Exemple #1
0
 def test_alerts_client_calls_get_details_with_expected_value(
         self, mock_alerts_service, mock_alert_rules_service):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     alert_client.get_details(self._alert_ids)
     mock_alerts_service.get_details.assert_called_once_with(
         self._alert_ids)
Exemple #2
0
 def test_alerts_client_get_all_alert_details_returns_empty_generator_when_no_alerts_found(
         self, mock_alerts_service_with_no_alerts,
         mock_alert_rules_service):
     alert_client = AlertsClient(mock_alerts_service_with_no_alerts,
                                 mock_alert_rules_service)
     query = AlertQuery()
     results = list(alert_client.get_all_alert_details(query))
     assert results == []
Exemple #3
0
 def test_alerts_client_get_all_alert_details_does_not_call_get_details_when_no_alerts_found(
         self, mock_alerts_service_with_no_alerts,
         mock_alert_rules_service):
     alert_client = AlertsClient(mock_alerts_service_with_no_alerts,
                                 mock_alert_rules_service)
     query = AlertQuery()
     list(alert_client.get_all_alert_details(query))
     assert mock_alerts_service_with_no_alerts.get_details.call_count == 0
Exemple #4
0
 def test_alerts_client_calls_search_all_pages_with_expected_value_and_param(
     self,
     mock_alerts_service,
     mock_alert_rules_service,
 ):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     query = '{"test": "data"}}'
     alert_client.search_all_pages(query)
     mock_alerts_service.search_all_pages.assert_called_once_with(query)
Exemple #5
0
 def test_alerts_client_calls_update_note_with_expected_value_and_param(
     self,
     mock_alerts_service,
     mock_alert_rules_service,
 ):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     alert_client.update_note("alert-id", "a note")
     mock_alerts_service.update_note.assert_called_once_with(
         "alert-id", "a note")
Exemple #6
0
 def test_alerts_client_calls_update_state_with_state_and_expected_value(
     self,
     mock_alerts_service,
     mock_alert_rules_service,
 ):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     alert_client.update_state("RESOLVED", self._alert_ids)
     mock_alerts_service.update_state.assert_called_once_with(
         "RESOLVED", self._alert_ids, note=None)
Exemple #7
0
 def test_alerts_client_calls_get_aggregate_data_with_expected_value_and_param(
     self,
     mock_alerts_service,
     mock_alert_rules_service,
 ):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     alert_client.get_aggregate_data("alert-id")
     mock_alerts_service.get_aggregate_data.assert_called_once_with(
         "alert-id")
Exemple #8
0
 def test_alerts_client_calls_search_with_expected_value(
     self,
     mock_alerts_service,
     mock_alert_rules_service,
     mock_alert_query,
 ):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     alert_client.search(mock_alert_query)
     mock_alerts_service.search.assert_called_once_with(mock_alert_query)
Exemple #9
0
 def test_alerts_client_get_all_alert_details_calls_get_details_for_each_page(
         self, mock_alerts_service_with_pages, mock_alert_rules_service):
     mock_alerts_service = mock_alerts_service_with_pages(ascending=True)
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     query = AlertQuery()
     list(alert_client.get_all_alert_details(query))
     assert mock_alerts_service.get_details.call_args_list[0][0][0] == [
         "A",
         "B",
         "C",
     ]
     assert mock_alerts_service.get_details.call_args_list[1][0][0] == [
         "D",
         "E",
         "F",
     ]
Exemple #10
0
def _init_clients(services, connection):
    # clients are imported within function to prevent circular imports when a client
    # imports anything from py42.sdk.queries
    from py42.clients import Clients
    from py42.clients._archiveaccess.accessorfactory import ArchiveAccessorFactory
    from py42.clients.alertrules import AlertRulesClient
    from py42.clients.alerts import AlertsClient
    from py42.clients.archive import ArchiveClient
    from py42.clients.auditlogs import AuditLogsClient
    from py42.clients.authority import AuthorityClient
    from py42.clients.cases import CasesClient
    from py42.clients.detectionlists import DetectionListsClient
    from py42.clients.loginconfig import LoginConfigurationClient
    from py42.clients.securitydata import SecurityDataClient
    from py42.clients.trustedactivities import TrustedActivitiesClient
    from py42.services.storage._service_factory import ConnectionManager
    from py42.services.storage._service_factory import StorageServiceFactory

    authority = AuthorityClient(
        administration=services.administration,
        archive=services.archive,
