def test_check_config_default_url(self):
test_config_ops = default_config_data.copy()
try:
check_config(test_config_ops)
assert False
except ValueError as e:
assert e.args[0] == "esm_url is still the default value, this must be changed to run this function"
def test_check_config_no_esm_section(self):
try:
check_config({})
assert False
except ValueError as e:
assert e.args[
0] == "[fn_mcafee_esm] section is not set in the config file"
def test_check_config_default_username(self):
test_config_ops = default_config_data.copy()
try:
test_config_ops["esm_url"] = "somethingelse.com"
check_config(test_config_ops)
assert False
except ValueError as e:
assert e.args[0] == "esm_username is still the default value, this must be changed to run this function"
def test_check_config_no_url(self):
test_config_ops = t_config_data.copy()
try:
del test_config_ops["esm_url"]
check_config(test_config_ops)
assert False
except ValueError as e:
assert e.args[0] == "esm_url is not set. You must set this value to run this function"
def test_check_config_default_trust_cert(self):
test_config_ops = default_config_data.copy()
try:
test_config_ops["esm_url"] = "somethingelse.com"
test_config_ops["esm_username"] = "******"
test_config_ops["esm_password"] = "******"
check_config(test_config_ops)
assert False
except ValueError as e:
assert e.args[0] == "verify_cert is still the default value, this must be changed to run this function"
def test_case_get_list_of_cases(self, mocked_requests_post):
ops = check_config(t_config_data)
content1 = {
"status": "success"
}
content2 = [{
"severity": 2,
"summary": "test3",
"openTime": "08/09/2018 21:07:29",
"id": 2,
"statusId": {
"value": 1
}
}, {
"severity": 1,
"summary": "test3",
"openTime": "08/10/2018 19:18:43",
"id": 3,
"statusId": {
"value": 1
}
}]
mocked_requests_post.side_effect = [generate_response(content1, 200),
generate_response(content2, 200)]
actual_response = case_get_case_list(ops)
assert content2 == actual_response
def test_query_esm(self, mocked_requests_common):
ops = check_config(t_config_data)
content1 = {
"totalRows": 0,
"resultID": "123456789",
"totalResultID": "0",
"groupByString": "",
"countColumn": 0,
"labelColumn": 0,
"attributeColumn": 0,
"drilldownColumn": 1
}
content2 = {
'totalRecords': 1,
'complete': True,
'milliseconds': 5,
'percentComplete': 100
}
mocked_requests_common.execute_call_v2 = MagicMock()
mocked_requests_common.execute_call_v2.side_effect = [
generate_response(content1, 200),
generate_response(content2, 200)
]
data = '{"config": {"timeRange": "CUSTOM", "customStart": "2018-08-15T14:49:25.324Z", "customEnd": "2018-08-20T15:49:25.324Z", "order": [{"direction": "ASCENDING", "field": {"name": "FirstTime"}}], "includeTotal": "false", "fields": [{"name": "FirstTime"}, {"name": "LastTime"}, {"name": "DSIDSigID"}, {"name": "EventCount"}, {"name": "SrcIP"}, {"name": "Rule.msg"}, {"name": "AppID"}, {"name": "Filename"}, {"name": "HostID"}, {"name": "Object_Type"}, {"name" : "Threat_Name"}], "filters": [{"type": "EsmFieldFilter", "field": {"name": "DSIDSigID"}, "operator": "IN", "values": [{"type": "EsmBasicValue", "value": "306-50080"}]}]}}'
r_ID, r = query_esm(mocked_requests_common, ops, {}, data, "EVENT")
assert 1 == r
assert '{"resultID": "123456789"}' == r_ID
def __init__(self, opts):
"""constructor provides access to the configuration options"""
super(FunctionComponent, self).__init__(opts)
self.options = opts.get("fn_mcafee_esm", {})
# Check config file and change trust_cert to Boolean
self.options = check_config(self.options)
def selftest_function(opts):
"""
Simple test to verify McAfee ESM connectivity.
