def test_sanitize_outputs(outputs, key_replace_dict, expected):
"""
Given:
- Outputs.
- Dict, containing old names as keys, and new names as values.
When:
- Case a: Sanitizing outputs, 'key_replace_dict' exists.
- Case b: Sanitizng outputs, 'key_replace_dict' does not exist.
Then:
- Case a: Ensure that outputs keys not included in 'key_replace_dict' are dismissed, and key names are changed.
- Case b: Ensure that outputs are sanitized, but keys remains the same.
"""
assert sanitize_outputs(outputs, key_replace_dict) == expected
- Enriching offense with asset values.
Then:
- Ensure enrichment asset object returned is as expected.
"""
assets = asset_enrich_data['assets']
enriched_assets = [create_single_asset_for_offense_enrichment(asset) for asset in assets]
assert enriched_assets == asset_enrich_data['offense_enrich']
@pytest.mark.parametrize('status_exception, status_response, results_response, search_id, expected',
[(None,
command_test_data['search_status_get']['response'],
command_test_data['search_results_get']['response'],
'19e90792-1a17-403b-ae5b-d0e60740b95e',
sanitize_outputs(command_test_data['search_results_get']['response']['events'])),
(DemistoException('error occurred'),
None,
None,
None,
[])
])
def test_poll_offense_events_with_retry(requests_mock, status_exception, status_response, results_response, search_id,
expected):
"""
Given:
- Client to perform API calls.
- Search ID of the query to enrich events.
When:
- Case a: QRadar returns a valid and terminated results to the search.