msg
assert not output_clustering_json
assert not model
def test_model_exist_and_valid(mocker):
global FETCHED_INCIDENT
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY
PARAMETERS_DICT.update({
'fieldsForClustering': 'field_1, field_2, wrong_field',
'fieldForClusterName': 'entityname',
'forceRetrain': 'False'
})
mocker.patch.object(demisto, 'args', return_value=PARAMETERS_DICT)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
assert not msg
assert output_clustering_json == {'data': 'data'}
def test_all_incorrect_fields(mocker):
global FETCHED_INCIDENT
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY
PARAMETERS_DICT.update(
{'fieldsForClustering': 'field_1_wrong, field_2_wrong', 'fieldForClusterName': 'name'})
mocker.patch.object(demisto, 'args',
return_value=PARAMETERS_DICT)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
assert MESSAGE_INCORRECT_FIELD % ' , '.join(['field_1_wrong', 'field_2_wrong']) in msg
assert MESSAGE_NO_FIELD_NAME_OR_CLUSTERING in msg
assert not output_clustering_json
assert not model
def test_same_cluster_name(mocker):
global FETCHED_INCIDENT
global sub_dict_1
global sub_dict_0
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY_SAME_CLUSTER_NAME
PARAMETERS_DICT.update(
{'fieldsForClustering': 'field_1, field_2, wrong_field', 'fieldForClusterName': 'entityname'})
mocker.patch.object(demisto, 'args',
return_value=PARAMETERS_DICT
)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
clusters_name = [x['clusterName'] for x in model.selected_clusters.values()]
assert 'nmap' in clusters_name
assert 'nmap_0' in clusters_name
def test_main_incident_nested(mocker):
"""
Test if fetched incident truncated - Should return MESSAGE_WARNING_TRUNCATED in the message
:param mocker:
:return:
"""
global FETCHED_INCIDENT
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY
nested_field = 'xdralerts.cmd'
PARAMETERS_DICT.update(
{'fieldsForClustering': nested_field, 'fieldForClusterName': nested_field})
mocker.patch.object(demisto, 'args',
return_value=PARAMETERS_DICT)
mocker.patch.object(demisto, 'dt', return_value=['nested_val_1', 'nested_val_2'])
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
assert not model
assert not output_clustering_json
assert MESSAGE_CLUSTERING_NOT_VALID in msg
def test_main_name_cluster_is_list(mocker):
global FETCHED_INCIDENT
global sub_dict_1
global sub_dict_0
FETCHED_INCIDENT = FETCHED_INCIDENT_NOT_EMPTY_MULTIPLE_NAME
PARAMETERS_DICT.update(
{'fieldsForClustering': 'field_1, field_2, wrong_field', 'fieldForClusterName': 'entityname'})
mocker.patch.object(demisto, 'args',
return_value=PARAMETERS_DICT
)
mocker.patch.object(demisto, 'executeCommand', side_effect=executeCommand)
model, output_clustering_json, msg = main()
output_json = json.loads(output_clustering_json)
cluster_0 = output_json['data'][0]
cluster_1 = output_json['data'][1]
assert MESSAGE_INCORRECT_FIELD % 'wrong_field' in msg
cond_1 = (all(item in cluster_0.items() for item in sub_dict_0.items()) and all(item in cluster_1.items()
for item in sub_dict_1.items()))
cond_2 = (all(item in cluster_0.items() for item in sub_dict_1.items()) and all(item in cluster_1.items()
for item in sub_dict_0.items()))
assert (cond_1 or cond_2)
