def _add_incident(self, event, *args, **kwargs):
"""Function to add an incident to another org."""
# get information about the incident, such as its ID
incident = event.message["incident"]
inc_id = incident["id"]
LOG.info("Connecting to alternate org...")
resilient_client = resilient.SimpleClient(self.to_org_name,
self.to_org_address,
verify=self.to_org_verify_tls)
LOG.info("Authenticating with alternate org...")
resilient_client.connect(self.to_org_username,
self.to_org_password)
LOG.info("Creating new incident data...")
# NOTE: The other organization is likely to have different schema from the originating org
# (custom fields, and different valid values for 'select' fields). Ensure that all required
# fields are set in the new incident, and that copied values are mapped appropriately.
new_incident = {'name': 'New Incident Copied From Other Org',
'description': 'Incident created from incident '+str(inc_id),
'discovered_date': incident['discovered_date']}
LOG.info("Posting new incident to alternate org...")
new_incident = resilient_client.post('/incidents', new_incident)
LOG.info("Finished incident posting! New incident ID is %s", new_incident["id"])
return "Incident Created"
def test_org_error(self, co3_args):
"""No org entered"""
url = "https://{0}:{1}".format(co3_args.host, co3_args.port or 443)
client = resilient.SimpleClient(org_name=co3_args.org,
base_url=url,
verify=False,
proxies=co3_args.proxy)
# Mismatch.
try:
client._extract_org_id({"orgs": [{"name": "Fake Org"}]})
assert False
except Exception as e:
assert True
# not enabled
try:
client._extract_org_id(
{"orgs": [{
"name": client.org_name,
"enabled": False
}]})
assert False
except Exception as e:
assert True
# Erase org_name input
client.org_name = None
try:
client._extract_org_id({"orgs": [{"name": "Fake Org"}]})
assert False
except Exception as e:
assert True
def test_connect_no_verify(self, co3_args):
""" Successful connection with no Cert Verification """
url = "https://{0}:{1}".format(co3_args.host, co3_args.port or 443)
client = resilient.SimpleClient(org_name=co3_args.org,
base_url=url,
verify=False)
assert client
userinfo = client.connect(co3_args.email, co3_args.password)
assert userinfo
def _connect(self, co3_args):
uri = "https://{0}:{1}".format(co3_args.host, co3_args.port or 443)
client = resilient.SimpleClient(org_name=co3_args.org,
base_url=uri,
verify=False)
assert client
user_info = client.connect(co3_args.email, co3_args.password)
assert user_info
return client
def test_extract_org_id_failure(self, co3_args, resp):
"""Extract org id given org name"""
url = "https://{0}:{1}".format(co3_args.host, co3_args.port or 443)
client = resilient.SimpleClient(org_name=co3_args.org,
base_url=url,
verify=False,
proxies=co3_args.proxy)
try:
client._extract_org_id({"orgs": resp})
assert False
except Exception as e:
assert True
def connect(self, opt_parser):
res_opt = opt_parser.opts.get(RESILIENT_SECTION)
host = res_opt.get("host", None)
port = res_opt.get("port", 443)
email = res_opt.get("email", None)
password = res_opt.get("password", None)
org = res_opt.get("org", None)
api_key_id = res_opt.get("api_key_id", None)
api_key_secret = res_opt.get("api_key_secret", None)
if host and org and ((email and password) or (api_key_id and api_key_secret)):
url = "https://{}:{}".format(host, port)
verify = True
try:
cafile = opt_parser.getopt(RESILIENT_SECTION, "cafile")
if cafile in ['false', 'False']:
#
# This is a security related feature. The user has to explicitly enter false or False to
# turn it off. We don't accept anything else.
#
self.log.debug("HTTPS certificate validation has been turned off.")
