def test_certificate(mocker): mocker.patch.object(demisto, 'args', return_value={'common_name': TEST_DOMAIN}) mocker.patch('Expanse.http_request', side_effect=http_request_mock) mocker.patch.object(demisto, 'command', return_value='expanse-get-certificate') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] assert results[0]['EntryContext']['Expanse.Certificate(val.SearchTerm == obj.SearchTerm)']['CommonName'] == TEST_DOMAIN
def test_ip_missing_values(mocker): mocker.patch.object(demisto, 'params', return_value={'api_key': TEST_API_KEY}) mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP}) mocker.patch('Expanse.http_request', side_effect=http_request_mock_missing) mocker.patch.object(demisto, 'command', return_value='ip') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] assert results[0]['EntryContext']['IP(val.Address == obj.Address)']['Geo'].get('Location') is None
def test_domain(mocker): mocker.patch.object(demisto, 'args', return_value={'domain': TEST_DOMAIN}) mocker.patch('Expanse.http_request', side_effect=http_request_mock) mocker.patch.object(demisto, 'command', return_value='domain') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] assert results[0]['Contents']['domain'] == TEST_DOMAIN assert results[0]['EntryContext']['DBotScore']['Type'] == 'url' assert results[0]['EntryContext']['Domain(val.Name == obj.Name)']['Name'] == TEST_DOMAIN
def test_exposures(mocker): mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP}) mocker.patch('Expanse.http_request', side_effect=http_request_mock) mocker.patch.object(demisto, 'command', return_value='expanse-get-exposures') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] assert results[0]['EntryContext']['Expanse.Exposures(val.SearchTerm == obj.SearchTerm)']['SearchTerm'] == TEST_IP assert results[0]['EntryContext']['Expanse.Exposures(val.SearchTerm == obj.SearchTerm)']['WarningExposureCount'] \ == 1
def test_behavior(mocker): mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP, 'start_time': '2020-03-28T00:00:00.000Z'}) mocker.patch('Expanse.http_request', side_effect=http_request_mock) mocker.patch.object(demisto, 'command', return_value='expanse-get-behavior') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] assert results[0]['EntryContext']['Expanse.Behavior(val.SearchTerm == obj.SearchTerm)']['SearchTerm'] == TEST_IP assert results[0]['EntryContext']['Expanse.Behavior(val.SearchTerm == obj.SearchTerm)']['ExternalAddresses'] \ == '169.255.204.27'
def test_ip(mocker): mocker.patch.object(demisto, 'params', return_value={'api_key': TEST_API_KEY}) mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP}) mocker.patch('Expanse.http_request', side_effect=http_request_mock) mocker.patch.object(demisto, 'command', return_value='ip') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] assert results[0]['Contents']['search'] == TEST_IP assert results[0]['EntryContext']['DBotScore']['Type'] == 'ip' assert results[0]['EntryContext']['IP(val.Address == obj.Address)']['Address'] == TEST_IP assert results[0]['EntryContext']['IP(val.Address == obj.Address)']['Geo']['Location'] == "41.0433:-81.5239"
def test_fetch_incidents(mocker): mocker.patch.object(demisto, 'params', return_value={ 'api_key': TEST_API_KEY, 'first_run': '7' }) mocker.patch('Expanse.http_request', side_effect=http_request_mock) mocker.patch.object(demisto, 'command', return_value='fetch-incidents') mocker.patch.object(demisto, 'results') main() results = demisto.results.call_args[0] r = json.loads(results[0]['Contents']) assert r[0]['name'] == "NTP_SERVER on 203.215.173.113:123/UDP" assert r[0]['severity'] == 1