Python Finding 예제들

예제 #1

 def finding(self):
     return securecscc.Finding(
         **{
             'finding_id': '656703705613148160',
             'source':
             'organizations/707341064895/sources/4472002082094996606',
             'category': 'Terminal shell in container',
             'event_time': 1553098717,
             'url':
             'https://secure.sysdig.com/#/events/f:1553098657,t:1553098777/*/*?viewAs=list',
             'resource_name':
             '//compute.googleapis.com/projects/sysdig-204815/zones/europe-west3-a/instances/7045420945307206367',
             'priority': None,
             'summary':
             'A shell was spawned in a container with an attached terminal (user=root k8s_nginx_nginx-78f5d695bd-vk44n_default_ce1ac962-4994-11e9-8881-42010a9c01af_0 (id=1e4dcb0c1ce5) shell=bash parent=runc:[0:PARENT] cmdline=bash terminal=34817)',
             'container_id': None,
             'container_name': None,
             'kubernetes_pod_name': None,
             'severity': 4,
             'rule_type': 'RULE_TYPE_FALCO',
             'container_metadata': {
                 'container.id': '1e4dcb0c1ce5',
                 'container.name':
                 'k8s_nginx_nginx-78f5d695bd-vk44n_default_ce1ac962-4994-11e9-8881-42010a9c01af_0',
                 'container.image':
                 'nginx@sha256:7734a210432278817f8097acf2f72d20e2ccc7402a0509810c44b3a8bfe0094a',
                 'kubernetes.pod.name': 'nginx-78f5d695bd-vk44n',
                 'kubernetes.deployment.name': 'nginx',
                 'kubernetes.namespace.name': 'default',
                 'agent.tag': 'helm-gke'
             }
         })

예제 #2

파일: sysdig_secure_webhook_spec.py 프로젝트: glazgou/sysdig-gcscc-connector

        }

    with context('GET /health'):
        with it('is alive'):
            result = self.app.get('/health')

            expect(result.status_code).to(equal(http.client.OK))

    with context('POST /events'):
        with before.each:
            sysdig_secure_webhook.ACTION = Spy(
                securecscc.CreateFindingFromEvent)

            self.finding = securecscc.Finding(
                finding_id='irrelevant finding id',
                source='irrelevant source',
                category='irrelevant category',
                event_time='irrelevant event_time',
            )
            when(sysdig_secure_webhook.ACTION).run(
                fixtures.event_in_webhook()).returns(self.finding)

        with it('returns a 201'):
            result = self.app.post('/events',
                                   data=fixtures.payload_from_webhook(),
                                   content_type='application/json',
                                   headers=self.authorization_headers)

            expect(result.status_code).to(equal(http.client.CREATED))

        with it('returns new created finding'):
            result = self.app.post('/events',

예제 #3

import securecscc

from mamba import description, it, before
from expects import expect, equal


with description(securecscc.GoogleCloudClient) as self:
    with before.each:
        self.settings = securecscc.Settings()
        self.client = securecscc.GoogleCloudClient(securecscc.Credentials())

    with it('creates the finding'):
        finding = securecscc.Finding(
            source=self.settings.source(),
            category='AUTOMATED_TEST_FOO',
            event_time=self.now(),
            url='http://example.com',
        )

        self.client.create_finding(finding)

    def now(self):
        dt = datetime.utcnow()
        return int((dt - datetime.utcfromtimestamp(0)).total_seconds())

    with it('retrieves id from hostname'):
        hostname = 'gke-sysdig-work-default-pool-0b1474b1-hxz1'

        instance_id = self.client.get_resource_name_from_hostname(
            self.settings.organization(),
            hostname