def test_set_status(requests_mock) -> None:
"""
Scenario: test set status to investigations
Given:
- User has provided valid credentials
- User has provided valid status
When:
- insight_idr_set_status_command is called
Then:
- Ensure prefix is correct
- Ensure key field is correct
- Ensure status field is as expected
"""
from insightidr import Client, insight_idr_set_status_command
investigation_id = '174e4f99-2ac7-4481-9301-4d24c34baf06'
status = 'OPEN'
mock_response = util_load_json('test_data/set_status.json')
requests_mock.put(
f'https://{REGION}.api.insight.rapid7.com/idr/v1/investigations/{investigation_id}'
f'/status/{status}', json=mock_response)
client = Client(
base_url=f'https://{REGION}.api.insight.rapid7.com/',
verify=False,
headers={
'Authentication': 'apikey'
},
proxy=False
)
response = insight_idr_set_status_command(client, investigation_id, status)
if response.raw_response:
for data in response.raw_response:
for obj in data.get('data', []):
assert obj.get('status', '') == status
assert response.outputs_prefix == 'Rapid7InsightIDR.Investigation'
assert response.outputs_key_field == 'id'
def test_assign_user(requests_mock) -> None:
"""
Scenario: test assign user to investigations
Given:
- User has provided valid credentials
- User has provided valid email address
When:
- insight_idr_assign_user_command is called
Then:
- Ensure prefix is correct
- Ensure key field is correct
- Ensure email field is as expected
"""
from insightidr import Client, insight_idr_assign_user_command
investigation_id = '174e4f99-2ac7-4481-9301-4d24c34baf06'
email = '*****@*****.**'
mock_response = util_load_json('test_data/assign_user.json')
requests_mock.put(
f'https://{REGION}.api.insight.rapid7.com/idr/v1/investigations/'
f'{investigation_id}/assignee', json=mock_response)
client = Client(
base_url=f'https://{REGION}.api.insight.rapid7.com/',
verify=False,
headers={
'Authentication': 'apikey'
},
proxy=False
)
response = insight_idr_assign_user_command(client, investigation_id, email)
if response.raw_response:
for data in response.raw_response:
for obj in data.get('data', []):
assert obj.get('assignee', {}).get('email', '') == email
assert response.outputs_prefix == 'Rapid7InsightIDR.Investigation'
assert response.outputs_key_field == 'id'
def test_insight_idr_replace_threat_indicators(requests_mock) -> None:
"""
Scenario: test replace indiactors to threat
Given:
- User has provided valid credentials
- User has provided valid indicators
When:
- insight_idr_replace_threat_indicators_command is called
Then:
- Ensure prefix is correct
- Ensure key field is correct
- Ensure output is as expected
"""
from insightidr import Client, insight_idr_replace_threat_indicators_command
mock_response = util_load_json('test_data/replace_threat_indicators.json')
requests_mock.post(
f'https://{REGION}.api.insight.rapid7.com/idr/v1/customthreats/key/x/indicators/replace',
json=mock_response)
client = Client(
base_url=f'https://{REGION}.api.insight.rapid7.com/',
verify=False,
headers={
'Authentication': 'apikey'
},
proxy=False
)
response = insight_idr_replace_threat_indicators_command(client, 'x')
outputs = []
for threat in response.raw_response:
outputs.append(threat.get('threat'))
assert response.outputs_prefix == 'Rapid7InsightIDR.Threat'
assert response.outputs_key_field == 'name'
assert response.outputs == outputs
def test_insight_idr_query_log_set(requests_mock) -> None:
"""
Scenario: test query log set
Given:
- User has provided valid credentials
- User has provided valid logset ID
When:
- insight_idr_query_log_set_command is called
Then:
- Ensure prefix is correct
- Ensure key field is correct
- Ensure output is as expected
"""
from insightidr import Client, insight_idr_query_log_set_command
mock_response = util_load_json('test_data/list_log_sets.json')
requests_mock.get(
f'https://{REGION}.api.insight.rapid7.com/log_search/query/logsets/x', json=mock_response)
client = Client(
base_url=f'https://{REGION}.api.insight.rapid7.com/',
verify=False,
headers={
'Authentication': 'apikey'
},
proxy=False
)
response = insight_idr_query_log_set_command(client, 'x', '', '', '')
outputs = []
for event in response.raw_response.get('events', []):
outputs.append(event)
assert response.outputs_prefix == 'Rapid7InsightIDR.Event'
assert response.outputs_key_field == 'message'
assert response.outputs == outputs