def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.INCIDENTS)
self.__end = round(
datetime.now(
tz=pytz.timezone(settings.local_timezone)).timestamp())
self.__begin = self.__end - 86400 * 5
class WorkerTestCase(unittest.TestCase):
__mpsiemworker = None
__creds_ldap = None
__creds_local = None
__settings = None
def setUp(self) -> None:
self.__creds_ldap = creds_ldap
self.__creds_local = creds_local
self.__settings = settings
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
def test_MPSIEMWorker_init(self):
self.assertIsInstance(self.__mpsiemworker, WorkerInterface)
def test_MPSIEMWorker_get_module_events(self):
module = self.__mpsiemworker.get_module(ModuleNames.EVENTS)
self.assertIsInstance(module, ModuleInterface)
def test_MPSIEMWorker_get_module_table(self):
module = self.__mpsiemworker.get_module(ModuleNames.TABLES)
self.assertIsInstance(module, ModuleInterface)
def test_MPSIEMWorker_get_module_auth(self):
module = self.__mpsiemworker.get_module(ModuleNames.AUTH)
self.assertIsInstance(module, AuthInterface)
class KBTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.HEALTH)
def tearDown(self) -> None:
self.__module.close()
def test_get_global_status(self):
ret = self.__module.get_health_status()
self.assertTrue(type(ret) == str)
def test_get_errors(self):
ret = self.__module.get_health_errors()
self.assertTrue(type(ret) == list)
def test_get_license_status(self):
ret = self.__module.get_health_license_status()
self.assertTrue(len(ret) != 0)
def test_get_agents_status(self):
ret = self.__module.get_health_agents_status()
self.assertTrue(len(ret) != 0)
def test_get_kb_status(self):
ret = self.__module.get_health_kb_status()
self.assertTrue(len(ret) != 0)
class FiltersTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.FILTERS)
def tearDown(self) -> None:
self.__module.close()
def test_get_folders_list(self):
folders = self.__module.get_folders_list()
self.assertTrue(len(folders) != 0)
def test_get_filters_list(self):
filters = self.__module.get_filters_list()
self.assertTrue(len(filters) != 0)
def test_get_filter_info(self):
filter_id = next(iter(self.__module.get_filters_list()))
filter_info = self.__module.get_filter_info(filter_id)
self.assertTrue(len(filter_info) != 0)
class EventsTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
__begin = 0
__end = 0
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.INCIDENTS)
self.__end = round(
datetime.now(
tz=pytz.timezone(settings.local_timezone)).timestamp())
self.__begin = self.__end - 86400 * 5
def tearDown(self) -> None:
self.__module.close()
def test_get_list(self):
counter = 0
for i in self.__module.get_incidents_list(self.__begin, self.__end):
counter += 1
self.assertGreater(counter, 0)
def test_get_id_by_key(self):
incident = next(
self.__module.get_incidents_list(self.__begin, self.__end))
incident_id = self.__module.get_incident_id_by_key(incident.get("key"))
self.assertTrue(incident.get("id"), incident_id)
def test_get_info(self):
incident_short = next(
self.__module.get_incidents_list(self.__begin, self.__end))
incident_id = incident_short.get("id")
incident = self.__module.get_incident_info(incident_id)
self.assertTrue(len(incident) != 0)
class SourceMonitorTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
__begin = None
__end = None
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(
ModuleNames.SOURCE_MONITOR)
self.__end = round(
datetime.now(
tz=pytz.timezone(settings.local_timezone)).timestamp())
self.__begin = self.__end - 86400
def tearDown(self) -> None:
self.__module.close()
def test_get_sources_list(self):
ret = []
for i in self.__module.get_sources_list(self.__begin, self.__end):
ret.append(i)
self.assertTrue(len(ret) != 0)
def test_get_forwarders_list(self):
ret = []
for i in self.__module.get_forwarders_list(self.__begin, self.__end):
