def test_is_async(self, mock_api_client): mock_api_client.return_value = None entry_point = EntryPoint() check_async = entry_point.is_async() assert check_async is False
def test_is_async(self, mock_api_client): mock_api_client.return_value = None entry_point = EntryPoint() config = {"auth": {"SEC": "bla"}} connection = {"host": "hostbla", "port": "8080", "ceft": "cert"} check_async = entry_point.is_async() assert check_async is False
import unittest import json from stix_shifter_utils.stix_translation.src.json_to_stix.json_to_stix import json_to_stix_translator from stix_shifter_modules.elastic_ecs.entry_point import EntryPoint from stix_shifter.stix_translation import stix_translation from stix_shifter_utils.stix_translation.src.utils.transformer_utils import get_module_transformers MODULE = "elastic_ecs" entry_point = EntryPoint() map_data = entry_point.get_results_translator().map_data data_source = { "type": "identity", "id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3", "name": "ElasticEcs", "identity_class": "events" } options = {} data = { "@timestamp": "2019-04-21T11:05:07.000Z", "event": { "action": "get", "dataset": "apache.access", "original": "10.42.42.42 - - [07/Dec/2018:11:05:07 +0100] \"GET /blog HTTP/1.1\" 200 2571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\"" }, "process": { "args": ["/System/Library/CoreServices/SubmitDiagInfo", "server-init"], "pid": 609,
def test_query_flow(self, mock_results_response, mock_api_client): mock_api_client.return_value = None results_mock = """ { "hits" : { "total" : { "value" : 5, "relation" : "eq" }, "max_score" : 3.0, "hits" : [ { "_source": { "@timestamp": "2019-04-12T12:41:07.237Z", "client": { "port": 64966, "bytes": 39, "ip": "0.0.0.0" }, "source": { "port": 64966, "bytes": 39, "ip": "0.0.0.0" }, "event": { "duration": 96890000, "kind": "event", "start": "2019-04-12T12:41:07.237Z", "end": "2019-04-12T12:41:07.334Z", "category": "network_traffic", "dataset": "dns" } } } ] } } """ mock_results_response.return_value = ElasticEcsMockResponse( 200, results_mock) config = {"auth": {"SEC": "bla"}} connection = {"host": "hostbla", "port": "8080", "ceft": "cert"} query = '(source.port : "64966" OR client.port : "64966")' transmission = stix_transmission.StixTransmission( 'elastic_ecs', connection, config) query_response = transmission.query(query) assert query_response is not None assert 'search_id' in query_response assert query_response[ 'search_id'] == '(source.port : "64966" OR client.port : "64966")' offset = 0 length = 1 entry_point = EntryPoint(connection, config) results_response = entry_point.create_results_connection( query, offset, length) assert results_response is not None assert 'data' in results_response assert len(results_response['data']) > 0
from stix_shifter_utils.stix_translation.src.json_to_stix.json_to_stix import json_to_stix_translator from stix_shifter_utils.stix_translation.src.utils import transformers from stix_shifter_modules.elastic_ecs.entry_point import EntryPoint from stix_shifter.stix_translation import stix_translation import json import unittest entry_point = EntryPoint() map_file = open( entry_point.get_results_translator().default_mapping_file_path).read() map_data = json.loads(map_file) map_data = json.loads(map_file) data_source = { "type": "identity", "id": "identity--3532c56d-ea72-48be-a2ad-1a53f4c9c6d3", "name": "ElasticEcs", "identity_class": "events" } options = {} data = { "@timestamp": "2019-04-21T11:05:07.000Z", "event": { "action": "get", "dataset": "apache.access", "original": "10.42.42.42 - - [07/Dec/2018:11:05:07 +0100] \"GET /blog HTTP/1.1\" 200 2571 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36\""