def test_fetch_indicators_command(mocker):
cyjax_indicator = mocked_indicators
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=cyjax_indicator)
last_fetch = datetime(2020, 12, 30, 15, 38)
last_fetch_timestamp = int(last_fetch.timestamp())
result = fetch_indicators_command(client_for_testing, last_fetch,
default_reputation)
assert isinstance(result, tuple)
next_run, incidents = result
assert last_fetch_timestamp != next_run
assert '1640988032' != next_run
assert 1640988032 == next_run
expected_indicators = [
convert_cyjax_indicator(cyjax_indicator[0]),
convert_cyjax_indicator(cyjax_indicator[1]),
convert_cyjax_indicator(cyjax_indicator[2]),
convert_cyjax_indicator(cyjax_indicator[3])
]
assert isinstance(incidents, list)
assert expected_indicators == incidents
assert 4 == len(incidents)
def test_fetch_indicators_main_command_call_use_cyjax_tlp(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com',
'use_cyjax_tlp': True,
'tlp_color': 'AMBER'
})
last_fetch = datetime(2020, 12, 27, 15, 45)
last_fetch_timestamp = int(last_fetch.timestamp())
mocker.patch.object(
demisto,
'getIntegrationContext',
return_value={INDICATORS_LAST_FETCH_KEY: last_fetch_timestamp})
cyjax_indicator = mocked_indicators
expected_indicators = [convert_cyjax_indicator(cyjax_indicator[1])]
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=[cyjax_indicator[1]])
mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
mocker.patch.object(demisto, 'createIndicators')
mocker.patch.object(demisto, 'setIntegrationContext')
main()
assert demisto.createIndicators.call_count == 1
assert demisto.setIntegrationContext.call_count == 1
demisto.createIndicators.assert_called_with(expected_indicators)
assert 'GREEN' == expected_indicators[0]['fields']['trafficlightprotocol']
def test_convert_cyjax_indicator_with_default_score():
cyjax_indicator = mocked_indicators[0]
indicator_date = dateparser.parse(cyjax_indicator.get('discovered_at'))
xsoar_indicator = convert_cyjax_indicator(cyjax_indicator)
assert xsoar_indicator.get('value') == cyjax_indicator.get('value')
assert xsoar_indicator.get('rawJSON') == cyjax_indicator
assert FeedIndicatorType.URL == xsoar_indicator.get('type')
assert 2 == xsoar_indicator.get('score')
assert indicator_date.strftime(
DATE_FORMAT) == xsoar_indicator['fields']['firstseenbysource']
assert cyjax_indicator['geoip']['country_name'] == xsoar_indicator[
'fields']['geocountry']
assert cyjax_indicator['geoip']['city_name'] == xsoar_indicator['fields'][
'city']
assert "Lon: 37.7759, Lat: 47.9917" == xsoar_indicator['fields'][
'geolocation']
assert cyjax_indicator['ttp'] == xsoar_indicator['fields'][
'cyjaxtechniquestacticsprocedures']
assert cyjax_indicator['industry_type'] == xsoar_indicator['fields'][
'cyjaxindustrytypes']
assert cyjax_indicator['source'] == xsoar_indicator['fields']['source']
assert cyjax_indicator['description'] == xsoar_indicator['fields'][
'description']
assert cyjax_indicator['handling_condition'] == xsoar_indicator['fields'][
'trafficlightprotocol']
def test_get_indicators_main_command_call_no_new_indicators(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com'
})
mocker.patch.object(demisto,
'getIntegrationContext',
return_value={
INDICATORS_LAST_FETCH_KEY:
int(datetime(2020, 12, 27, 15, 45).timestamp())
})
cyjax_indicator = mocked_indicators
expected_indicators = [
convert_cyjax_indicator(cyjax_indicator[0]),
convert_cyjax_indicator(cyjax_indicator[1]),
convert_cyjax_indicator(cyjax_indicator[2]),
convert_cyjax_indicator(cyjax_indicator[3])
]
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=cyjax_indicator)
mocker.patch.object(demisto,
'command',
return_value='cyjax-get-indicators')
mocker.patch.object(demisto, 'results')
main()
assert demisto.results.call_count == 1
result = demisto.results.call_args[0][0]
assert isinstance(result, dict)
assert 'Type' in result
assert 'ContentsFormat' in result
assert 'Contents' in result
assert 'ReadableContentsFormat' in result
assert 'HumanReadable' in result
assert 'EntryContext' in result
assert EntryType.NOTE == result.get('Type')
assert EntryFormat.JSON == result.get('ContentsFormat')
assert EntryFormat.MARKDOWN == result.get('ReadableContentsFormat')
assert expected_indicators == result.get('Contents')
def test_convert_cyjax_indicator_with_set_score():
cyjax_indicator = mocked_indicators[1]
xsoar_indicator = convert_cyjax_indicator(cyjax_indicator,
map_reputation_to_score('Bad'))
assert xsoar_indicator.get('value') == cyjax_indicator.get('value')
assert xsoar_indicator.get('rawJSON') == cyjax_indicator
assert FeedIndicatorType.File == xsoar_indicator.get('type')
assert 3 == xsoar_indicator.get('score')
def test_fetch_indicators_main_command_call(mocker):
mocker.patch.object(demisto,
'params',
return_value={
'apikey': 'test-api-key',
'url': 'https://cyjax-api-for-testing.com',
'use_cyjax_tlp': True
})
last_fetch = datetime(2020, 12, 27, 15, 45)
last_fetch_timestamp = int(last_fetch.timestamp())
mocker.patch.object(
demisto,
'getIntegrationContext',
return_value={INDICATORS_LAST_FETCH_KEY: last_fetch_timestamp})
cyjax_indicator = mocked_indicators
expected_indicators = [
convert_cyjax_indicator(cyjax_indicator[0]),
convert_cyjax_indicator(cyjax_indicator[1]),
convert_cyjax_indicator(cyjax_indicator[2]),
convert_cyjax_indicator(cyjax_indicator[3])
]
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=cyjax_indicator)
mocker.patch.object(demisto, 'command', return_value='fetch-indicators')
mocker.patch.object(demisto, 'createIndicators')
mocker.patch.object(demisto, 'setIntegrationContext')
main()
assert demisto.createIndicators.call_count == 1
assert demisto.setIntegrationContext.call_count == 1
demisto.createIndicators.assert_called_with(expected_indicators)
demisto.setIntegrationContext.assert_called_with(
{'last_fetch': 1640988032})
def test_get_indicators_command_response(mocker):
cyjax_indicator = mocked_indicators
mocker.patch('FeedCyjax.cyjax_sdk.IndicatorOfCompromise.list',
return_value=cyjax_indicator)
result = get_indicators_command(client_for_testing, demisto.args())
assert isinstance(result, dict)
assert 'Type' in result
assert 'ContentsFormat' in result
assert 'Contents' in result
assert 'ReadableContentsFormat' in result
assert 'HumanReadable' in result
assert 'EntryContext' in result
assert EntryType.NOTE == result.get('Type')
assert EntryFormat.JSON == result.get('ContentsFormat')
assert EntryFormat.MARKDOWN == result.get('ReadableContentsFormat')
expected_indicators = [
convert_cyjax_indicator(cyjax_indicator[0]),
convert_cyjax_indicator(cyjax_indicator[1]),
convert_cyjax_indicator(cyjax_indicator[2]),
convert_cyjax_indicator(cyjax_indicator[3])
]
assert expected_indicators == result.get('Contents')