ret.append(i)
self.assertTrue(len(ret) != 0)
def test_get_sources_by_forwarder(self):
forwarder = next(
self.__module.get_forwarders_list(self.__begin, self.__end))
ret = []
for i in self.__module.get_sources_by_forwarder(
forwarder.get("id"), self.__begin, self.__end):
ret.append(i)
self.assertTrue(len(ret) != 0)
class TablesTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.TABLES)
def tearDown(self) -> None:
self.__module.close()
def test_get_table_list(self):
ret = self.__module.get_tables_list()
self.assertTrue(len(ret) != 0)
def test_get_table_data_simple(self):
tables = list(self.__module.get_tables_list())
key = tables[0]
ret = []
for i in self.__module.get_table_data(key):
ret.append(i)
self.assertTrue((len(ret) != 0) and ("_id" in ret[0]))
def test_get_table_data_filtered(self):
filters = {
"select": ["_last_changed"],
"where": "_id>5",
"orderBy": [{
"field": "_last_changed",
"sortOrder": "descending"
}],
"timeZone": 0
}
is_id_less = True
is_valid_struct = True
tables = list(self.__module.get_tables_list())
key = tables[0]
ret = []
for i in self.__module.get_table_data(key, filters):
ret.append(i)
if int(i.get("_id")) <= 5:
is_id_less = False
break
if len(
i
) != 2 or "_last_changed" not in i: # должно быть только поле _id и _last_changed
is_valid_struct = False
break
self.assertTrue((len(ret) != 0) and is_valid_struct and is_id_less)
def test_get_table_info(self):
tables = list(self.__module.get_tables_list())
key = tables[0]
table_info = self.__module.get_table_info(key)
lookup_fields = [
"id", "type", "editable", "size_max", "size_typical",
"size_current", "ttl", "ttl_enabled", "description", "created",
"updated", "fields", "notifications"
]
has_all_fields = len(
set(table_info).intersection(lookup_fields)) == len(lookup_fields)
is_valid_struct = True
is_asset_table = False
for k, v in table_info.items():
if k == "type" and v in ["assetgrid", "registry"]:
is_asset_table = True
if k in [
"notifications", "size_max", "size_typical", "ttl",
"ttl_enabled"
] and is_asset_table:
continue
if v is None and k != "notifications":
is_valid_struct = False
break
self.assertTrue(has_all_fields and is_valid_struct)
def test_set_table_data(self):
self.__module.truncate_table("test_tl_2_r23")
import io
example = '''"_last_changed";"cust";"user";"session_stat"\r\n"25.11.2020 19:35:20";"customer1";"user1";"2020-11-22 00:00:00"'''
self.__module.set_table_data("test_tl_2_r23", io.StringIO(example))
ret = []
for i in self.__module.get_table_data("test_tl_2_r23"):
ret.append(i)
self.assertTrue((len(ret) != 0) and ("_id" in ret[0]))
@unittest.skip("Dangerous")
def test_truncate(self):
self.assertTrue(self.__module.truncate_table("test_tl_2_r23"))
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.TABLES)
def test_MPSIEMAuth_get_storage_version(self):
mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
module = mpsiemworker.get_module(ModuleNames.AUTH)
version = module.get_storage_version()
self.assertTrue(version.startswith("7"))
def test_MPSIEMAuth_connect_core_ldap(self):
mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
module = mpsiemworker.get_module(ModuleNames.AUTH)
session = module.connect(MPComponents.CORE)
self.assertIsInstance(session, requests.Session)
session.close()
def setUp(self) -> None:
self.__creds_ldap = creds_ldap
self.__creds_local = creds_local
self.__settings = settings
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
class KBTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
def __choose_any_db(self):
dbs = self.__module.get_databases_list()
db_name = None
if "Editable" in dbs:
db_name = "Editable"
elif "dev" in dbs:
db_name = "dev"
else:
db_name = next(iter(dbs))
return db_name
def __choose_deployable_db(self):
db_name = None
dbs = self.__module.get_databases_list()
for k, v in dbs.items():
