def _create_mock_event(event_id, quantity, time_diffs=None, source_attrs=None): """ Returns an instance of Event, based on the MockDataStore event_dict example. Args: event_id: Desired ID for the Event. quantity: The number of Events to be generated. time_diffs: A list of time differences between the generated Events. source_attrs: Dictionary of attributes to add to the source of the generated events. Returns: A generator of Event objects. """ if not time_diffs: time_diffs = [0] if quantity < 0: quantity = abs(quantity) # If the list of time differences is too small to be compatible # with the quantity of events, then extend the list with the last # value for as many items as necessary. if quantity - len(time_diffs) > 0: time_diffs.extend([time_diffs[len(time_diffs) - 1]] * (quantity - len(time_diffs))) # Setup for Event object initialisation ds = MockDataStore('test', 0) user = User('test_user') sketch = Sketch('test_sketch', 'description', user) label = sketch.Label(label='Test label', user=user) sketch.labels.append(label) event_timestamp = 1410895419859714 event_template = ds.get_event('test', 'test') for i in range(quantity): eventObj = _create_eventObj(ds, sketch, event_template, event_id, event_timestamp, source_attrs) yield eventObj # adding extra events after every requested event for better # simulation of real timeline data i.e. working with a larger # dataset for _ in range(100): event_timestamp += 1 event_id += 1 eventObj = _create_eventObj(ds, sketch, event_template, event_id, event_timestamp, source_attrs) yield eventObj event_timestamp += abs(time_diffs[i]) event_id += 1
def _create_sketch(self, name, user, acl=False): """Create a sketch in the database. Args: name: Name of the sketch (string) user: A user (instance of timesketch.models.user.User) acl: Boolean value to decide if ACL permissions should be set Returns: A sketch (instance of timesketch.models.sketch.Sketch) """ sketch = Sketch(name=name, description=name, user=user) if acl: for permission in [u'read', u'write', u'delete']: sketch.grant_permission(permission=permission, user=user) label = sketch.Label(label=u'Test label', user=user) status = sketch.Status(status=u'Test status', user=user) sketch.labels.append(label) sketch.status.append(status) self._commit_to_database(sketch) return sketch
def test_get_event_data(self): """Test getEventData returns the correct values.""" user = User("test_user") sketch = Sketch("test_sketch", "description", user) label = sketch.Label(label="Test label", user=user) sketch.labels.append(label) index = "test_index" sketch_id = 1 for analyzer_class in self.analyzer_classes: analyzer = analyzer_class["class"](index, sketch_id) datastore = analyzer.datastore event_dict = copy.deepcopy(MockDataStore.event_dict) event_dict["_source"].update({"xml_string": xml_string1}) event_obj = Event(event_dict, datastore, sketch) username = analyzer.getEventData(event_obj, "TargetUserName") logon_id = analyzer.getEventData(event_obj, "TargetLogonId") self.assertEqual(username, "USER_1") self.assertEqual(logon_id, "0x0000000000000001")
def test_get_event_data(self): """Test getEventData returns the correct values.""" user = User('test_user') sketch = Sketch('test_sketch', 'description', user) label = sketch.Label(label='Test label', user=user) sketch.labels.append(label) index = 'test_index' sketch_id = 1 for analyzer_class in self.analyzer_classes: analyzer = analyzer_class['class'](index, sketch_id) datastore = analyzer.datastore event_dict = copy.deepcopy(MockDataStore.event_dict) event_dict['_source'].update({'xml_string': xml_string1}) event_obj = Event(event_dict, datastore, sketch) username = analyzer.getEventData(event_obj, 'TargetUserName') logon_id = analyzer.getEventData(event_obj, 'TargetLogonId') self.assertEqual(username, 'USER_1') self.assertEqual(logon_id, '0x0000000000000001')