def test_convert_to_xsoar_incident():
"""
Given:
- A full incident from the Saas Security platform
When:
- Fetching incidents
Then:
- Returns xsoar incident
"""
from SaasSecurity import convert_to_xsoar_incident
incident = util_load_json('test_data/get-incident-by-id.json')
expected = {
"name": "Saas Security: SP0605 copy 6.java",
"occurred": "2021-08-03T20:25:15Z",
"rawJSON": json.dumps(incident)
}
xsoar_incident = convert_to_xsoar_incident(incident)
assert xsoar_incident == expected
def test_convert_to_xsoar_incident_without_occurred():
"""
Given:
- An incident without the created_at field from the Saas Security platform
When:
- Fetching incidents
Then:
- Returns xsoar incident
"""
from SaasSecurity import convert_to_xsoar_incident
incident = util_load_json('test_data/get-incident-by-id.json')
incident['created_at'] = None
expected = {
"name": "Saas Security: SP0605 copy 6.java",
"occurred": None,
"rawJSON": json.dumps(incident)
}
xsoar_incident = convert_to_xsoar_incident(incident)
assert xsoar_incident == expected