def test_is_async(self, mock_api_client, mock_generate_token):
mock_api_client.return_value = None
mock_generate_token.return_value = 'test'
entry_point = EntryPoint(self.connection(), self.config())
check_async = entry_point.is_async()
assert check_async is False
def test_delete_query(self, mock_api_client, mock_generate_token):
mock_api_client.return_value = None
mock_generate_token.return_value = None
search_id = '(find withsource = TableName in (FileCreationEvents) where EventTime >= datetime(' \
'2019-09-01T08:43:10.003Z) and EventTime < datetime(2019-10-01T10:43:10.003Z) | order by ' \
'EventTime desc | where FileName !~ "updater.exe" or InitiatingProcessFileName !~ "updater.exe" ' \
'or InitiatingProcessParentFileName !~ "updater.exe")'
entry_point = EntryPoint(self.connection(), self.config())
status_response = entry_point.delete_query_connection(search_id)
assert status_response is not None
assert 'success' in status_response
assert status_response['success'] is True
def test_query_flow(self, mock_results_response, mock_api_client, mock_generate_token):
mock_api_client.return_value = None
mock_generate_token.return_value = None
results_mock = """{
"Results": [{
"TableName": "FileCreationEvents",
"EventTime": "2019-10-13T11:34:14.0075314Z",
"ComputerName": "desktop-536bt46",
"FileName": "runcit_tlm_hw.bat",
"SHA1": "93b458752aea37a257a7dd2ed51e98ffffc35be8",
"SHA256": "",
"MD5": "26a2fe38dc6f42386659e611219c563c"
}]
}"""
mock_results_response.return_value = MSATPMockResponse(200, results_mock)
entry_point = EntryPoint(self.connection, self.config)
query = '(find withsource = TableName in (FileCreationEvents) where EventTime >= datetime(' \
'2019-09-01T08:43:10.003Z) and EventTime < datetime(2019-10-01T10:43:10.003Z) | order by EventTime ' \
'desc | where FileName !~ "updater.exe" or InitiatingProcessFileName !~ "updater.exe" or ' \
'InitiatingProcessParentFileName !~ "updater.exe")'
transmission = stix_transmission.StixTransmission('msatp', self.connection, self.config)
query_response = transmission.query(query)
assert query_response is not None
assert 'search_id' in query_response
assert query_response['search_id'] == '(find withsource = TableName in (FileCreationEvents) where ' \
'EventTime >= datetime(' \
'2019-09-01T08:43:10.003Z) and EventTime < datetime(' \
'2019-10-01T10:43:10.003Z) | ' \
'order by EventTime desc | where FileName !~ "updater.exe" or ' \
'InitiatingProcessFileName !~ "updater.exe" or ' \
'InitiatingProcessParentFileName !~ ' \
'"updater.exe")'
offset = 0
length = 1
results_response = entry_point.create_results_connection(query, offset,
length)
assert results_response is not None
assert 'data' in results_response
assert results_response['data'] is not None
import unittest
import json
from stix_shifter_utils.stix_translation.src.json_to_stix import json_to_stix_translator
from stix_shifter_modules.msatp.entry_point import EntryPoint
from stix_shifter_utils.stix_translation.src.utils.transformer_utils import get_module_transformers
MODULE = "msatp"
entry_point = EntryPoint()
map_data = entry_point.get_results_translator().map_data
data_source = {
"type": "identity",
"id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"name": "msatp",
"identity_class": "events"
}
options = {}
class TestMsatpResultsToStix(unittest.TestCase):
"""
class to perform unit test case for msatp translate results
"""
@staticmethod
def get_first(itr, constraint):
"""
return the obj in the itr if constraint is true
"""
return next((obj for obj in itr if constraint(obj)), None)
@staticmethod
def get_first_of_type(itr, typ):
from stix_shifter_utils.stix_translation.src.json_to_stix import json_to_stix_translator
from stix_shifter_utils.stix_translation.src.utils import transformers
from stix_shifter_modules.msatp.entry_point import EntryPoint
import json
import unittest
entry_point = EntryPoint()
map_file = open(
entry_point.get_results_translator().default_mapping_file_path).read()
map_data = json.loads(map_file)
map_data = json.loads(map_file)
data_source = {
"type": "identity",
"id": "identity--f431f809-377b-45e0-aa1c-6a4751cae5ff",
"name": "msatp",
"identity_class": "events"
}
options = {}
class TestMsatpResultsToStix(unittest.TestCase):
"""
class to perform unit test case for msatp translate results
"""
@staticmethod
def get_first(itr, constraint):
"""
return the obj in the itr if constraint is true
"""
return next((obj for obj in itr if constraint(obj)), None)