"""
options = opts.get("fn_mcafee_esm", {})
try:
# Instantiate RequestsCommon object
rc = RequestsCommon(opts=opts, function_opts=options)
# Check config file and change trust_cert to Boolean
options = check_config(options)
url = options["esm_url"] + "/rs/esm/v2/caseGetCaseList"
headers = get_authenticated_headers(rc, options["esm_url"],
options["esm_username"],
options["esm_password"],
options["trust_cert"])
r = rc.execute_call_v2('post',
url,
headers=headers,
verify=options["trust_cert"],
proxies=rc.get_proxies())
if r.status_code == 200:
return {"state": "success", "status_code": r.status_code}
else:
return {"state": "failure", "status_code": r.status_code}
except Exception as e:
return {"state": "failure", "status_code": e}
def test_case_edit_case_details(self, mocked_requests_post):
ops = check_config(t_config_data)
content1 = {"status": "success"}
content2 = {
"dataSourceList":
None,
"assignedTo":
1,
"orgId":
1,
"closeTime":
"08/22/2018 21:27:34",
"eventList": [],
"deviceList":
None,
"notes": [{
"changes": [],
"content": "",
"username": "******",
"action": "Open",
"timestamp": "08/22/2018 21:27:34(GMT)"
}],
"noteAdded":
"",
"history": [{
"changes": [],
"content": "",
"username": "******",
"action": "Viewed",
"timestamp": "08/22/2018 21:28:24(GMT)"
}],
"severity":
1,
"summary":
"test5",
"openTime":
"08/22/2018 21:27:34",
"id":
8194,
"statusId": {
"value": 1
}
}
mocked_requests_post.side_effect = [
generate_response(content1, 200),
generate_response(content2, 200),
generate_response({}, 200)
]
payload = {
"caseDetail": {
"summary": "This is a new summary",
"severity": "2"
}
}
case_edit_case_details(ops, payload, 1)
# Doesn't return anything, if it made it here it passed successfully
assert True
def test_check_config_valid_trust_cert(self):
test_config_data = t_config_data.copy()
test_config_data["verify_cert"] = "True"
expected_config_ops = t_config_data.copy()
expected_config_ops["verify_cert"] = "True"
expected_config_ops["trust_cert"] = True
actual_config_ops = check_config(test_config_data)
assert expected_config_ops == actual_config_ops
def __init__(self, opts):
"""constructor provides access to the configuration options"""
super(ESM_CasePolling, self).__init__(opts)
self.opts = opts
self.options = opts.get("fn_mcafee_esm", {})
# Check config file and change trust_cert to Boolean
self.options = check_config(self.options)
self.main()
def test_get_case_event_detail(self, mocked_requests_post):
ops = check_config(t_config_data)
content1 = {"status": "success"}
content2 = [{
"lastTime": "08/22/2018 17:39:05",
"id": "144115188075855872|1422",
"message": "Failed User Logon"
}]
mocked_requests_post.side_effect = [
generate_response(content1, 200),
generate_response(content2, 200)
]
actual_response = case_get_case_events_details(ops, 1)
assert content2 == actual_response
def test_case_edit_case_details(self, mocked_requests_post):
ops = check_config(t_config_data)
content = {
"dataSourceList":
None,
"assignedTo":
1,
"orgId":
1,
"closeTime":
"08/22/2018 21:27:34",
"eventList": [],
"deviceList":
None,
"notes": [{
"changes": [],
"content": "",
"username": "******",
"action": "Open",
"timestamp": "08/22/2018 21:27:34(GMT)"
}],
"noteAdded":
"",
"history": [{
"changes": [],
"content": "",
"username": "******",
"action": "Viewed",
"timestamp": "08/22/2018 21:28:24(GMT)"
}],
"severity":
1,
"summary":
"test5",
"openTime":
"08/22/2018 21:27:34",
"id":
8194,
"statusId": {
"value": 1
}
}
mocked_requests_post.return_value = generate_response(content, 200)
case = case_get_case_detail(ops, {}, 1)
assert content == case
def test_get_authenticated_headers(self, mocked_requests_post):
ops = check_config(t_config_data)
content = {"status": "success"}
mocked_requests_post.return_value = generate_response(content, 200)
expected_headers = {
"content-type": "application/json",
"cache-control": "no-cache",
"Cookie": "JWTToken=mock_cookie_token",
"X-Xsrf-Token": "mock_header_token"
}
actual_headers = get_authenticated_headers(ops.get("esm_url"),
ops.get("esm_username"),
ops.get("esm_password"),
ops.get("verify_cert"))
assert expected_headers == actual_headers
def test_get_results(self, mocked_requests_common):
ops = check_config(t_config_data)
content = {
u'rows': [{
u'values': [
u'08/20/2018 14:58:23', u'08/20/2018 14:58:23',
u'306-50080', u'1', u'::',
u'A physical network interface connection has been made or removed',
u'', u'', u'', u'', u''
]
}],
u'columns': [{
u'name': u'Alert.FirstTime'
}, {
u'name': u'Alert.LastTime'
}, {
u'name': u'Alert.DSIDSigID'
}, {
u'name': u'Alert.EventCount'
}, {
u'name': u'Alert.SrcIP'
}, {
u'name': u'Rule.msg'
}, {
u'name': u'Alert.BIN(1)'
}, {
u'name': u'Alert.4259843'
}, {
u'name': u'Alert.BIN(4)'
}, {
u'name': u'Alert.BIN(10)'
}, {
u'name': u'Alert.65538'
}]
}
mocked_requests_common.execute_call_v2 = MagicMock()
mocked_requests_common.execute_call_v2.return_value = generate_response(
content, 200)
response = get_results(mocked_requests_common, ops, {}, "123456789")
assert content == response
def test_case_get_list_of_cases(self, mocked_requests_post):
ops = check_config(t_config_data)
content1 = {"status": "success"}
content2 = [{
"severity": 50,
"summary": "Signature ID 'Failed User Logon' (306-31) match found",
"assignee": "admin",
"triggeredDate": "08/27/2018 18:47:14",
"acknowledgedDate": "",
"acknowledgedUsername": "",
"alarmName": "Failed User Logon",
"conditionType": 22,
"id": 8195
}]
mocked_requests_post.side_effect = [
generate_response(content1, 200),
generate_response(content2, 200)
]
params = {"triggeredTimeRange": "CURRENT_DAY"}
actual_response = alarm_get_triggered_alarms(ops, params)
assert content2 == actual_response
def test_check_config_valid(self):
expected_config_ops = t_config_data.copy()
expected_config_ops["trust_cert"] = False
actual_config_ops = check_config(t_config_data)
assert expected_config_ops == actual_config_ops