if v.get("deployable"):
db_name = k
break
return db_name
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.KB)
def tearDown(self) -> None:
self.__module.close()
def test_get_databases_list(self):
ret = self.__module.get_databases_list()
self.assertTrue(len(ret) != 0)
def test_get_groups_list(self):
db_name = self.__choose_any_db()
ret = self.__module.get_groups_list(db_name)
self.assertTrue(len(ret) != 0)
def test_get_folders_list(self):
db_name = self.__choose_any_db()
ret = self.__module.get_folders_list(db_name)
self.assertTrue(len(ret) != 0)
def test_get_packs_list(self):
db_name = self.__choose_any_db()
ret = self.__module.get_packs_list(db_name)
self.assertTrue(ret is not None)
def test_get_all_objects(self):
db_name = self.__choose_any_db()
norm = []
for i in self.__module.get_normalizations_list(db_name):
norm.append(i)
corr = []
for i in self.__module.get_correlations_list(db_name):
corr.append(i)
agg = []
for i in self.__module.get_aggregations_list(db_name):
agg.append(i)
enrch = []
for i in self.__module.get_enrichments_list(db_name):
enrch.append(i)
tbls = []
for i in self.__module.get_tables_list(db_name):
tbls.append(i)
self.assertTrue((len(norm) != 0) and (len(corr) != 0)
and (len(agg) != 0) and (len(enrch) != 0)
and (len(tbls) != 0))
def test_get_object_id_by_name(self):
db_name = self.__choose_any_db()
norm = next(self.__module.get_normalizations_list(db_name))
object_name = norm.get("name")
object_id = norm.get("id")
calc_ids = self.__module.get_id_by_name(db_name,
MPContentTypes.NORMALIZATION,
object_name)
found = False
for i in calc_ids:
if i.get("id") == object_id:
found = True
self.assertTrue(found)
def test_get_rule(self):
db_name = self.__choose_any_db()
rule_info = next(self.__module.get_normalizations_list(db_name))
rule_id = rule_info.get("id")
norm_rule = self.__module.get_rule(db_name,
MPContentTypes.NORMALIZATION,
rule_id)
rule_info = next(self.__module.get_correlations_list(db_name))
rule_id = rule_info.get("id")
corr_rule = self.__module.get_rule(db_name, MPContentTypes.CORRELATION,
rule_id)
rule_info = next(self.__module.get_aggregations_list(db_name))
rule_id = rule_info.get("id")
agg_rule = self.__module.get_rule(db_name, MPContentTypes.AGGREGATION,
rule_id)
rule_info = next(self.__module.get_enrichments_list(db_name))
rule_id = rule_info.get("id")
enrch_rule = self.__module.get_rule(db_name, MPContentTypes.ENRICHMENT,
rule_id)
self.assertTrue((len(norm_rule) != 0) and (len(corr_rule) != 0)
and (len(agg_rule) != 0) and (len(enrch_rule) != 0))
def test_get_table_info(self):
db_name = self.__choose_any_db()
tbl = next(self.__module.get_tables_list(db_name))
tbl_id = tbl.get("id")
ret = self.__module.get_table_info(db_name, tbl_id)
self.assertTrue(len(ret) != 0)
def test_get_table_data(self):
db_name = self.__choose_any_db()
tbl = next(self.__module.get_tables_list(db_name))
tbl_id = tbl.get("id")
ret = self.__module.get_table_data(db_name, tbl_id)
self.assertTrue(ret is not None)
def test_deploy(self):
db_name = self.__choose_deployable_db()
norm_rule = None
for i in self.__module.get_normalizations_list(
db_name, filters={"filters": {
"DeploymentStatus": ["1"]
}}):
if i.get("deployment_status") == "notinstalled":
norm_rule = i
break
deploy_id = self.__module.install_objects(db_name,
[norm_rule.get('id')])
success_install = False
for i in range(30):
time.sleep(10)
deploy_status = self.__module.get_deploy_status(db_name, deploy_id)
if deploy_status.get("deployment_status") == "succeeded":
success_install = True
break
deploy_id = self.__module.uninstall_object(db_name,
[norm_rule.get('id')])
success_uninstall = False
for i in range(30):
time.sleep(10)
deploy_status = self.__module.get_deploy_status(db_name, deploy_id)
if deploy_status.get("deployment_status") == "succeeded":
success_uninstall = True
