async def test_get_all_containers_filtered():
ts = time.perf_counter()
bprint('Test: Get All Containers Filtered')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client_prod.toml') as pac:
# f = {'_filter_container_type': '"case"'}
f = {'_filter_tenant': 0}
# results = await pac.get_container_count(query=ContainerQuery(filter=f))
# count = results.success[0]['count']
# print('count:', count)
results = await pac.get_containers(query=ContainerQuery(filter=f))
# print(results)
ids = list(set([r['id'] for r in results.success]))
print('unique_ids:', len(ids))
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
# dedup = frozenset(item.items()), item) for item in results.sucess)
# dedup = (frozenset(item.items()),item for item in results.success)
# dedup = dict((frozenset(item.items()), item) for item in results.success).values()
# print('tdedsup', type(dedup))
# print('dedup0', dedup[0])
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_put_tag():
ts = time.perf_counter()
bprint('Test: Put Tag')
async with BricataApiClient(
cfg=f'{getenv("CFG_HOME")}/bricata_api_client.toml') as bac:
tag = TagRequest(name='sea_test',
color='#ff9800',
icon='fas fa-grimace')
results = await bac.put_tag(tag=tag)
assert type(results) is Results
assert not results.failure
results = await bac.get_tags()
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tags = [t['name'] for t in results.success]
assert 'sea_test' in tags # Check if tag was created
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_update_one_artifact():
ts = time.perf_counter()
bprint('Test: Update One Artifact')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
container = generate_container(artifact_count=1)[0]
artifact = container.artifacts[0]
rid = artifact.data['request_id']
artifact.clear()
artifact.data = {'request_id': rid}
artifact.name = 'Update Test'
results = await pac.get_records(
ArtifactQuery(filter={'_filter_type': '"test"'}))
ids = [c['id'] for c in results.success]
aid = choice(ids)
artifact.update_id(aid)
print(f'Artifact: {aid}\n\t->{artifact}')
results = await pac.update_records(requests=[artifact])
# print(response_results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
assert results.success
assert results.success[0]['success']
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_delete_one_container():
ts = time.perf_counter()
bprint('Test: Delete One Container')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_records(query=ContainerQuery(
filter={'_filter_tenant': 2}))
ids = [c['id'] for c in results.success]
assert ids # Need containers to test
cid = choice(ids)
results = await pac.delete_records(query=ContainerQuery(id=cid))
# print(results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
assert results.success
tprint(results)
print('\nVerify Results from Phantom')
results = await pac.get_records(query=ContainerQuery(
filter={'_filter_id': cid}))
assert not results.success
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_post_managed_account():
ts = time.perf_counter()
bprint('Test: Post Managed Account')
async with PasswordSafeApiClient(
cfg=f'{getenv("CFG_HOME")}/password_safe_api_client_dev.toml'
) as psac:
results = await psac.post_records(model=ManagedAccount(
systemID=33,
AccountName='Test McTesterton',
DistinguishedName=
'uid=s.McTest,ou=Test,ou=apps,ou=b2e,dc=test53,dc=com',
ApiEnabled=True,
ReleaseDuration=120,
MaxReleaseDuration=1440,
ISAReleaseDuration=120,
MaxConcurrentRequests=1,
AutoManagementFlag=True,
CheckPasswordFlag=True,
ResetPasswordOnMismatchFlag=True,
ChangePasswordAfterAnyReleaseFlag=True,
ChangeFrequencyType='xdays',
ChangeFrequencyDays=30,
ChangeTime='01:00'))
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
print('Cookie:')
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_delete_many_artifacts():
ts = time.perf_counter()
bprint('Test: Delete Many Artifacts')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_records(
ArtifactQuery(filter={'_filter_type': '"test"'}))
ids = [c['id'] for c in results.success]
aids = [choice(ids), choice(ids)]
# print(results)
while aids[0] == aids[1]:
aids[1] = choice(ids)
results = await pac.delete_records(
query=[ArtifactQuery(id=aid) for aid in aids])
assert type(results) is Results
assert len(results.success) == 2
assert not results.failure
assert results.success[0]['success']
tprint(results)
print('\nVerify Results from Phantom')
results = await pac.get_records(query=ArtifactQuery(
filter={'_filter_id__in': str(aids)}))
assert not results.success
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_create_many_artifacts():
ts = time.perf_counter()
bprint('Test: Create Many Artifacts')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client_prod.toml') as pac:
container = generate_container(artifact_count=2)
results = await pac.get_records(
ContainerQuery(filter={'_filter_tenant': 2}))
ids = [c['id'] for c in results.success]
cid = choice(ids)
print(f'Container: {cid}')
container[0].update_id(cid)
response_results, request_results = await pac.create_artifacts(
container)
# print(response_results)
assert type(response_results) is Results
assert len(request_results) == 1
assert len(response_results.success) == 2
assert not response_results.failure
assert response_results.success[0]['success']
tprint(response_results, request_results, top=5)
# todo: check for creation within phantom
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_all_container_artifacts_date_filtered():
