def test_check_task_status(mocker):
mocker.patch("TrendMicroVisionOne.Client.http_request",
check_task_status_mock_response)
mocker.patch(
"CommonServerPython.ScheduledCommand.raise_error_if_not_supported",
lambda: None)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {"actionId": "00001108"}
result = get_task_status(args, client)
assert result.outputs["taskStatus"] == "success"
def test_get_forensic_file_information(mocker):
"""Test endpoint to get collected file infomation based on action id"""
mocker.patch("TrendMicroVisionOne.Client.http_request",
mock_download_collected_file_info_response)
args = {"actionId": "00000700"}
client = Client("https://api.xdr.trendmicro.com", api_key)
result = download_information_collected_file(client, args)
assert isinstance(result.outputs["url"], str)
assert isinstance(result.outputs["expires"], str)
assert isinstance(result.outputs["password"], str)
assert isinstance(result.outputs["filename"], str)
def test_update_status(mocker):
mocker.patch(
"TrendMicroVisionOne.Client.http_request",
update_status_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key, proxy)
args = {
"workbench_id": "WB-20837-20220418-00000",
"status": "in_progress"
}
result = update_status(client, args)
assert result.outputs["response_msg"] == "Alert status changed successfully."
assert isinstance(result.outputs["Workbench_Id"], str)
assert isinstance(result.outputs["response_code"], int)
def test_get_file_analysis_report_1(mocker):
"""Test get file analysis report data."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
mock_file_report_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"reportId": "800f908d-9578-4333-91e5-822794ed5483",
"type": "suspiciousObject",
}
result = get_file_analysis_report(client, args)
assert result.outputs["message"] == "Success"
assert result.outputs["code"] == "Success"
assert len(result.outputs["data"]) > 0
def test_get_report_id(mocker):
"""Test to get status of file with report id"""
mocker.patch("TrendMicroVisionOne.Client.http_request",
mock_file_status_response)
args = {"taskId": "921674d0-9735-4f79-b7de-c852e00a003d"}
client = Client("https://api.xdr.trendmicro.com", api_key)
result = get_file_analysis_status(client, args)
assert result.outputs["message"] == "Success"
assert result.outputs["code"] == "Success"
assert result.outputs["report_id"] == (
"012e4eac-9bd9-4e89-95db-77e02f75a6f3")
assert result.outputs_prefix == "VisionOne.File_Analysis_Status"
assert result.outputs_key_field == "message"
def test_delete_object_from_suspicious_list(mocker):
"""Test delete object from suspicious list."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
add_delete_suspicious_mock_response)
mocker.patch("TrendMicroVisionOne.Client.suspicious_list_count",
add_delete_suspicious_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {"type": "domain", "value": "1.alisiosanguera.com.cn"}
result = delete_from_suspicious_list(client, args)
assert result.outputs["status_code"] is None
assert isinstance(result.outputs["total_items"], int)
assert result.outputs_prefix == "VisionOne.Suspicious_List"
assert result.outputs_key_field == "message"
def test_add_note(mocker):
mocker.patch(
"TrendMicroVisionOne.Client.http_request",
add_note_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key, proxy)
args = {
"workbench_id": "WB-20837-20220418-00000",
"content": "This is a new note."
}
result = add_note(client, args)
assert result.outputs["response_msg"] == "Alert notes added successfully."
assert isinstance(result.outputs["Workbench_Id"], str)
assert isinstance(result.outputs["noteId"], int)
assert isinstance(result.outputs["response_code"], int)
def test_submit_file_to_sandbox(mocker):
mocker.patch("TrendMicroVisionOne.requests.get", mocked_requests_get)
mocker.patch("TrendMicroVisionOne.requests.post", mocked_requests_post)
args = {
"fileUrl": "http://adsd.com",
"fileName":
"XDR_ResponseApp_CollectFile_ID00000700_20211206T134158Z.7z",
"archivePassword": "******",
"documentPassword": ""
}
client = Client("https://api.xdr.trendmicro.com", api_key)
result = submit_file_to_sandbox(client, args)
assert result.outputs["message"] == "Success"
assert result.outputs["code"] == "Success"
def test_restore_endpoint(mocker):
"""Test restore endpoint positive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
isolate_restore_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"endpoint": "hostname",
"productId": "sao",
"description": "restore endpoint info",
}
result = isolate_or_restore_connection(
client, "trendmicro-visionone-restore-endpoint-connection", args)
assert result.outputs["taskStatus"] == "pending"
assert result.outputs_prefix == "VisionOne.Endpoint_Connection"
assert result.outputs_key_field == "actionId"
def test_get_endpoint_information(mocker):
"""Test get information from endpoint based on computerid"""
mocker.patch("TrendMicroVisionOne.Client.http_request",
mock_get_endpoint_info_response)
args = {"endpoint": "hostname"}
client = Client("https://api.xdr.trendmicro.com", api_key)
result = get_endpoint_info(client, args)
assert result.outputs["status"] == "SUCCESS"
assert isinstance(result.outputs["message"], str)
assert isinstance(result.outputs["hostname"], str)
