def test_loading_part_of_the_alarm_details_and_events(self):
alarms = msiempy.alarm.AlarmManager(
time_range='CUSTOM',
start_time=datetime.now() - timedelta(days=QUERY_TIMERANGE),
end_time=datetime.now() + timedelta(days=1),
page_size=5)
alarms.load_data(alarms_details=False)
for alarm in alarms:
self.assertEqual(alarm.get('events'), None)
detailed = alarms.perform(
msiempy.alarm.Alarm.load_details,
data=[alarms[1], alarms[2], alarms[3]],
asynch=True,
workers=3,
progress=True,
message="Just loading details of the first 3 alarms of the list")
for alarm in detailed:
events = alarm.get('events')
self.assertIn(type(events), [type(str()), type(None)])
detailed_w_events = alarms.perform(
msiempy.alarm.Alarm.load_events,
data=[alarms[1]],
message="Just loading event of the first alarm of the list")
for alarm in detailed_w_events:
events = alarm.get('events')
self.assertTrue(type(events[0]) == msiempy.event.Event)
print(alarms.json)
def test_loading_part_of_the_alarm_details_and_events(self):
alarms = msiempy.alarm.AlarmManager(
time_range="CUSTOM",
start_time=datetime.now() - timedelta(days=QUERY_TIMERANGE),
end_time=datetime.now() + timedelta(days=1),
page_size=5,
)
alarms.load_data(alarms_details=False)
for alarm in alarms:
self.assertEqual(alarm.get("events"), None)
detailed = alarms.perform(
msiempy.alarm.Alarm.load_details,
data=[alarms[1], alarms[2], alarms[3]],
asynch=True,
workers=3,
progress=True,
message="Just loading details of the first 3 alarms of the list",
)
for alarm in detailed:
events = alarm.get("events", 0) # Events should not be zero
self.assertIn(
type(events),
[str, type(None), list, EventManager],
msg="No events loaded for the alarm after load_details() call",
)
detailed_w_events = alarms.perform(
msiempy.alarm.Alarm.load_events,
data=[alarms[1]],
message="Just loading event of the first alarm of the list",
)
for alarm in detailed_w_events:
events = alarm.get("events")
self.assertTrue(type(events[0]) == msiempy.event.Event)
print(alarms.json)
args = parse_args()
alarms = msiempy.alarm.AlarmManager(
time_range=args.time_range,
start_time=args.start_time,
end_time=args.end_time,
status_filter='unacknowledged',
filters=[("alarmName", "IPS - High Severity Event")],
page_size=args.page_size,
)
alarms.load_data()
alarms_to_ack = msiempy.alarm.AlarmManager()
for alarm in alarms:
events = alarm.get('events')
if len(events) == 1:
description = None
device_url = None
for field in events[0].get('customTypes'):
if field.get("fieldName") == "Device_URL":
device_url = field.get("formatedValue")
if field.get("fieldName") == "Description":
description = field.get("formatedValue")
#If the device url is not empty, then there's something to check !
if device_url:
#Stripping arguments from resource uri
time_range=args.time_range,
start_time=args.start_time,
end_time=args.end_time,
status_filter='unacknowledged',
filters=[("alarmName", "IPS - High Severity Event")],
page_size=args.page_size,
)
alarms.load_data(
pages=args.pages,
use_query=True,
extra_fields=['Description', 'Device_URL', 'Alert.DstIP', 'Rule.msg'])
alarms_to_ack = msiempy.alarm.AlarmManager()
for alarm in alarms:
events = alarm.get('events')
if len(events) == 1:
description = str()
device_url = str()
try: #Retreive RAW ressource URL and description
device_url = events[0]['Device_URL']
description = events[0]['Description']
except KeyError:
pass #Ignoring KeyErrors because it variblaes are initiated with empty strings
#If the device url is not empty, then there's something to check !
if device_url:
#Stripping arguments from resource uri. Will return onyl ressource path.
resource_path = urlparse(device_url).path