def test_valid_unsubscription(self): topic = "some/topic" expected = Unsubscription(topic) # with snapshot: msg = {"action": "unsubscribe", "topic": topic} unsub = map_management_message(msg) expected = Unsubscription(topic) self.assertEqual(unsub, expected)
def map_management_message( broker_data, module_namespace: str, logger) -> Union[Subscription, Unsubscription, None]: """ Maps a management message to an actionable instruction for Threat Bus. @param broker_data The raw data that was received via broker @param module_namespace A Zeek namespace to accept events from @return A Subscription/Unsubscription object or None in case there is no valid mapping. """ event = broker.zeek.Event(broker_data) name, args = event.name(), event.args() module_namespace = module_namespace + "::" if module_namespace else "" name = name[name.startswith(module_namespace) and len(module_namespace):] if name == "subscribe" and len(args) == 2: (topic, snapshot_delta) = args if topic: return Subscription(topic, snapshot_delta) elif name == "unsubscribe" and len(args) == 1: topic = args[0] if topic: return Unsubscription(topic) logger.debug( f"Discarding Broker management message with unknown type: {name}") return None
def map_management_message(msg): """Maps a management message to an actionable instruction for threatbus. @param msg The message that was received, as python dictionary """ action = msg.get("action", None) topic = msg.get("topic", None) snapshot = msg.get("snapshot", 0) snapshot = timedelta(days=int(snapshot)) if action == "subscribe" and topic is not None and snapshot is not None: return Subscription(topic, snapshot) elif action == "unsubscribe" and topic is not None: return Unsubscription(topic)
def map_management_message(broker_data, module_namespace): """Maps a management message to an actionable instruction for threatbus. @param broker_data The raw data that was received via broker @param module_namespace A Zeek namespace to accept events from """ event = broker.zeek.Event(broker_data) name, args = event.name(), event.args() module_namespace = module_namespace + "::" if module_namespace else "" name = name[name.startswith(module_namespace) and len(module_namespace):] if name == "subscribe" and len(args) == 2: return Subscription(args[0], args[1]) elif name == "unsubscribe" and len(args) == 1: return Unsubscription(args[0])
def test_valid_unsubscription(self): topic = "some/topic" expected = Unsubscription(topic) # without namespace event = broker.zeek.Event("unsubscribe", topic) unsubscription = map_management_message(event, self.module_namespace) self.assertEqual(unsubscription, expected) # with namespace: event = broker.zeek.Event(self.module_namespace + "::unsubscribe", topic) unsubscription = map_management_message(event, self.module_namespace) self.assertEqual(unsubscription, expected)
def test_valid_unsubscription(self): msg = {"action": "unsubscribe", "topic": self.topic} unsub = map_management_message(msg) expected = Unsubscription(self.topic) self.assertEqual(unsub, expected)