def test_sanitize_outputs(outputs, key_replace_dict, expected): """ Given: - Outputs. - Dict, containing old names as keys, and new names as values. When: - Case a: Sanitizing outputs, 'key_replace_dict' exists. - Case b: Sanitizng outputs, 'key_replace_dict' does not exist. Then: - Case a: Ensure that outputs keys not included in 'key_replace_dict' are dismissed, and key names are changed. - Case b: Ensure that outputs are sanitized, but keys remains the same. """ assert sanitize_outputs(outputs, key_replace_dict) == expected
- Enriching offense with asset values. Then: - Ensure enrichment asset object returned is as expected. """ assets = asset_enrich_data['assets'] enriched_assets = [create_single_asset_for_offense_enrichment(asset) for asset in assets] assert enriched_assets == asset_enrich_data['offense_enrich'] @pytest.mark.parametrize('status_exception, status_response, results_response, search_id, expected', [(None, command_test_data['search_status_get']['response'], command_test_data['search_results_get']['response'], '19e90792-1a17-403b-ae5b-d0e60740b95e', sanitize_outputs(command_test_data['search_results_get']['response']['events'])), (DemistoException('error occurred'), None, None, None, []) ]) def test_poll_offense_events_with_retry(requests_mock, status_exception, status_response, results_response, search_id, expected): """ Given: - Client to perform API calls. - Search ID of the query to enrich events. When: - Case a: QRadar returns a valid and terminated results to the search.