break
self.assertTrue(success_install and success_uninstall)
def test_start_stop_rule(self):
db_name = self.__choose_deployable_db()
rule = next(
self.__module.get_correlations_list(
db_name, filters={"filters": {
"DeploymentStatus": ["1"]
}}))
rule_id = rule.get("id")
self.__module.stop_rule(db_name, MPContentTypes.CORRELATION, [rule_id])
is_stopped = self.__module.get_rule_running_state(
db_name, MPContentTypes.CORRELATION,
rule_id).get("state") == "stopped"
self.__module.start_rule(db_name, MPContentTypes.CORRELATION,
[rule_id])
is_running = self.__module.get_rule_running_state(
db_name, MPContentTypes.CORRELATION,
rule_id).get("state") == "running"
self.assertTrue(is_stopped and is_running)
class URMTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.URM)
def tearDown(self) -> None:
self.__module.close()
def test_get_applications_list(self):
ret = self.__module.get_applications_list()
self.assertTrue(len(ret) != 0)
def test_get_users_list_simple(self):
ret = self.__module.get_users_list()
key = next(iter(ret))
user = ret.get(key)
self.assertTrue((len(ret) != 0) and (user.get("id") is not None)
and (user.get("status") is not None)
and (user.get("system") is not None))
def test_get_users_list_filtered(self):
filters = {
"authTypes": [1, 0],
"statuses": ["active"],
"withoutRoles": False
}
ret = self.__module.get_users_list(filters)
self.assertTrue(len(ret) != 0)
def test_get_user_info(self):
ret = self.__module.get_users_list()
key = next(iter(ret))
ret = self.__module.get_user_info(key)
self.assertTrue(len(ret) != 0)
def test_get_roles_list(self):
ret = self.__module.get_roles_list()
app_name = next(iter(ret))
role_name = next(iter(ret.get(app_name)))
role = ret[app_name][role_name]
self.assertTrue((len(ret) != 0) and (role.get("id") is not None)
and (role.get("privileges") is not None))
def test_get_role_info(self):
ret = self.__module.get_roles_list()
app_name = next(iter(ret))
role_name = next(iter(ret.get(app_name)))
role = self.__module.get_role_info(role_name, MPComponents.MS)
self.assertTrue((len(ret) != 0) and (role.get("id") is not None)
and (role.get("privileges") is not None))
def test_get_privileges_list(self):
ret = self.__module.get_privileges_list()
app_name = next(iter(ret))
priv_name = next(iter(ret.get(app_name)))
self.assertTrue((len(ret) != 0) and (priv_name is not None))
@unittest.skip("NotImplemented")
def test_create_user(self):
pass
@unittest.skip("NotImplemented")
def test_delete_user(self):
pass
@unittest.skip("NotImplemented")
def test_create_role(self):
pass
@unittest.skip("NotImplemented")
def test_delete_role(self):
pass
class KBTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.TASKS)
def tearDown(self) -> None:
self.__module.close()
def test_get_agents_list(self):
ret = self.__module.get_agents_list()
self.assertTrue(len(ret) != 0)
def test_get_modules_list(self):
ret = self.__module.get_modules_list()
self.assertTrue(len(ret) != 0)
def test_get_profiles_list(self):
ret = self.__module.get_profiles_list()
self.assertTrue(len(ret) != 0)
def test_get_transports_list(self):
ret = self.__module.get_transports_list()
self.assertTrue(len(ret) != 0)
def test_get_credentials_list(self):
ret = self.__module.get_credentials_list()
self.assertTrue(len(ret) != 0)
def test_get_tasks_list(self):
ret = self.__module.get_tasks_list()
self.assertTrue(len(ret) != 0)
def test_get_tasks_info(self):
task_id = next(iter(self.__module.get_tasks_list()))
ret = self.__module.get_task_info(task_id)
self.assertTrue(len(ret) != 0)
def test_get_jobs_list(self):
task_id = None
for k, v in self.__module.get_tasks_list().items():
if v.get("status") == "running":
task_id = k
break
ret = self.__module.get_jobs_list(task_id)
self.assertTrue(len(ret) != 0)
@unittest.skip("Long test")
def test_stop_start(self):
task_id = None
