def test_alerts_client_calls_get_details_with_expected_value(
self, mock_alerts_service, mock_alert_rules_service):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
alert_client.get_details(self._alert_ids)
mock_alerts_service.get_details.assert_called_once_with(
self._alert_ids)
def test_alerts_client_get_all_alert_details_returns_empty_generator_when_no_alerts_found(
self, mock_alerts_service_with_no_alerts,
mock_alert_rules_service):
alert_client = AlertsClient(mock_alerts_service_with_no_alerts,
mock_alert_rules_service)
query = AlertQuery()
results = list(alert_client.get_all_alert_details(query))
assert results == []
def test_alerts_client_get_all_alert_details_does_not_call_get_details_when_no_alerts_found(
self, mock_alerts_service_with_no_alerts,
mock_alert_rules_service):
alert_client = AlertsClient(mock_alerts_service_with_no_alerts,
mock_alert_rules_service)
query = AlertQuery()
list(alert_client.get_all_alert_details(query))
assert mock_alerts_service_with_no_alerts.get_details.call_count == 0
def test_alerts_client_calls_search_all_pages_with_expected_value_and_param(
self,
mock_alerts_service,
mock_alert_rules_service,
):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = '{"test": "data"}}'
alert_client.search_all_pages(query)
mock_alerts_service.search_all_pages.assert_called_once_with(query)
def test_alerts_client_calls_update_note_with_expected_value_and_param(
self,
mock_alerts_service,
mock_alert_rules_service,
):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
alert_client.update_note("alert-id", "a note")
mock_alerts_service.update_note.assert_called_once_with(
"alert-id", "a note")
def test_alerts_client_calls_update_state_with_state_and_expected_value(
self,
mock_alerts_service,
mock_alert_rules_service,
):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
alert_client.update_state("RESOLVED", self._alert_ids)
mock_alerts_service.update_state.assert_called_once_with(
"RESOLVED", self._alert_ids, note=None)
def test_alerts_client_calls_get_aggregate_data_with_expected_value_and_param(
self,
mock_alerts_service,
mock_alert_rules_service,
):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
alert_client.get_aggregate_data("alert-id")
mock_alerts_service.get_aggregate_data.assert_called_once_with(
"alert-id")
def test_alerts_client_calls_search_with_expected_value(
self,
mock_alerts_service,
mock_alert_rules_service,
mock_alert_query,
):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
alert_client.search(mock_alert_query)
mock_alerts_service.search.assert_called_once_with(mock_alert_query)
def test_alerts_client_get_all_alert_details_calls_get_details_for_each_page(
self, mock_alerts_service_with_pages, mock_alert_rules_service):
mock_alerts_service = mock_alerts_service_with_pages(ascending=True)
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
list(alert_client.get_all_alert_details(query))
assert mock_alerts_service.get_details.call_args_list[0][0][0] == [
"A",
"B",
"C",
]
assert mock_alerts_service.get_details.call_args_list[1][0][0] == [
"D",
"E",
"F",
]
def _init_clients(services, connection):
# clients are imported within function to prevent circular imports when a client
# imports anything from py42.sdk.queries
from py42.clients import Clients
from py42.clients._archiveaccess.accessorfactory import ArchiveAccessorFactory
from py42.clients.alertrules import AlertRulesClient
from py42.clients.alerts import AlertsClient
from py42.clients.archive import ArchiveClient
from py42.clients.auditlogs import AuditLogsClient
from py42.clients.authority import AuthorityClient
from py42.clients.cases import CasesClient
from py42.clients.detectionlists import DetectionListsClient
from py42.clients.loginconfig import LoginConfigurationClient
from py42.clients.securitydata import SecurityDataClient
from py42.clients.trustedactivities import TrustedActivitiesClient
from py42.services.storage._service_factory import ConnectionManager
from py42.services.storage._service_factory import StorageServiceFactory
authority = AuthorityClient(
administration=services.administration,
archive=services.archive,
devices=services.devices,
legalhold=services.legalhold,
orgs=services.orgs,
users=services.users,
)
detectionlists = DetectionListsClient(services.userprofile,
services.departingemployee,
services.highriskemployee)
storage_service_factory = StorageServiceFactory(connection,
services.devices,
ConnectionManager())
alertrules = AlertRulesClient(services.alerts, services.alertrules)
securitydata = SecurityDataClient(
services.fileevents,
services.preservationdata,
services.savedsearch,
storage_service_factory,
)
alerts = AlertsClient(services.alerts, alertrules)
archive_accessor_factory = ArchiveAccessorFactory(services.archive,
storage_service_factory)
archive = ArchiveClient(archive_accessor_factory, services.archive)
auditlogs = AuditLogsClient(services.auditlogs)
loginconfig = LoginConfigurationClient(connection)
trustedactivities = TrustedActivitiesClient(services.trustedactivities)
clients = Clients(
authority=authority,
detectionlists=detectionlists,
alerts=alerts,
securitydata=securitydata,
archive=archive,
auditlogs=auditlogs,
cases=CasesClient(services.cases, services.casesfileevents),
loginconfig=loginconfig,
trustedactivities=trustedactivities,
)
return clients
def test_alerts_client_get_all_alert_details_sorts_results_descending_when_specified(
self,
mock_alerts_service_with_pages,
mock_alert_rules_service,
mock_details,
sort_key,
):
mock_alerts_service = mock_alerts_service_with_pages(ascending=False)
mock_alerts_service.get_details = mock_details
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
query.sort_direction = "desc"
query.sort_key = sort_key
results = list(alert_client.get_all_alert_details(query))
assert results == [
ALERT_F, ALERT_E, ALERT_D, ALERT_C, ALERT_B, ALERT_A
]
def test_alerts_client_get_all_alert_details_sorts_results_according_to_query_sort_key(
self,
mock_alerts_service_with_pages,
mock_alert_rules_service,
mock_details,
sort_key,
):
mock_alerts_service = mock_alerts_service_with_pages(ascending=True)
mock_alerts_service.get_details = mock_details
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
query = AlertQuery()
query.sort_direction = "asc"
query.sort_key = sort_key
results = list(alert_client.get_all_alert_details(query))
assert results == [
ALERT_A, ALERT_B, ALERT_C, ALERT_D, ALERT_E, ALERT_F
]
def _init_clients(services, connection):
authority = AuthorityClient(
administration=services.administration,
archive=services.archive,
devices=services.devices,
legalhold=services.legalhold,
orgs=services.orgs,
securitydata=services.securitydata,
users=services.users,
)
detectionlists = DetectionListsClient(services.userprofile,
services.departingemployee,
services.highriskemployee)
storage_service_factory = StorageServiceFactory(connection,
services.devices,
ConnectionManager())
alertrules = AlertRulesClient(services.alerts, services.alertrules)
securitydata = SecurityDataClient(
services.securitydata,
services.fileevents,
services.preservationdata,
services.savedsearch,
storage_service_factory,
)
alerts = AlertsClient(services.alerts, alertrules)
archive_accessor_mgr = ArchiveAccessorManager(services.archive,
storage_service_factory)
archive = ArchiveClient(archive_accessor_mgr, services.archive)
auditlogs = AuditLogsClient(services.auditlogs)
clients = Clients(
authority=authority,
detectionlists=detectionlists,
alerts=alerts,
securitydata=securitydata,
archive=archive,
auditlogs=auditlogs,
)
return clients
def test_rules_returns_rules_client(self, mock_alerts_service,
mock_alert_rules_service):
alert_client = AlertsClient(mock_alerts_service,
mock_alert_rules_service)
assert alert_client.rules