def test_results_response_empty_list(self, mock_results_response,
mock_api_client):
mock_api_client.return_value = None
dir_path = os.path.dirname(os.path.realpath(__file__))
file_path = os.path.join(dir_path, 'api_response',
'empty_result_by_sid.json')
mocked_return_value = open(file_path, 'r').read()
mock_results_response.return_value = SplunkMockResponse(
200, mocked_return_value)
config = {"auth": {"username": "", "password": ""}}
connection = {"host": "host", "port": 8080}
search_id = "1536832140.4293"
offset = 0
length = 1
entry_point = EntryPoint(connection, config)
results_response = entry_point.create_results_connection(
search_id, offset, length)
assert 'success' in results_response
assert results_response['success'] is True
assert 'data' in results_response
assert len(results_response['data']) == 0
def test_status_response_cancelled(self, mock_status_response,
mock_api_client):
mock_api_client.return_value = None
dir_path = os.path.dirname(os.path.realpath(__file__))
file_path = os.path.join(dir_path, 'api_response',
'status_by_sid_running_cancel.json')
mocked_return_value = open(file_path, 'r').read()
mock_status_response.return_value = SplunkMockResponse(
200, mocked_return_value)
config = {"auth": {"username": "", "password": ""}}
connection = {"host": "host", "port": 8080}
search_id = "1536832140.4293"
entry_point = EntryPoint(connection, config)
status_response = entry_point.create_status_connection(search_id)
assert status_response is not None
assert 'status' in status_response
assert status_response['status'] == 'CANCELED'
assert 'progress' in status_response
assert status_response['progress'] == 100
assert 'success' in status_response
assert status_response['success'] is True
def test_is_async(self, mock_api_client):
mock_api_client.return_value = None
config = {"auth": {"username": "", "password": ""}}
connection = {"host": "host", "port": 8080}
entry_point = EntryPoint(connection, config)
check_async = entry_point.is_async()
assert check_async
def test_query_flow(self, mock_results_response, mock_status_response, mock_query_response, mock_api_client):
mock_api_client.return_value = None
config = {
"auth": {
"username": "",
"password": ""
}
}
connection = {
"host": "host",
"port": "8080"
}
query_mock = '{"sid":"1536832140.4293"}'
mock_query_response.return_value = SplunkMockResponse(201, query_mock)
dir_path = os.path.dirname(os.path.realpath(__file__))
file_path = os.path.join(dir_path, 'api_response', 'result_by_sid.json')
results_mock = open(file_path, 'r').read()
mock_results_response.return_value = SplunkMockResponse(200, results_mock)
status_file_path = os.path.join(dir_path, 'api_response', 'status_by_sid.json')
status_mock = open(status_file_path, 'r').read()
mock_status_response.return_value = SplunkMockResponse(200, status_mock)
query = 'search eventtype=network_traffic | fields + tag| spath'
entry_point = EntryPoint(connection, config)
query_response = entry_point.create_query_connection(query)
assert query_response is not None
assert query_response['success'] is True
assert 'search_id' in query_response
assert query_response['search_id'] == "1536832140.4293"
search_id = "1536832140.4293"
status_response = entry_point.create_status_connection(search_id)
assert status_response is not None
assert 'status' in status_response
assert status_response['status'] == 'COMPLETED'
assert 'progress' in status_response
assert status_response['progress'] == 100
assert 'success' in status_response
assert status_response['success'] is True
search_id = "1536832140.4293"
offset = 0
length = 1
results_response = entry_point.create_results_connection(search_id, offset, length)
assert 'success' in results_response
assert results_response['success'] is True
assert 'data' in results_response
assert len(results_response['data']) > 0
import logging
from stix_shifter_utils.stix_translation.src.json_to_stix import json_to_stix_translator
from stix_shifter.stix_translation import stix_translation
from stix_shifter_modules.splunk.entry_point import EntryPoint
from stix2validator import validate_instance
from stix_shifter_modules.splunk.stix_translation.splunk_utils import hash_type_lookup
from stix_shifter_utils.stix_translation.src.utils.transformer_utils import get_module_transformers
MODULE = "splunk"
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger()
entry_point = EntryPoint()
map_data = entry_point.get_results_translator().map_data
data_source = {
"type": "identity",
"id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3",
"name": "Splunk",
"identity_class": "events"
}
options = {}
class TestTransform(object):
@staticmethod
def get_first(itr, constraint):
return next((obj for obj in itr if constraint(obj)), None)
@staticmethod
def get_first_of_type(itr, typ):
return TestTransform.get_first(
from stix_shifter_utils.stix_translation.src.json_to_stix import json_to_stix_translator
from stix_shifter_utils.stix_translation.src.utils import transformers
from stix_shifter.stix_translation import stix_translation
from stix_shifter_modules.splunk.entry_point import EntryPoint
from stix2validator import validate_instance
from stix_shifter_modules.splunk.stix_translation.splunk_utils import hash_type_lookup
import json
import logging
logging.basicConfig(level=logging.DEBUG)
logger = logging.getLogger()
entry_point = EntryPoint()
map_file = open(
entry_point.get_results_translator().default_mapping_file_path).read()
map_data = json.loads(map_file)
data_source = {
"type": "identity",
"id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3",
"name": "Splunk",
"identity_class": "events"
}
options = {}
class TestTransform(object):
@staticmethod
def get_first(itr, constraint):
return next((obj for obj in itr if constraint(obj)), None)