for k, v in self.__module.get_tasks_list().items():
if v.get("status") == "running":
task_id = k
break
self.__module.stop_task(task_id)
success_stopped = False
for i in range(60):
time.sleep(10)
status = self.__module.get_task_status(task_id)
if status == "finished":
success_stopped = True
break
self.__module.start_task(task_id)
success_started = False
for i in range(60):
time.sleep(10)
status = self.__module.get_task_status(task_id)
if status == "running":
success_started = True
break
self.assertTrue(success_stopped and success_started)
class EventsTestCase(unittest.TestCase):
__mpsiemworker = None
__module = None
__creds_ldap = creds_ldap
__settings = settings
__begin = 0
__end = 0
def setUp(self) -> None:
self.__mpsiemworker = MPSIEMWorker(self.__creds_ldap, self.__settings)
self.__module = self.__mpsiemworker.get_module(ModuleNames.EVENTS)
self.__end = round(
datetime.now(
tz=pytz.timezone(settings.local_timezone)).timestamp())
self.__begin = self.__end - 86400
def tearDown(self) -> None:
self.__module.close()
def test_get_groups_simple(self):
filters = {
"es_filter": ['{"term": {"event_src/category": "Firewall"}}'],
"es_filter_not": [
'{"range": {"dst/ip": {"gte": "127.0.0.0","lte": "127.255.255.255"}}}',
'{"range": {"dst/ip": {"gte": "169.254.0.0","lte": "169.254.255.255"}}}',
'{"range": {"dst/ip": {"gte": "10.0.0.0","lte": "10.255.255.255"}}}',
'{"range": {"dst/ip": {"gte": "172.16.0.0","lte": "172.31.255.255"}}}',
'{"range": {"dst/ip": {"gte": "192.168.0.0","lte": "192.168.255.255"}}}'
],
"fields":
"dst/ip as object"
}
counter = 0
for i in self.__module.get_events_groupby(filters, self.__begin,
self.__end):
counter += 1
self.assertGreater(counter, 0)
def test_get_groups_marks(self):
filters = {
"es_filter": ['{"term": {"event_src/category": "Firewall"}}'],
"es_filter_not": [{
'{"range": {"dst/ip": {"gte": "127.0.0.0","lte": "127.255.255.255"}}}':
'7'
}, {
'{"range": {"dst/ip": {"gte": "169.254.0.0","lte": "169.254.255.255"}}}':
'7'
}, {
'{"range": {"dst/ip": {"gte": "10.0.0.0","lte": "10.255.255.255"}}}':
'7'
}, {
'{"range": {"dst/ip": {"gte": "172.16.0.0","lte": "172.31.255.255"}}}':
'1.7'
}, {
'{"range": {"dst/ip": {"gte": "192.168.0.0","lte": "192.168.255.255"}}}':
'ALL'
}],
"fields":
"dst/ip as object"
}
counter = 0
for i in self.__module.get_events_groupby(filters, self.__begin,
self.__end):
counter += 1
self.assertGreater(counter, 0)
def test_get_groups_multiple(self):
filters = {
"es_filter": ['{"term": {"event_src/category": "Firewall"}}'],
"es_filter_not": [
'{"range": {"dst/ip": {"gte": "127.0.0.0","lte": "127.255.255.255"}}}',
'{"range": {"dst/ip": {"gte": "169.254.0.0","lte": "169.254.255.255"}}}',
'{"range": {"dst/ip": {"gte": "10.0.0.0","lte": "10.255.255.255"}}}',
'{"range": {"dst/ip": {"gte": "172.16.0.0","lte": "172.31.255.255"}}}',
'{"range": {"dst/ip": {"gte": "192.168.0.0","lte": "192.168.255.255"}}}'
],
"fields":
"src/ip as source,dst/ip as destination"
}
ret = []
for i in self.__module.get_events_groupby(filters, self.__begin,
self.__end):
ret.append(i)
self.assertTrue((len(ret) != 0) and ("source" in ret[0])
and ("destination" in ret[0]) and ("count" in ret[0]))
def test_get_events(self):
begin = self.__end - 60
filters = {
"es_filter": ['{"term": {"event_src/category": "Firewall"}}'],
"es_filter_not": [
'{"range": {"dst/ip": {"gte": "127.0.0.0","lte": "127.255.255.255"}}}',
'{"range": {"dst/ip": {"gte": "169.254.0.0","lte": "169.254.255.255"}}}',
'{"range": {"dst/ip": {"gte": "10.0.0.0","lte": "10.255.255.255"}}}',
'{"range": {"dst/ip": {"gte": "172.16.0.0","lte": "172.31.255.255"}}}',
'{"range": {"dst/ip": {"gte": "192.168.0.0","lte": "192.168.255.255"}}}'
],
}
ret = []
for i in self.__module.get_events(filters, begin, self.__end):
ret.append(i)
self.assertTrue((len(ret) != 0) and (type(ret[0]) is dict))