assert isinstance(result.outputs["ip"], str)
assert isinstance(result.outputs["macAddr"], str)
assert isinstance(result.outputs["osDescription"], str)
assert isinstance(result.outputs["osName"], str)
assert isinstance(result.outputs["osVersion"], str)
assert isinstance(result.outputs["productCode"], str)
def test_collect_forensic_file(mocker):
"""Test collect file with positive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request", mock_collect_file)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"endpoint": "hostname",
"description": "collect file",
"productId": "sao",
"filePath": ("/file_path/sample.txt"),
"os": "linux",
}
result = collect_file(client, args)
assert result.outputs["taskStatus"] == "pending"
assert isinstance(result.outputs["actionId"], str)
assert result.outputs_prefix == "VisionOne.Collect_Forensic_File"
assert result.outputs_key_field == "actionId"
def test_remove_block_list(mocker):
"""Test remove block list positive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
add_remove_blocklist_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"valueType": "file_sha1",
"targetValue": "2de5c1125d5f991842727ed8ea8b5fda0ffa249b",
"productId": "sao",
"description": "block info",
}
result = add_or_remove_from_block_list(
client, "trendmicro-visionone-remove-from-block-list", args)
assert result.outputs["taskStatus"] == "pending"
assert isinstance(result.outputs["actionId"], str)
assert result.outputs_prefix == "VisionOne.BlockList"
assert result.outputs_key_field == "actionId"
def test_terminate_process_endpoint(mocker):
"""Test terminate process positive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
isolate_restore_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"endpoint": "00:50:56:81:87:A8",
"fileSha1": "12a08b7a3c5a10b64700c0aca1a47941b50a4f8b",
"productId": "sao",
"description": "terminate info",
"filename": "testfile",
}
result = terminate_process(client, args)
assert result.outputs["taskStatus"] == "pending"
assert isinstance(result.outputs["actionId"], str)
assert result.outputs_prefix == "VisionOne.Terminate_Process"
assert result.outputs_key_field == "actionId"
def test_add_object_to_exception_list(mocker):
"""Test add to exception list with positive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
add_delete_exception_mock_response)
mocker.patch("TrendMicroVisionOne.Client.exception_list_count",
add_delete_exception_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"type": "domain",
"value": "1.alisiosanguera.com",
"description": "new key"
}
result = add_or_delete_from_exception_list(
client, "trendmicro-visionone-add-objects-to-exception-list", args)
assert result.outputs["status_code"] is None
assert result.outputs_prefix == "VisionOne.Exception_List"
assert isinstance(result.outputs["total_items"], int)
assert result.outputs_key_field == "message"
def test_get_file_analysis_report(mocker):
"""Test get file analysis report data."""
mocker.patch(
"TrendMicroVisionOne.Client.http_request",
mock_file_report_response)
client = Client("https://api.xdr.trendmicro.com", api_key, proxy)
args = {
"reportId": "800f908d-9578-4333-91e5-822794ed5483",
"type": "suspiciousObject",
}
result = get_file_analysis_report(client, args)
assert result.outputs["message"] == "Success"
assert result.outputs["code"] == "Success"
assert isinstance(result.outputs["data"][0]["type"], str)
assert isinstance(result.outputs["data"][0]["value"], str)
assert isinstance(result.outputs["data"][0]["risk_level"], str)
assert isinstance(result.outputs["data"][0]["analysis_completion_time"], str)
assert isinstance(result.outputs["data"][0]["expired_time"], str)
assert isinstance(result.outputs["data"][0]["root_file_sha1"], str)
def test_add_object_to_suspicious_list(mocker):
"""Test add to suspicious list with poistive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
add_delete_suspicious_mock_response)
mocker.patch("TrendMicroVisionOne.Client.suspicious_list_count",
add_delete_suspicious_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"type": "domain",
"value": "1.alisiosanguera.com.cn",
"description": "Example Suspicious Object.",
"scanAction": "log",
"riskLevel": "high",
"expiredDay": 15,
}
result = add_to_suspicious_list(client, args)
assert result.outputs["status_code"] is None
assert isinstance(result.outputs["total_items"], int)
assert result.outputs_prefix == "VisionOne.Suspicious_List"
assert result.outputs_key_field == "message"
def test_quarantine_email_message(mocker):
"""Test quarantine email message positive scenario."""
mocker.patch("TrendMicroVisionOne.Client.http_request",
quarantine_delete_email_mock_response)
client = Client("https://api.xdr.trendmicro.com", api_key)
args = {
"messageId": ("<CANUJTKTjto9GAHTr9V=TFqMZhRXqVn="
"*****@*****.**>"),
"mailBox":
"*****@*****.**",
"messageDeliveryTime":
"2021-12-09T14:00:12.000Z",
"productId":
"sca",
"description":
"quarantine info",
}
result = quarantine_or_delete_email_message(
client, "trendmicro-visionone-quarantine-email-message", args)
assert result.outputs["taskStatus"] == "pending"
assert isinstance(result.outputs["actionId"], str)
assert result.outputs_prefix == "VisionOne.Email"
assert result.outputs_key_field == "actionId"
