def test_check_task_status(mocker): mocker.patch("TrendMicroVisionOne.Client.http_request", check_task_status_mock_response) mocker.patch( "CommonServerPython.ScheduledCommand.raise_error_if_not_supported", lambda: None) client = Client("https://api.xdr.trendmicro.com", api_key) args = {"actionId": "00001108"} result = get_task_status(args, client) assert result.outputs["taskStatus"] == "success"
def test_get_forensic_file_information(mocker): """Test endpoint to get collected file infomation based on action id""" mocker.patch("TrendMicroVisionOne.Client.http_request", mock_download_collected_file_info_response) args = {"actionId": "00000700"} client = Client("https://api.xdr.trendmicro.com", api_key) result = download_information_collected_file(client, args) assert isinstance(result.outputs["url"], str) assert isinstance(result.outputs["expires"], str) assert isinstance(result.outputs["password"], str) assert isinstance(result.outputs["filename"], str)
def test_update_status(mocker): mocker.patch( "TrendMicroVisionOne.Client.http_request", update_status_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key, proxy) args = { "workbench_id": "WB-20837-20220418-00000", "status": "in_progress" } result = update_status(client, args) assert result.outputs["response_msg"] == "Alert status changed successfully." assert isinstance(result.outputs["Workbench_Id"], str) assert isinstance(result.outputs["response_code"], int)
def test_get_file_analysis_report_1(mocker): """Test get file analysis report data.""" mocker.patch("TrendMicroVisionOne.Client.http_request", mock_file_report_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "reportId": "800f908d-9578-4333-91e5-822794ed5483", "type": "suspiciousObject", } result = get_file_analysis_report(client, args) assert result.outputs["message"] == "Success" assert result.outputs["code"] == "Success" assert len(result.outputs["data"]) > 0
def test_get_report_id(mocker): """Test to get status of file with report id""" mocker.patch("TrendMicroVisionOne.Client.http_request", mock_file_status_response) args = {"taskId": "921674d0-9735-4f79-b7de-c852e00a003d"} client = Client("https://api.xdr.trendmicro.com", api_key) result = get_file_analysis_status(client, args) assert result.outputs["message"] == "Success" assert result.outputs["code"] == "Success" assert result.outputs["report_id"] == ( "012e4eac-9bd9-4e89-95db-77e02f75a6f3") assert result.outputs_prefix == "VisionOne.File_Analysis_Status" assert result.outputs_key_field == "message"
def test_delete_object_from_suspicious_list(mocker): """Test delete object from suspicious list.""" mocker.patch("TrendMicroVisionOne.Client.http_request", add_delete_suspicious_mock_response) mocker.patch("TrendMicroVisionOne.Client.suspicious_list_count", add_delete_suspicious_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = {"type": "domain", "value": "1.alisiosanguera.com.cn"} result = delete_from_suspicious_list(client, args) assert result.outputs["status_code"] is None assert isinstance(result.outputs["total_items"], int) assert result.outputs_prefix == "VisionOne.Suspicious_List" assert result.outputs_key_field == "message"
def test_add_note(mocker): mocker.patch( "TrendMicroVisionOne.Client.http_request", add_note_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key, proxy) args = { "workbench_id": "WB-20837-20220418-00000", "content": "This is a new note." } result = add_note(client, args) assert result.outputs["response_msg"] == "Alert notes added successfully." assert isinstance(result.outputs["Workbench_Id"], str) assert isinstance(result.outputs["noteId"], int) assert isinstance(result.outputs["response_code"], int)
def test_submit_file_to_sandbox(mocker): mocker.patch("TrendMicroVisionOne.requests.get", mocked_requests_get) mocker.patch("TrendMicroVisionOne.requests.post", mocked_requests_post) args = { "fileUrl": "http://adsd.com", "fileName": "XDR_ResponseApp_CollectFile_ID00000700_20211206T134158Z.7z", "archivePassword": "******", "documentPassword": "" } client = Client("https://api.xdr.trendmicro.com", api_key) result = submit_file_to_sandbox(client, args) assert result.outputs["message"] == "Success" assert result.outputs["code"] == "Success"
def test_restore_endpoint(mocker): """Test restore endpoint positive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", isolate_restore_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "endpoint": "hostname", "productId": "sao", "description": "restore endpoint info", } result = isolate_or_restore_connection( client, "trendmicro-visionone-restore-endpoint-connection", args) assert result.outputs["taskStatus"] == "pending" assert result.outputs_prefix == "VisionOne.Endpoint_Connection" assert result.outputs_key_field == "actionId"
def test_get_endpoint_information(mocker): """Test get information from endpoint based on computerid""" mocker.patch("TrendMicroVisionOne.Client.http_request", mock_get_endpoint_info_response) args = {"endpoint": "hostname"} client = Client("https://api.xdr.trendmicro.com", api_key) result = get_endpoint_info(client, args) assert result.outputs["status"] == "SUCCESS" assert isinstance(result.outputs["message"], str) assert isinstance(result.outputs["hostname"], str) assert isinstance(result.outputs["ip"], str) assert isinstance(result.outputs["macAddr"], str) assert isinstance(result.outputs["osDescription"], str) assert isinstance(result.outputs["osName"], str) assert isinstance(result.outputs["osVersion"], str) assert isinstance(result.outputs["productCode"], str)