# TODO: This is hard to test since we don't know what artifacts we'll encounter.
ts = time.perf_counter()
bprint('Test: Get All Container Artifacts Date Filtered')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
f = {'_filter_type': '"test"'}
results = await pac.get_record_count(ArtifactQuery(filter=f))
unfiltered = results.success[0]['count']
assert unfiltered
print(f'Found {unfiltered} unfiltered containers.')
results = await pac.get_records(
ArtifactQuery(date_filter_start='2019-09-10',
date_filter_field='create_time',
filter=f))
filtered = len(results.success)
print(f'Found {filtered} filtered containers.')
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
assert unfiltered > filtered
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_create_many_containers():
ts = time.perf_counter()
bprint('Test: Create Many Containers')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
response_results, request_results = await pac.create_containers(
generate_container(container_count=2))
# print(response_results)
assert type(response_results) is Results
assert len(request_results) == 2
assert len(response_results.success) == 2
assert not response_results.failure
assert response_results.success[0]['success']
tprint(response_results, request_results)
print('\nVerify Results from Phantom')
ids = [r['id'] for r in response_results.success]
results = await pac.get_records(query=ContainerQuery(
filter={'_filter_id__in': str(ids)}))
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_update_one_container():
ts = time.perf_counter()
bprint('Test: Update One Container')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_records(query=ContainerQuery(
page=0, page_size=20, filter={'_filter_tenant': 2}))
old_container = choice(results.success)
print(f'Container Prior Update\n\t-> {old_container}')
container = generate_container()[0]
container.clear()
container.name = 'Update Test'
container.update_id(old_container['id'])
results = await pac.update_records(container)
# print(response_results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
assert results.success
assert results.success[0]['success']
tprint(results)
results = await pac.get_records(query=ContainerQuery(
id=old_container['id']))
print(f'Container After Update\n\t-> {results.success[0]}')
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_all_containers_date_filtered():
ts = time.perf_counter()
bprint('Test: Get All Containers Date Filtered')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_record_count(
ContainerQuery(filter={'_filter_tenant': 2}))
try:
unfiltered = results.success[0]['count']
except IndexError:
unfiltered = 0
print(f'Found {unfiltered} unfiltered containers.')
results = await pac.get_records(
query=ContainerQuery(date_filter_start='2019-10-01',
date_filter_field='create_time',
filter={'_filter_tenant': 2}))
filtered = len(results.success)
print(f'Found {filtered} filtered containers.')
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
assert unfiltered > filtered
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_delete_one_artifact():
ts = time.perf_counter()
bprint('Test: Delete One Artifact')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_records(
ArtifactQuery(filter={'_filter_type': '"test"'}))
ids = [c['id'] for c in results.success]
aid = choice(ids)
results = await pac.delete_records(query=[ArtifactQuery(id=aid)])
# print(results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
assert results.success
tprint(results)
print('\nVerify Results from Phantom')
results = await pac.get_records(query=ArtifactQuery(
filter={'_filter_id': aid}))
assert not results.success
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_login():
ts = time.perf_counter()
bprint('Test: Login')
async with ExabeamApiClient(cfg=f'{getenv("CFG_HOME")}/exabeam_api_client.toml') as eac:
results = await eac.login()
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_alerts_filtered():
ts = time.perf_counter()
bprint('Test: Get Alerts, Filtered')
async with BricataApiClient(cfg=f'{getenv("CFG_HOME")}/bricata_api_client.toml') as bac:
af = AlertsFilter(tags='ATO')
results = await bac.get_alerts(af)
# assert type(results) is Results
# assert len(results.success) >= 1
# assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_one_container_audit_data():
ts = time.perf_counter()
bprint('Test: Get One Container Audit Data')
async with PhantomApiClient(cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_records(query=AuditQuery(container=130416))
# print(results)
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_notable_users():
ts = time.perf_counter()
bprint('Test: Get Notable Users')
async with ExabeamApiClient(
cfg=f'{getenv("CFG_HOME")}/exabeam_api_client.toml') as eac:
results = await eac.get_notable_users(query=NotableUsersQuery(num=10))
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_tags():
ts = time.perf_counter()
bprint('Test: Get Tags')
