def test_infilter(self): # Naked INFilter infilter = InFilter(FieldValue(LogField.SRC), [IPValue("172.18.1.1", "172.18.1.2")]) d = { "left": { "id": 7, "type": "field" }, "right": [{ "type": "ip", "value": "172.18.1.1" }, { "type": "ip", "value": "172.18.1.2" }], "type": "in", } self.assertDictEqual(infilter.filter, d) # Add to query using query method query = LogQuery() query.add_in_filter(FieldValue(LogField.SRC), [IPValue("172.18.1.1", "172.18.1.2")]) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter) # Update the original filter, validate update infilter.update_filter(FieldValue("Src"), [IPValue("1.1.1.1")]) d = { "left": { "name": "Src", "type": "field" }, "right": [{ "type": "ip", "value": "1.1.1.1" }], "type": "in", } # Update filter on query self.assertDictEqual(infilter.filter, d) query.update_filter(InFilter(FieldValue("Src"), [IPValue("1.1.1.1")])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_infilter(self): # Naked INFilter infilter = InFilter(FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')]) d = { 'left': { 'id': 7, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '172.18.1.1' }, { 'type': 'ip', 'value': '172.18.1.2' }], 'type': 'in' } self.assertDictEqual(infilter.filter, d) # Add to query using query method query = LogQuery() query.add_in_filter(FieldValue(LogField.SRC), [IPValue('172.18.1.1', '172.18.1.2')]) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter) # Update the original filter, validate update infilter.update_filter(FieldValue('Src'), [IPValue('1.1.1.1')]) d = { 'left': { 'name': 'Src', 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '1.1.1.1' }], 'type': 'in' } # Update filter on query self.assertDictEqual(infilter.filter, d) query.update_filter(InFilter(FieldValue('Src'), [IPValue('1.1.1.1')])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
def name_with_fields(self): query = LogQuery(fetch_size=100) query.add_in_filter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]) query.format.field_format("name") logquery = { "format": { "type": "texts", "field_format": "name", "resolving": { "senders": True } }, "query": { "type": "stored", "end_ms": 0, "start_ms": 0, "filter": { "type": "in", "left": { "type": "field", "id": LogField.SRC }, "right": [{ "type": "ip", "value": "192.168.4.84" }], }, }, "fetch": { "quantity": 100, "backwards": True }, } self.assertDictEqual(query.request, logquery)
# beta=True) session.login(url='http://172.18.1.150:8082', api_key='EiGpKD4QxlLJ25dbBEp20001', timeout=30, api_version='6.4') #session.login(url='https://172.18.1.151:8082', api_key='xJRo27kGja4JmPek9l3Nyxm4', # verify=False) pprint(session._get_log_schema()) #TODO: BLACKLISTQUERY fails when using format ID's due to CombinedFilter. query = BlacklistQuery('ve-1') query.add_in_filter(FieldValue(LogField.BLACKLISTENTRYSOURCEIP), [IPValue('3.3.3.3/32')]) for record in query.fetch_as_element( ): # <-- must get as element to obtain delete() method #for record in query.fetch_raw(): pprint(vars(record)) record.delete() #print("Deleting!") #print(prepared_request(href='http://172.18.1.150:8082/6.4/elements/virtual_fw/10677/blacklist/Nzg2NDMz').delete()) # query = LogQuery(http_proxy_host='1.1.1.1') # for log in query.fetch_live(): # print(log) class Foo(object): def __init__(self, value):
def test_and_filter(self): andfilter = AndFilter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) f = { "type": "and", "values": [ { "left": { "id": 7, "type": "field" }, "right": [{ "type": "ip", "value": "192.168.4.84" }], "type": "in", }, { "left": { "id": 27, "type": "field" }, "right": [{ "type": "service", "value": "TCP/80" }], "type": "in", }, ], } self.assertDictEqual(andfilter.filter, f) query = LogQuery() query.add_and_filter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) query_filter = query.request["query"]["filter"] self.assertDictEqual(f, query_filter) # Update the original filter andfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]), ]) d = { "type": "and", "values": [ { "left": { "id": 8, "type": "field" }, "right": [{ "type": "ip", "value": "1.1.1.1" }], "type": "in", }, { "left": { "id": 14, "type": "field" }, "right": [{ "type": "constant", "value": 0 }, { "type": "constant", "value": 13 }], "type": "in", }, ], } self.assertDictEqual(andfilter.filter, d) query.update_filter( AndFilter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]), ])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_or_filter(self): orfilter = OrFilter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) f = { "type": "or", "values": [ { "left": { "id": 7, "type": "field" }, "right": [{ "type": "ip", "value": "192.168.4.84" }], "type": "in", }, { "left": { "id": 27, "type": "field" }, "right": [{ "type": "service", "value": "TCP/80" }], "type": "in", }, ], } self.assertDictEqual(orfilter.filter, f) query = LogQuery() query.add_or_filter([ InFilter(FieldValue(LogField.SRC), [IPValue("192.168.4.84")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/80")]), ]) query_filter = query.request["query"]["filter"] self.assertDictEqual(f, query_filter) orfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]), ]) d = { "type": "or", "values": [ { "left": { "id": 8, "type": "field" }, "right": [{ "type": "ip", "value": "1.1.1.1" }], "type": "in", }, { "left": { "id": 27, "type": "field" }, "right": [{ "type": "service", "value": "TCP/443" }], "type": "in", }, ], } self.assertDictEqual(d, orfilter.filter) query.update_filter( OrFilter([ InFilter(FieldValue(LogField.DST), [IPValue("1.1.1.1")]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue("TCP/443")]), ])) query_filter = query.request["query"]["filter"] self.assertDictEqual(d, query_filter)
def test_and_filter(self): andfilter = AndFilter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) f = { 'type': 'and', 'values': [{ 'left': { 'id': 7, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '192.168.4.84' }], 'type': 'in' }, { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'TCP/80' }], 'type': 'in' }] } self.assertDictEqual(andfilter.filter, f) query = LogQuery() query.add_and_filter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) query_filter = query.request['query']['filter'] self.assertDictEqual(f, query_filter) # Update the original filter andfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]) ]) d = { 'type': 'and', 'values': [{ 'left': { 'id': 8, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '1.1.1.1' }], 'type': 'in' }, { 'left': { 'id': 14, 'type': 'field' }, 'right': [{ 'type': 'constant', 'value': 0 }, { 'type': 'constant', 'value': 13 }], 'type': 'in' }] } self.assertDictEqual(andfilter.filter, d) query.update_filter( AndFilter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.ACTION), [ConstantValue(Actions.DISCARD, Actions.BLOCK)]) ])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
def test_or_filter(self): orfilter = OrFilter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) f = { 'type': 'or', 'values': [{ 'left': { 'id': 7, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '192.168.4.84' }], 'type': 'in' }, { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'TCP/80' }], 'type': 'in' }] } self.assertDictEqual(orfilter.filter, f) query = LogQuery() query.add_or_filter([ InFilter(FieldValue(LogField.SRC), [IPValue('192.168.4.84')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/80')]) ]) query_filter = query.request['query']['filter'] self.assertDictEqual(f, query_filter) orfilter.update_filter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')]) ]) d = { 'type': 'or', 'values': [{ 'left': { 'id': 8, 'type': 'field' }, 'right': [{ 'type': 'ip', 'value': '1.1.1.1' }], 'type': 'in' }, { 'left': { 'id': 27, 'type': 'field' }, 'right': [{ 'type': 'service', 'value': 'TCP/443' }], 'type': 'in' }] } self.assertDictEqual(d, orfilter.filter) query.update_filter( OrFilter([ InFilter(FieldValue(LogField.DST), [IPValue('1.1.1.1')]), InFilter(FieldValue(LogField.SERVICE), [ServiceValue('TCP/443')]) ])) query_filter = query.request['query']['filter'] self.assertDictEqual(d, query_filter)
timeout=30, api_version="6.4", ) # session.login(url='https://172.18.1.151:8082', api_key='xJRo27kGja4JmPek9l3Nyxm4', # verify=False) pprint(session._get_log_schema()) # TODO: BLACKLISTQUERY fails when using format ID's due to CombinedFilter. query = BlacklistQuery("ve-1") query.add_in_filter( FieldValue( LogField.BLACKLISTENTRYSOURCEIP), [ IPValue("3.3.3.3/32")]) for record in query.fetch_as_element( ): # <-- must get as element to obtain delete() method # for record in query.fetch_raw(): pprint(vars(record)) record.delete() # print("Deleting!") # print(prepared_request( # href='http://172.18.1.150:8082/6.4/elements/virtual_fw/10677/blacklist/Nzg2NDMz').delete()) # query = LogQuery(http_proxy_host='1.1.1.1') # for log in query.fetch_live(): # print(log) class Foo(object):