def test_indicator_search_ipv6(client):
INDICATOR = '2001:4860:4860::8888'
# create feed and test created feed
f = Feed(client).new(USER, FEED, description='build search test feed')
assert f['created_at']
# create test and submit test indicator
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'indicator': INDICATOR,
'comment': 'this is a test comment'
})
r = i.submit()
# test creating the indicator
assert r['indicator']['indicator'] == INDICATOR
assert r['indicator']['itype'] == 'ipv6'
assert r['indicator']['created_at']
# search for indicator
s = Search(client)
r = s.search(INDICATOR, 10)
for record in r['feed']['indicators']:
if record['indicator']['feed'] == 'live-test-feed':
assert record['indicator']['indicator'] == INDICATOR
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def test_indicator_search_url(client):
INDICATOR = 'http://www.example.com/test/index.html'
# create feed and test created feed
f = Feed(client).new(USER, FEED, description='build search test feed')
assert f['created_at']
# create test and submit test indicator
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'indicator': INDICATOR,
'comment': 'this is a test comment'
})
r = i.submit()
# test creating the indicator
assert r['indicator'] == INDICATOR
assert r['itype'] == 'uri'
assert r['created_at']
# search for indicator
s = Search(client)
r = s.search(INDICATOR, 10)
for record in r:
if record['feed'] == 'live-test-feed':
assert record['indicator'] == INDICATOR
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def indicators_create(self, data):
if not isinstance(data, list):
data = [data]
indicators = []
for x in data:
d = {}
if isinstance(x, csirtg_indicator.Indicator):
d = x.__dict__()
else:
d = x
d['feed'] = self.feed
d['user'] = self.user
i = Indicator(
self.handle,
d
)
rv = i.submit()
indicators.append(rv)
assert len(indicators) > 0
return indicators
def indicators_create(self, data):
d = data.__dict__()
d['feed'] = self.feed
d['user'] = self.user
i = Indicator(
self.handle,
d
)
rv = i.submit()
assert rv
def indicators_create(self, data):
if not isinstance(data, list):
data = [data]
indicators = []
for x in data:
d = x.__dict__()
d['feed'] = self.feed
d['user'] = self.user
i = Indicator(d)
rv = i.submit()
indicators.append(rv)
assert len(indicators) > 0
return indicators
def test_indicator_attachment_docx(client):
f = Feed(client).new(USER, FEED, description='test build feed')
assert f['created_at']
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'attachment': 'samples/c..docx',
'comment': 'asdfasdfasdf'
})
r = i.submit()
assert r['indicator'] == 'c2642e519c7f325300ed250710b4f815ac542c1d'
assert r['attachments'][0]['attachment']
assert r['attachments'][0]['filesize']
assert r['attachments'][0]['created_at']
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def test_indicator_attachment_jar(client):
f = Feed(client).new(USER, FEED, description='test build feed')
assert f['created_at']
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'attachment': 'samples/malware.jar',
'comment': 'asdfasdfasdf'
})
r = i.submit()
assert r['indicator'] == '8ab0079d8e80c2e166b3b12364c89255d79c9f75'
assert r['attachments'][0]['attachment']
assert r['attachments'][0]['filesize']
assert r['attachments'][0]['created_at']
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def test_indicator_attachment_zip(client):
f = Feed(client).new(USER, FEED, description='test build feed')
assert f['created_at']
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'attachment': 'samples/malware.jar.zip',
'comment': 'asdfasdfasdf'
})
r = i.submit()
assert r['indicator'] == 'f31e226048d9bd45513e691a50a4b83893397235'
assert r['attachments'][0]['attachment']
assert r['attachments'][0]['filesize']
assert r['attachments'][0]['created_at']
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def test_indicator_attachment_txt(client):
f = Feed(client).new(USER, FEED, description='test build feed')
assert f['created_at']
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'attachment': 'samples/message.eml',
'comment': 'asdfasdfasdf'
})
r = i.submit()
assert r['indicator'] == '2f9496a6331b2e75e5208b93d144e8fe484b316a'
assert r['attachments'][0]['attachment']
assert r['attachments'][0]['filesize']
assert r['attachments'][0]['created_at']
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def test_indicator_attachment_pdf(client):
f = Feed(client).new(USER, FEED, description='test build feed')
assert f['created_at']
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'attachment': 'samples/hello_world.pdf',
'comment': 'asdfasdfasdf'
})
r = i.submit()
assert r['indicator'] == 'cc9881dc27a8d3e410cdf7e667ff5efa5cbfdaed'
assert r['attachments'][0]['attachment']
assert r['attachments'][0]['filesize']
assert r['attachments'][0]['created_at']
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def test_indicator_attachment_doc(client):
f = Feed(client).new(USER, FEED, description='test build feed')
assert f['created_at']
i = Indicator(
client, {
'user': USER,
'feed': FEED,
'attachment': 'samples/business_relationship.doc',
'comment': 'asdfasdfasdf'
})
r = i.submit()
assert r['indicator'] == 'f0ee0d5a1279fbdd93a9c5b9a1377894113f0ec0'
assert r['attachments'][0]['attachment']
assert r['attachments'][0]['filesize']
assert r['attachments'][0]['created_at']
# delete test feed
f = Feed(client).remove(USER, FEED)
assert f == 200
def indicators_create(self, data):
if not isinstance(data, list):
data = [data]
indicators = []
for x in data:
d = {}
if isinstance(x, csirtg_indicator.Indicator):
d = x.__dict__()
else:
d = x
d['feed'] = self.feed
d['user'] = self.user
i = Indicator(d)
rv = i.submit()
indicators.append(rv)
assert len(indicators) > 0
return indicators