async with BricataApiClient(
cfg=f'{getenv("CFG_HOME")}/bricata_api_client.toml') as bac:
results = await bac.get_tags()
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_user_count():
ts = time.perf_counter()
bprint('Test: Get User Count')
async with PhantomApiClient(cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_record_count(query=UserQuery())
# print(results)
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_alerts():
ts = time.perf_counter()
bprint('Test: Get Alerts')
async with BricataApiClient(cfg=f'{getenv("CFG_HOME")}/bricata_api_client.toml') as bac:
results = await bac.get_records(AlertQuery())
# print('results:\n\t', results)
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_all_artifacts_count():
ts = time.perf_counter()
bprint('Test: Get All Artifacts Count')
async with PhantomApiClient(
cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_record_count(ArtifactQuery())
# print(results)
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results) # Should return all artifacts across all containers
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_all_computers():
ts = time.perf_counter()
bprint('Test: Get All Computers')
async with LDAPApiClient(
cfg=f'{getenv("CFG_HOME")}/ldap_api_client.toml') as adac:
results = await adac.get_computers()
# print(results)
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_one_case():
ts = time.perf_counter()
bprint('Test: Get One Container')
async with PhishlabsApiClient(
cfg=f'{getenv("CFG_HOME")}/phishlabs_api_client.toml') as plac:
results = await plac.get_cases(case_id='<insert_case-id_here>')
# print(results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_login():
ts = time.perf_counter()
bprint('Test: Login')
async with BricataApiClient(cfg=f'{getenv("CFG_HOME")}/bricata_api_client.toml') as bac:
results = await bac.login()
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
print('Header:', bac.header)
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_cases_count_filtered():
ts = time.perf_counter()
bprint('Test: Get Cases Count Filtered')
async with PhishlabsApiClient(
cfg=f'{getenv("CFG_HOME")}/phishlabs_api_client.toml') as plac:
results = await plac.get_case_count(query=Query(caseType=['Phishing']))
# print(results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
tprint(results) # Should return all cases across all cases
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_logout():
ts = time.perf_counter()
bprint('Test: Logout')
async with PasswordSafeApiClient(
cfg=f'{getenv("CFG_HOME")}/password_safe_api_client_dev.toml'
) as psac:
results = await psac.authenticate(direction='out')
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_one_attahment():
ts = time.perf_counter()
bprint('Test: Get One Attachment')
# todo: write me
async with PhishlabsApiClient(
cfg=f'{getenv("CFG_HOME")}/phishlabs_api_client.toml') as plac:
results = await plac.get_case_count()
# print(results)
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
tprint(results) # Should return all cases
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_check_invalid_credentials():
ts = time.perf_counter()
bprint('Test: Check Invalid Credentials')
async with LDAPApiClient(cfg=f'{getenv("CFG_HOME")}/ldap_api_client.toml',
autoconnect=False) as adac:
results = await adac.check_credentials(username='******',
password='******')
# print(f'results: {results}')
assert type(results) is Results
assert len(results.failure) == 1
assert not results.success
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_managed_accounts():
ts = time.perf_counter()
bprint('Test: Get Managed Accounts')
async with PasswordSafeApiClient(
cfg=f'{getenv("CFG_HOME")}/password_safe_api_client_dev.toml'
) as psac:
results = await psac.get_records(query=ManagedAccounts())
assert type(results) is Results
assert len(results.success) == 1
assert not results.failure
print('Cookie:')
tprint(results)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_all_users():
ts = time.perf_counter()
bprint('Test: Get All Users')
async with PhantomApiClient(cfg=f'{getenv("CFG_HOME")}/phantom_api_client.toml') as pac:
results = await pac.get_record_count(query=UserQuery())
count = results.success[0]['count']
results = await pac.get_records(query=UserQuery())
# print(results)
assert type(results) is Results
assert len(results.success) == count
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
async def test_get_all_users_filtered():
ts = time.perf_counter()
bprint('Test: Get All Users Filtered')
async with LDAPApiClient(
cfg=f'{getenv("CFG_HOME")}/ldap_api_client.toml') as adac:
results = await adac.get_records(
Query(search_base=adac.cfg['Defaults']['SearchBase'],
search_filter='(cn=t24620a)'))
# print(results)
assert type(results) is Results
assert len(results.success) >= 1
assert not results.failure
tprint(results, top=5)
bprint(f'-> Completed in {(time.perf_counter() - ts):f} seconds.')