requests.packages.urllib3.disable_warnings()
verify = False
elif os.path.isfile(cafile):
#
# User specified a cafile for trusted certificate
#
verify = cafile
except:
verify = True
args = {"base_url": url,
"verify": verify,
"org_name": org}
self.res_client = resilient.SimpleClient(**args)
if email is not None and password is not None:
session = self.res_client.connect(email, password)
if session is not None:
user_name = session.get("user_displayname", "Not found")
print("User display name is : {}".format(user_name))
print("Done")
else:
self.res_client.set_api_key(api_key_id=api_key_id,
api_key_secret=api_key_secret)
def client_connection(self):
config = configparser.ConfigParser()
section = "resilient"
config.read("config.cfg")
host = config.get(section, 'host')
port = config.get(section, 'port')
email = config.get(section, 'email')
password = config.get(section, 'password')
org = config.get(section, 'org')
url = "https://{0}:{1}".format(host, port or 443)
client = resilient.SimpleClient(org_name=org,
base_url=url,
verify=False)
userinfo = client.connect(email, password)
assert userinfo
print("working")
return client
def test_api_key(self, co3_args):
"""
Test using api key to get org
:return:
"""
print(str(co3_args))
url = "https://{0}:{1}".format(co3_args.host, co3_args.port or 443)
client = resilient.SimpleClient(org_name=co3_args.org,
base_url=url,
verify=False,
proxies=co3_args.proxy)
if (co3_args.api_key_id is not None and co3_args.api_key_secret is not None):
try:
# Erase org_id
client.org_id = None
ret = client.set_api_key(co3_args.api_key_id, co3_args.api_key_secret)
assert client.org_id
except Exception as e:
assert False
def connect(self):
print("----------------")
print("Ready to connect")
print("----------------")
print("Read config information from app.confg ...")
arg_parser = resilient.ArgumentParser(
resilient.get_config_file()).parse_args(args=self.other_args)
host = arg_parser.host
email = arg_parser.email
password = arg_parser.password
org = arg_parser.org
api_key_id = arg_parser.api_key_id
api_key_secret = arg_parser.api_key_secret
cafile = arg_parser.cafile
verify = True
if cafile is not None and cafile == "false":
verify = False
url = "https://{}:443".format(host)
print("Connecting to {} using user:{}, and org:{}".format(
url, email, org))
print("Validate cert: {}".format(verify))
args = {"base_url": url, "verify": verify, "org_name": org}
self.res_client = resilient.SimpleClient(**args)
if email is not None and password is not None:
session = self.res_client.connect(email, password)
if session is not None:
user_name = session.get("user_displayname", "Not found")
print("User display name is : {}".format(user_name))
print("Done")
else:
self.res_client.set_api_key(api_key_id=api_key_id,
api_key_secret=api_key_secret)
def __init__(self, request):
