def test_certificate(mocker):
mocker.patch.object(demisto, 'args', return_value={'common_name': TEST_DOMAIN})
mocker.patch('Expanse.http_request', side_effect=http_request_mock)
mocker.patch.object(demisto, 'command', return_value='expanse-get-certificate')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
assert results[0]['EntryContext']['Expanse.Certificate(val.SearchTerm == obj.SearchTerm)']['CommonName'] == TEST_DOMAIN
def test_ip_missing_values(mocker):
mocker.patch.object(demisto, 'params', return_value={'api_key': TEST_API_KEY})
mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP})
mocker.patch('Expanse.http_request', side_effect=http_request_mock_missing)
mocker.patch.object(demisto, 'command', return_value='ip')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
assert results[0]['EntryContext']['IP(val.Address == obj.Address)']['Geo'].get('Location') is None
def test_domain(mocker):
mocker.patch.object(demisto, 'args', return_value={'domain': TEST_DOMAIN})
mocker.patch('Expanse.http_request', side_effect=http_request_mock)
mocker.patch.object(demisto, 'command', return_value='domain')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
assert results[0]['Contents']['domain'] == TEST_DOMAIN
assert results[0]['EntryContext']['DBotScore']['Type'] == 'url'
assert results[0]['EntryContext']['Domain(val.Name == obj.Name)']['Name'] == TEST_DOMAIN
def test_exposures(mocker):
mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP})
mocker.patch('Expanse.http_request', side_effect=http_request_mock)
mocker.patch.object(demisto, 'command', return_value='expanse-get-exposures')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
assert results[0]['EntryContext']['Expanse.Exposures(val.SearchTerm == obj.SearchTerm)']['SearchTerm'] == TEST_IP
assert results[0]['EntryContext']['Expanse.Exposures(val.SearchTerm == obj.SearchTerm)']['WarningExposureCount'] \
== 1
def test_behavior(mocker):
mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP, 'start_time': '2020-03-28T00:00:00.000Z'})
mocker.patch('Expanse.http_request', side_effect=http_request_mock)
mocker.patch.object(demisto, 'command', return_value='expanse-get-behavior')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
assert results[0]['EntryContext']['Expanse.Behavior(val.SearchTerm == obj.SearchTerm)']['SearchTerm'] == TEST_IP
assert results[0]['EntryContext']['Expanse.Behavior(val.SearchTerm == obj.SearchTerm)']['ExternalAddresses'] \
== '169.255.204.27'
def test_ip(mocker):
mocker.patch.object(demisto, 'params', return_value={'api_key': TEST_API_KEY})
mocker.patch.object(demisto, 'args', return_value={'ip': TEST_IP})
mocker.patch('Expanse.http_request', side_effect=http_request_mock)
mocker.patch.object(demisto, 'command', return_value='ip')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
assert results[0]['Contents']['search'] == TEST_IP
assert results[0]['EntryContext']['DBotScore']['Type'] == 'ip'
assert results[0]['EntryContext']['IP(val.Address == obj.Address)']['Address'] == TEST_IP
assert results[0]['EntryContext']['IP(val.Address == obj.Address)']['Geo']['Location'] == "41.0433:-81.5239"
def test_fetch_incidents(mocker):
mocker.patch.object(demisto, 'params', return_value={
'api_key': TEST_API_KEY,
'first_run': '7'
})
mocker.patch('Expanse.http_request', side_effect=http_request_mock)
mocker.patch.object(demisto, 'command', return_value='fetch-incidents')
mocker.patch.object(demisto, 'results')
main()
results = demisto.results.call_args[0]
r = json.loads(results[0]['Contents'])
assert r[0]['name'] == "NTP_SERVER on 203.215.173.113:123/UDP"
assert r[0]['severity'] == 1