        devices=services.devices,
        legalhold=services.legalhold,
        orgs=services.orgs,
        users=services.users,
    )
    detectionlists = DetectionListsClient(services.userprofile,
                                          services.departingemployee,
                                          services.highriskemployee)
    storage_service_factory = StorageServiceFactory(connection,
                                                    services.devices,
                                                    ConnectionManager())
    alertrules = AlertRulesClient(services.alerts, services.alertrules)
    securitydata = SecurityDataClient(
        services.fileevents,
        services.preservationdata,
        services.savedsearch,
        storage_service_factory,
    )
    alerts = AlertsClient(services.alerts, alertrules)
    archive_accessor_factory = ArchiveAccessorFactory(services.archive,
                                                      storage_service_factory)
    archive = ArchiveClient(archive_accessor_factory, services.archive)
    auditlogs = AuditLogsClient(services.auditlogs)
    loginconfig = LoginConfigurationClient(connection)
    trustedactivities = TrustedActivitiesClient(services.trustedactivities)
    clients = Clients(
        authority=authority,
        detectionlists=detectionlists,
        alerts=alerts,
        securitydata=securitydata,
        archive=archive,
        auditlogs=auditlogs,
        cases=CasesClient(services.cases, services.casesfileevents),
        loginconfig=loginconfig,
        trustedactivities=trustedactivities,
    )
    return clients
Exemple #11
0
 def test_alerts_client_get_all_alert_details_sorts_results_descending_when_specified(
     self,
     mock_alerts_service_with_pages,
     mock_alert_rules_service,
     mock_details,
     sort_key,
 ):
     mock_alerts_service = mock_alerts_service_with_pages(ascending=False)
     mock_alerts_service.get_details = mock_details
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     query = AlertQuery()
     query.sort_direction = "desc"
     query.sort_key = sort_key
     results = list(alert_client.get_all_alert_details(query))
     assert results == [
         ALERT_F, ALERT_E, ALERT_D, ALERT_C, ALERT_B, ALERT_A
     ]
Exemple #12
0
 def test_alerts_client_get_all_alert_details_sorts_results_according_to_query_sort_key(
     self,
     mock_alerts_service_with_pages,
     mock_alert_rules_service,
     mock_details,
     sort_key,
 ):
     mock_alerts_service = mock_alerts_service_with_pages(ascending=True)
     mock_alerts_service.get_details = mock_details
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     query = AlertQuery()
     query.sort_direction = "asc"
     query.sort_key = sort_key
     results = list(alert_client.get_all_alert_details(query))
     assert results == [
         ALERT_A, ALERT_B, ALERT_C, ALERT_D, ALERT_E, ALERT_F
     ]
Exemple #13
0
def _init_clients(services, connection):
    authority = AuthorityClient(
        administration=services.administration,
        archive=services.archive,
        devices=services.devices,
        legalhold=services.legalhold,
        orgs=services.orgs,
        securitydata=services.securitydata,
        users=services.users,
    )
    detectionlists = DetectionListsClient(services.userprofile,
                                          services.departingemployee,
                                          services.highriskemployee)

    storage_service_factory = StorageServiceFactory(connection,
                                                    services.devices,
                                                    ConnectionManager())
    alertrules = AlertRulesClient(services.alerts, services.alertrules)
    securitydata = SecurityDataClient(
        services.securitydata,
        services.fileevents,
        services.preservationdata,
        services.savedsearch,
        storage_service_factory,
    )
    alerts = AlertsClient(services.alerts, alertrules)
    archive_accessor_mgr = ArchiveAccessorManager(services.archive,
                                                  storage_service_factory)
    archive = ArchiveClient(archive_accessor_mgr, services.archive)
    auditlogs = AuditLogsClient(services.auditlogs)
    clients = Clients(
        authority=authority,
        detectionlists=detectionlists,
        alerts=alerts,
        securitydata=securitydata,
        archive=archive,
        auditlogs=auditlogs,
    )
    return clients
Exemple #14
0
 def test_rules_returns_rules_client(self, mock_alerts_service,
                                     mock_alert_rules_service):
     alert_client = AlertsClient(mock_alerts_service,
                                 mock_alert_rules_service)
     assert alert_client.rules