# TODO: replace/supplement with the 'resilient.circuits.customize' entry-point
# TODO: Add support for phases, tasks, incident types.
# TODO: Add support for optional action and custom fields (currently all set as required)
host = os.environ.get("TEST_RESILIENT_APPLIANCE",
request.config.option.resilient_host)
url = "https://%s:443" % host
org = os.environ.get("TEST_RESILIENT_ORG",
request.config.option.resilient_org)
user = os.environ.get("TEST_RESILIENT_USER",
request.config.option.resilient_email)
password = os.environ.get("TEST_RESILIENT_PASSWORD",
request.config.option.resilient_password)
assert all((host, org, user, password))
# Connect to Resilient
self.client = resilient.SimpleClient(org_name=org,
base_url=url,
verify=False)
session = self.client.connect(user, password)
# Retrieve constants from appliance
constants = self._get_constants()["actions_framework"]
# Invert the dictionaries so they are {"name": id,...}
action_object_types = {
value: int(key)
for key, value in constants["action_object_types"].items()
}
action_types = {
value: int(key)
for key, value in constants["action_types"].items()
}
destination_types = {
value: int(key)
for key, value in constants["destination_types"].items()
}
# Delete all existing configuration items
self._clear_org()
# Create all required configuration items for this class of tests
action_fields = getattr(request.cls, "action_fields", None)
if action_fields:
for field_name, info in action_fields.items():
success = self._create_action_field(field_name, info[0],
info[1], info[2])
assert success
custom_fields = getattr(request.cls, "custom_fields", None)
if custom_fields:
for field_name, info in custom_fields.items():
success = self._create_custom_field(field_name, info[0],
info[1], info[2])
assert success
destinations = getattr(request.cls, "destinations", None)
if destinations:
for queue_name in destinations:
success = self._create_destination(queue_name,
destination_types["Queue"])
assert success
destinations = self.client.get("/message_destinations")["entities"]
destinations = {
dest["programmatic_name"]: int(dest["id"])
for dest in destinations
}
manual_actions = getattr(request.cls, "manual_actions", None)
if manual_actions:
for action_name, info in manual_actions.items():
success = self._create_manual_action(
action_name, destinations[info[0]],
action_object_types[info[1]], action_types["Manual"],
info[2])
assert success
automatic_actions = getattr(request.cls, "automatic_actions", None)
if automatic_actions:
for action_name, info in automatic_actions.items():
success = self._create_automatic_action(
action_name, destinations[info[0]],
action_object_types[info[1]], action_types["Automatic"],
info[2])
assert success
data_tables = getattr(request.cls, "data_tables", None)
print("create data tables: %s" % data_tables)
if data_tables:
for table_name, columns in data_tables.items():
success = self._create_data_table(table_name, columns)
assert success
def download_incidents_csv(opt_parser, csv_file):
"""
Download incidents and convert json into CSV. Save the result to the csv_file.
:param opt_parser: Options/configurations and command line parameters
:param csv_file: CSV file to save samples/incidents to
:return: Number of incidents saved to the CSV file
"""
res_opt = opt_parser.opts.get(RESILIENT_SECTION)
host = res_opt.get("host", None)
email = res_opt.get("email", None)
password = res_opt.get("password", None)
org = res_opt.get("org", None)
num_inc = 0
if host and org and email and password:
url = "https://{}:443".format(host)
verify = True
try:
cafile = opt_parser.getopt(RESILIENT_SECTION, "cafile")
if cafile == "false" or cafile == "False":
#
# This is a security related feature. The user has to explicitly enter false or False to
# turn it off. We don't accept anything else.
#
LOG.debug("HTTPS certificate validation has been turned off.")
requests.packages.urllib3.disable_warnings()
verify = False
elif os.path.isfile(cafile):
#
# User specified a cafile for trusted certificate
#
verify = cafile
except:
verify = True
args = {"base_url": url, "verify": verify, "org_name": org}
resilient_client = resilient.SimpleClient(**args)
session = resilient_client.connect(email, password)
max_count = None
if opt_parser.getopt(MACHINE_LEARNING_SECTION, "max_count"):
max_count = int(
opt_parser.getopt(MACHINE_LEARNING_SECTION, "max_count"))
time_start = opt_parser.getopt(MACHINE_LEARNING_SECTION, "time_start")
time_end = opt_parser.getopt(MACHINE_LEARNING_SECTION, "time_end")
res_filter = IncidentTimeFilter(time_start=time_start,
time_end=time_end,
in_log=LOG)
# get_incidents is going to download all the incidents using this resilient_client
# The optional max_count controls how many samples to process. The conversion from
# json to CSV will stop once reaches this limit.
num_inc = resilient_utils.get_incidents(res_client=resilient_client,
filename=csv_file,
filter=res_filter,
max_count=max_count,
in_log=LOG)
LOG.info("Saved {} samples into {}".format(num_inc, csv_file))
return num_inc
def test_throw_simple_http_exception(self, co3_args):
with pytest.raises(resilient.SimpleHTTPException) as exception_info:
client = resilient.SimpleClient("Not A real Org")
user_info = client.connect("*****@*****.**", "test")
assert exception_info
