def test_fetch_incidents_long_running_events(self, mocker):
"""
Assert fetch_incidents_long_running_events updates integration context with the expected id, samples and events
Given:
- Fetch incidents is set to: FetchMode.all_events
- There is an offense to fetch: 450
When:
- Fetch loop is triggered
Then:
- Assert integration context id is set correctly
- Assert integration context samples is set with correct length
- Assert integration context events is set with correct value
"""
expected_events = "assert ok"
def mock_enrich_offense_with_events(client, offense, fetch_mode, events_columns, events_limit):
offense['events'] = expected_events
return offense
client = QRadarClient("", {}, {"identifier": "*", "password": "******"})
fetch_mode = FetchMode.all_events
mocker.patch.object(QRadar_v2, "get_integration_context", return_value={})
mocker.patch.object(QRadar_v2, "fetch_raw_offenses", return_value=[RAW_RESPONSES["fetch-incidents"]])
QRadar_v2.enrich_offense_with_events = mock_enrich_offense_with_events
mocker.patch.object(demisto, "createIncidents")
mocker.patch.object(demisto, "debug")
sic_mock = mocker.patch.object(QRadar_v2, "set_integration_context")
fetch_incidents_long_running_events(client, "", "", False, False, fetch_mode, "", "")
assert sic_mock.call_args[0][0]['id'] == 450
assert len(sic_mock.call_args[0][0]['samples']) == 1
incident_raw_json = json.loads(sic_mock.call_args[0][0]['samples'][0]['rawJSON'])
assert incident_raw_json['events'] == expected_events
def test_fetch_incidents_long_running_events__timeout(self, mocker):
"""
Assert raw offenses are populated as expected when timeout is reached
Given:
- Fetch incidents is set to: FetchMode.all_events
- There is an offense to fetch: 450
When:
- Fetch loop is triggered
Then:
- Assert print_debug_msg was called with timeout message
- Assert integration context id is set correctly
- Assert integration context samples is set with correct length
- Assert integration context events is not set
"""
def mock_enrich_offense_with_events(client, offense, fetch_mode,
events_columns, events_limit):
time.sleep(0.001)
return offense
QRadar_v2.DEFAULT_EVENTS_TIMEOUT = 0
offense_with_no_events = RAW_RESPONSES["fetch-incidents"]
if 'events' in offense_with_no_events:
del offense_with_no_events['events']
client = QRadarClient("", {}, {"identifier": "*", "password": "******"})
fetch_mode = FetchMode.all_events
mocker.patch.object(QRadar_v2,
"get_integration_context",
return_value={})
mocker.patch.object(QRadar_v2,
"fetch_raw_offenses",
return_value=[offense_with_no_events])
print_debug_msg_mock = mocker.patch.object(QRadar_v2,
"print_debug_msg")
QRadar_v2.enrich_offense_with_events = mock_enrich_offense_with_events
mocker.patch.object(demisto, "createIncidents")
mocker.patch.object(demisto, "debug")
sic_mock = mocker.patch.object(QRadar_v2, "set_integration_context")
fetch_incidents_long_running_events(client, "", "", False, False,
fetch_mode, "", "")
assert print_debug_msg_mock.call_args_list[0].args[
0] == "Timed out while waiting for events"
assert sic_mock.call_args[0][0]['id'] == 450
assert len(sic_mock.call_args[0][0]['samples']) == 1
incident_raw_json = json.loads(
sic_mock.call_args[0][0]['samples'][0]['rawJSON'])
assert 'events' not in incident_raw_json
QRadar_v2.DEFAULT_EVENTS_TIMEOUT = 30