def test_collect_forensic_file(mocker): """Test collect file with positive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", mock_collect_file) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "endpoint": "hostname", "description": "collect file", "productId": "sao", "filePath": ("/file_path/sample.txt"), "os": "linux", } result = collect_file(client, args) assert result.outputs["taskStatus"] == "pending" assert isinstance(result.outputs["actionId"], str) assert result.outputs_prefix == "VisionOne.Collect_Forensic_File" assert result.outputs_key_field == "actionId"
def test_remove_block_list(mocker): """Test remove block list positive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", add_remove_blocklist_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "valueType": "file_sha1", "targetValue": "2de5c1125d5f991842727ed8ea8b5fda0ffa249b", "productId": "sao", "description": "block info", } result = add_or_remove_from_block_list( client, "trendmicro-visionone-remove-from-block-list", args) assert result.outputs["taskStatus"] == "pending" assert isinstance(result.outputs["actionId"], str) assert result.outputs_prefix == "VisionOne.BlockList" assert result.outputs_key_field == "actionId"
def test_terminate_process_endpoint(mocker): """Test terminate process positive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", isolate_restore_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "endpoint": "00:50:56:81:87:A8", "fileSha1": "12a08b7a3c5a10b64700c0aca1a47941b50a4f8b", "productId": "sao", "description": "terminate info", "filename": "testfile", } result = terminate_process(client, args) assert result.outputs["taskStatus"] == "pending" assert isinstance(result.outputs["actionId"], str) assert result.outputs_prefix == "VisionOne.Terminate_Process" assert result.outputs_key_field == "actionId"
def test_add_object_to_exception_list(mocker): """Test add to exception list with positive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", add_delete_exception_mock_response) mocker.patch("TrendMicroVisionOne.Client.exception_list_count", add_delete_exception_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "type": "domain", "value": "1.alisiosanguera.com", "description": "new key" } result = add_or_delete_from_exception_list( client, "trendmicro-visionone-add-objects-to-exception-list", args) assert result.outputs["status_code"] is None assert result.outputs_prefix == "VisionOne.Exception_List" assert isinstance(result.outputs["total_items"], int) assert result.outputs_key_field == "message"
def test_get_file_analysis_report(mocker): """Test get file analysis report data.""" mocker.patch( "TrendMicroVisionOne.Client.http_request", mock_file_report_response) client = Client("https://api.xdr.trendmicro.com", api_key, proxy) args = { "reportId": "800f908d-9578-4333-91e5-822794ed5483", "type": "suspiciousObject", } result = get_file_analysis_report(client, args) assert result.outputs["message"] == "Success" assert result.outputs["code"] == "Success" assert isinstance(result.outputs["data"][0]["type"], str) assert isinstance(result.outputs["data"][0]["value"], str) assert isinstance(result.outputs["data"][0]["risk_level"], str) assert isinstance(result.outputs["data"][0]["analysis_completion_time"], str) assert isinstance(result.outputs["data"][0]["expired_time"], str) assert isinstance(result.outputs["data"][0]["root_file_sha1"], str)
def test_add_object_to_suspicious_list(mocker): """Test add to suspicious list with poistive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", add_delete_suspicious_mock_response) mocker.patch("TrendMicroVisionOne.Client.suspicious_list_count", add_delete_suspicious_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "type": "domain", "value": "1.alisiosanguera.com.cn", "description": "Example Suspicious Object.", "scanAction": "log", "riskLevel": "high", "expiredDay": 15, } result = add_to_suspicious_list(client, args) assert result.outputs["status_code"] is None assert isinstance(result.outputs["total_items"], int) assert result.outputs_prefix == "VisionOne.Suspicious_List" assert result.outputs_key_field == "message"
def test_quarantine_email_message(mocker): """Test quarantine email message positive scenario.""" mocker.patch("TrendMicroVisionOne.Client.http_request", quarantine_delete_email_mock_response) client = Client("https://api.xdr.trendmicro.com", api_key) args = { "messageId": ("<CANUJTKTjto9GAHTr9V=TFqMZhRXqVn=" "*****@*****.**>"), "mailBox": "*****@*****.**", "messageDeliveryTime": "2021-12-09T14:00:12.000Z", "productId": "sca", "description": "quarantine info", } result = quarantine_or_delete_email_message( client, "trendmicro-visionone-quarantine-email-message", args) assert result.outputs["taskStatus"] == "pending" assert isinstance(result.outputs["actionId"], str) assert result.outputs_prefix == "VisionOne.Email" assert result.outputs_key_field == "actionId"