def test_multiple_sessions(self):
"""Test multiple sessions are found and allocated correctly."""
index = "test_index"
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 4, many_ssh_session_args, time_diffs=[1, 1, 1])
message = sessionizer.run()
self.assertEqual(
message, "Sessionizing completed, number of ssh_session sessions created: 2"
)
session_id_1 = "1.1.1.1_1"
session_id_2 = "2.2.2.2_2"
event = datastore.event_store["0"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id_1)
event = datastore.event_store["101"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id_1)
event = datastore.event_store["202"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id_2)
event = datastore.event_store["303"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id_2)
def test_multiple_sessions(self):
"""Test multiple sessions are found and allocated correctly."""
index = 'test_index'
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore,
0,
4,
many_ssh_session_args,
time_diffs=[1, 1, 1])
message = sessionizer.run()
self.assertEqual(
message,
'Sessionizing completed, number of ssh_session sessions created: 2'
)
session_id_1 = '1.1.1.1_1'
session_id_2 = '2.2.2.2_2'
event = datastore.event_store['0']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_1)
event = datastore.event_store['101']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_1)
event = datastore.event_store['202']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_2)
event = datastore.event_store['303']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_2)
def test_session_starts_with_connection_event(self):
"""Test a session is created if it starts with SSH connection event."""
index = "test_index"
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 1, one_ssh_session_args)
message = sessionizer.run()
self.assertEqual(
message, "Sessionizing completed, number of ssh_session sessions created: 1"
)
session_id = "1.1.1.1_1"
event = datastore.event_store["0"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id)
def test_session_doesnt_start_with_no_connection_event(self):
"""Test a session is not created if it doesn't start with SSH connection
event."""
index = "test_index"
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 1, no_ssh_session_args)
message = sessionizer.run()
self.assertEqual(
message, "Sessionizing completed, number of ssh_session sessions created: 0"
)
event = datastore.event_store["0"]
self.assertNotIn("session_id", event["_source"])
def test_session_starts_with_connection_event(self):
"""Test a session is created if it starts with SSH connection event."""
index = 'test_index'
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 1, one_ssh_session_args)
message = sessionizer.run()
self.assertEqual(
message,
'Sessionizing completed, number of ssh_session sessions created: 1'
)
session_id = '1.1.1.1_1'
event = datastore.event_store['0']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id)
def test_session_doesnt_start_with_no_connection_event(self):
"""Test a session is not created if it doesn't start with SSH connection
event."""
index = 'test_index'
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 1, no_ssh_session_args)
message = sessionizer.run()
self.assertEqual(
message,
'Sessionizing completed, number of ssh_session sessions created: 0'
)
#pylint: disable=unexpected-keyword-arg
event = datastore.get_event('test_index', '0', stored_events=True)
self.assertNotIn('session_id', event['_source'])
def test_all_events_from_session_are_labeled(self):
"""Test one SSH session of events is finded and allocated correctly."""
index = "test_index"
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 2, one_ssh_session_args, [1])
message = sessionizer.run()
self.assertEqual(
message, "Sessionizing completed, number of ssh_session sessions created: 1"
)
session_id = "1.1.1.1_1"
event = datastore.event_store["0"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id)
event = datastore.event_store["101"]
self.assertEqual(event["_source"]["session_id"]["ssh_session"], session_id)
def test_multiple_sessions(self):
"""Test multiple sessions are found and allocated correctly."""
index = 'test_index'
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore,
0,
4,
many_ssh_session_args,
time_diffs=[1, 1, 1])
message = sessionizer.run()
self.assertEqual(
message,
'Sessionizing completed, number of ssh_session sessions created: 2'
)
session_id_1 = '1.1.1.1_1'
session_id_2 = '2.2.2.2_2'
#pylint: disable=unexpected-keyword-arg
event = datastore.get_event('test_index', '0', stored_events=True)
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_1)
event = datastore.get_event('test_index', '101', stored_events=True)
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_1)
event = datastore.get_event('test_index', '202', stored_events=True)
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_2)
event = datastore.get_event('test_index', '303', stored_events=True)
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id_2)
def test_all_events_from_session_are_labeled(self):
"""Test one SSH session of events is finded and allocated correctly."""
index = 'test_index'
sketch_id = 1
sessionizer = SSHSessionizerSketchPlugin(index, sketch_id)
sessionizer.datastore.client = mock.Mock()
datastore = sessionizer.datastore
_create_mock_event(datastore, 0, 2, one_ssh_session_args, [1])
message = sessionizer.run()
self.assertEqual(
message,
'Sessionizing completed, number of ssh_session sessions created: 1'
)
session_id = '1.1.1.1_1'
event = datastore.event_store['0']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id)
event = datastore.event_store['101']
self.assertEqual(event['_source']['session_id']['ssh_session'],
session_id)
