def test_get_incident_data_command(requests_mock):
"""Tests lp-get-incident-data command function.
Configures requests_mock instance to generate the appropriate
/get_data_from_incident API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, get_incident_data_command
mock_response = util_load_json(
'test_data/sample_incident_data_response.json')
requests_mock.get('https://test.com/get_data_from_incident',
json=mock_response)
client = Client(base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/json'})
args = {
"incident_obj_id": "5af12974007da85b99a3230b",
"incident_id": "347b897e1f752cab7ae380918690b11e",
"date": 1525754228.171028
}
response = get_incident_data_command(client, args)
assert response.outputs_prefix == 'LogPoint.Incidents.data'
assert response.outputs_key_field == ''
assert response.outputs == mock_response['rows']
def test_get_incident_states_command(requests_mock):
"""Tests lp-get-incident-states command function.
Configures requests_mock instance to generate the appropriate
/incident_states API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, get_incident_states_command
# mock_response = SAMPLE_INCIDENT_STATES_RESPONSE
mock_response = util_load_json(
'test_data/sample_incident_states_response.json')
requests_mock.get('https://test.com/incident_states', json=mock_response)
client = Client(base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/json'})
args = {'ts_from': 1607314566, 'ts_to': 1607228166, 'limit': 50}
response = get_incident_states_command(client, args)
assert response.outputs_prefix == 'LogPoint.Incidents.states'
assert response.outputs_key_field == 'id'
assert response.outputs == mock_response['states']
def test_get_searchid_command(requests_mock):
"""Tests lp-get-repos command function.
Configures requests_mock instance to generate the appropriate
/getalloweddata API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, get_searchid_command
mock_response = util_load_json(
'test_data/sample_get_searchid_response.json')
requests_mock.post('https://test.com/getsearchlogs', json=mock_response)
client = Client(
base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
args = {
"query": '| chart count() by col_type',
"time_range": 'Last 30 minutes',
"limit": 10,
"repos": []
}
response = get_searchid_command(client, args)
assert response.outputs_prefix == 'LogPoint.search_id'
assert response.outputs == mock_response['search_id']
def test_get_devices_command(requests_mock):
"""Tests lp-get-repos command function.
Configures requests_mock instance to generate the appropriate
/getalloweddata API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, get_devices_command
mock_response = util_load_json(
'test_data/sample_get_devices_response.json')
allowed_devices = mock_response['allowed_devices']
device_list = []
for device in allowed_devices:
for key, value in device.items():
device_list.append({
'name': value,
'address': key,
})
requests_mock.post('https://test.com/getalloweddata', json=mock_response)
client = Client(
base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
response = get_devices_command(client)
assert response.outputs_prefix == 'LogPoint.Devices'
assert response.outputs == device_list
def test_reopen_incidents_command(requests_mock):
"""Tests lp-reopen-incidents command function.
Configures requests_mock instance to generate the appropriate
/reopen_incident API response. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, reopen_incidents_command
sample_reopen_incidents_response = {
"success": True,
"message": "Incidents reopened"
}
mock_response = sample_reopen_incidents_response
requests_mock.post('https://test.com/reopen_incident', json=mock_response)
client = Client(base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/json'})
args = {
"version": "0.1",
'incident_obj_ids': "1262bd8cce113de890854455,1262bd8cce113de890854456"
}
response = reopen_incidents_command(client, args)
assert response.outputs_prefix == 'LogPoint.Incidents.reopen'
assert response.outputs_key_field == ''
assert response.outputs == mock_response['message']
def test_fetch_incidents(requests_mock):
"""Tests fetch-incidents command function.
"""
from LogPoint_SIEM_Integration import Client, fetch_incidents
mock_response = util_load_json('test_data/sample_incident_response.json')
requests_mock.get(
'https://test.com/incidents',
json=mock_response)
client = Client(
base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={
'Content-Type': 'application/json'
}
)
first_fetch = "1608189921"
max_fetch = 10
response = fetch_incidents(client, first_fetch, max_fetch)
assert response == [
{
'name': 'Potential SQL Injection attack',
'occurred': '2018-05-08T04:37:08.171028Z',
'severity': 4,
'rawJSON': json.dumps(mock_response['incidents'][0])
}
]
def test_get_users_command(requests_mock):
"""Tests lp-get-users command function.
Configures requests_mock instance to generate the appropriate
/get_users API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, get_users_command
mock_response = util_load_json('test_data/sample_get_users_response.json')
requests_mock.get(
'https://test.com/get_users',
json=mock_response)
client = Client(
base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={
'Content-Type': 'application/json'
}
)
response = get_users_command(client)
assert response.outputs_prefix == 'LogPoint.Incidents.users'
assert response.outputs_key_field == 'id'
assert response.outputs == mock_response['users']
def test_search_logs_command(requests_mock):
"""Tests lp-get-repos command function.
Configures requests_mock instance to generate the appropriate
/getalloweddata API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, search_logs_command
mock_response = util_load_json(
'test_data/sample_search_logs_response.json')
requests_mock.post('https://test.com/getsearchlogs', json=mock_response)
client = Client(
base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
args = {"search_id": mock_response.get('search_id')}
response = search_logs_command(client, args)
assert response.outputs_prefix == 'LogPoint.SearchLogs'
assert response.outputs == mock_response['rows']
def test_get_users_preference_command(requests_mock):
"""Tests lp-get-users-preference command function.
Configures requests_mock instance to generate the appropriate
/getalloweddata API response, loaded from a json file. Checks
the output of the command function with the expected output.
"""
from LogPoint_SIEM_Integration import Client, get_users_preference_command
mock_response = util_load_json(
'test_data/sample_get_users_preference_response.json')
requests_mock.post('https://test.com/getalloweddata', json=mock_response)
client = Client(
base_url='https://test.com',
verify=False,
proxy=False,
username='******',
apikey='apikey',
headers={'Content-Type': 'application/x-www-form-urlencoded'})
response = get_users_preference_command(client)
assert response.outputs_prefix == 'LogPoint.User.Preference'
del mock_response['success']
assert response.outputs == mock_response
