def _reload(self, event, opts):
        """Configuration options have changed, save new values"""
        self.options = opts.get("fn_microsoft_security_graph", {})

        self.Microsoft_security_graph_helper = MicrosoftGraphHelper(
            self.options.get("tenant_id"), self.options.get("client_id"),
            self.options.get("client_secret"))
Esempio n. 2
0
    def test_get_access_token(self, mocked_requests_post):
        content = {"access_token": "fake_access_token"}
        mocked_requests_post.return_value = generate_response(content, 200)

        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        token = ms_helper.get_access_token()
        assert token == "fake_access_token"
Esempio n. 3
0
    def test_check_stats_code_good(self, mocked_requests_post):
        content = {"access_token": "fake_access_token"}
        mocked_requests_post.return_value = generate_response(content, 200)
        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        r = requests_mock.response
        r.status_code = 200

        assert ms_helper.check_status_code(r)
Esempio n. 4
0
    def test_search_alert(self, mocked_requests_post, mocked_requests_get):
        content = {"access_token": "fake_access_token"}
        content2 = {"alerts": [{"alert1": 1}, {"alert2": 2}]}
        mocked_requests_post.return_value = generate_response(content, 200)
        mocked_requests_get.return_value = generate_response(content2, 200)
        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        ms_helper.clear_cache()
        r = alert_search("ms_graph_url", ms_helper, "filter")

        assert r.json() == content2
Esempio n. 5
0
    def test_update_alert(self, mocked_requests_post, mocked_requests_patch):
        content = {"access_token": "fake_access_token"}
        content2 = {"alert_details": {"details": "updated"}}
        mocked_requests_post.return_value = generate_response(content, 200)
        mocked_requests_patch.return_value = generate_response(content2, 200)
        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        ms_helper.clear_cache()
        r = update_alert("ms_graph_url", ms_helper, "21354657678",
                         '{"update_data": "data"}')

        assert r.json() == content2
Esempio n. 6
0
    def test_get_alert_details(self, mocked_requests_post,
                               mocked_requests_get):
        content = {"access_token": "fake_access_token"}
        content2 = {"alert_details": {"details": 1234}}
        mocked_requests_post.return_value = generate_response(content, 200)
        mocked_requests_get.return_value = generate_response(content2, 200)
        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        ms_helper.clear_cache()
        r = get_alert_details("ms_graph_url", ms_helper, "1223456788")

        assert r.json() == content2
Esempio n. 7
0
    def test_check_stats_code_bad(self, mocked_requests_post):
        content = {"access_token": "fake_access_token"}
        mocked_requests_post.return_value = generate_response(content, 200)
        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        r = requests_mock.response
        r.status_code = 500

        try:
            ms_helper.check_status_code(r)
        except ValueError as e:
            assert e.args[
                0] == "Invalid response from Microsoft Security Graph"
Esempio n. 8
0
    def test_get_access_token_refresh(self, mocked_requests_post):
        content1 = {"access_token": ""}
        content2 = {"access_token": "fake_refreshed_access_token"}
        mocked_requests_post.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200)
        ]

        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        ms_helper.clear_cache()
        token = ms_helper.get_access_token()
        assert token == "fake_refreshed_access_token"
    def __init__(self, opts):
        """constructor provides access to the configuration options"""
        super(IntegrationComponent, self).__init__(opts)
        self.options = opts.get("fn_microsoft_security_graph", {})

        # Validate required fields in app.config are set
        required_fields = ["microsoft_graph_url", "tenant_id", "client_id", "client_secret"]
        validate_fields(required_fields, self.options)

        self.Microsoft_security_graph_helper = MicrosoftGraphHelper(self.options.get("tenant_id"),
                                                                    self.options.get("client_id"),
                                                                    self.options.get("client_secret"))
        self.polling_main()
Esempio n. 10
0
    def test_get_alerts(self, mocked_requests_post, mocked_requests_get):
        opts = {
            "alert_time_range_sec": "100",
            "microsoft_graph_url": "fake_url",
            "alert_filter": "severity%20eq%20'high'"
        }
        content = {"access_token": "fake_access_token"}
        content2 = {"value": {"alert_details": {"details": 1234}}}
        mocked_requests_post.return_value = generate_response(content, 200)
        mocked_requests_get.return_value = generate_response(content2, 200)

        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        alerts = get_alerts(opts, ms_helper)

        assert alerts == {"alert_details": {"details": 1234}}
Esempio n. 11
0
    def test_check_stats_code_invalid(self, mocked_requests_post):
        content1 = {"access_token": "fake_access_token"}
        content2 = {"access_token": "new_fake_access_token"}
        mocked_requests_post.side_effect = [
            generate_response(content1, 200),
            generate_response(content2, 200)
        ]
        ms_helper = MicrosoftGraphHelper("tenant_id1234", "client_id1234",
                                         "client_secret1234")
        r = requests_mock.response
        r.status_code = 401
        r.content = "Fake content"

        assert not ms_helper.check_status_code(r)

        token = ms_helper.get_access_token()
        assert token == "new_fake_access_token"