Python OfficeScanWebReputationParser примеры использования

Язык программирования: Python

Пространство имен/Пакет: plaso.parsers.trendmicroav

Метод/Функция: OfficeScanWebReputationParser

Примеров на hotexamples.com: 2

Python OfficeScanWebReputationParser - 2 примера найдено. Это лучшие примеры Python кода для plaso.parsers.trendmicroav.OfficeScanWebReputationParser, полученные из open source проектов. Вы можете ставить оценку каждому примеру, чтобы помочь нам улучшить качество примеров.

Пример #1

Показать файл

    def testWebReputationParse(self):
        """Tests the Parse function."""
        parser = trendmicroav.OfficeScanWebReputationParser()
        storage_writer = self._ParseFile(['OfcUrlf.log'], parser)

        self.assertEqual(storage_writer.number_of_warnings, 0)
        self.assertEqual(storage_writer.number_of_events, 4)

        # The order in which DSVParser generates events is nondeterministic
        # hence we sort the events.
        events = list(storage_writer.GetSortedEvents())

        event = events[1]
        self.CheckTimestamp(event.timestamp, '2018-01-23 13:16:22.000000')

        # Test the third event.
        event = events[2]
        self.assertEqual(event.url, 'http://www.eicar.org/download/eicar.com')
        self.assertEqual(event.group_code, '4E')
        self.assertEqual(event.credibility_score, 49)

        expected_message = (
            'http://www.eicar.org/download/eicar.com '
            'Group: Malware Accomplice 4E Mode: Whitelist only Policy ID: 1 '
            'Credibility rating: 1 Credibility score: 49 Threshold value: 0 '
            'Accessed by: C:\\Users\\user\\Downloads\\wget.exe')
        expected_short_message = (
            'http://www.eicar.org/download/eicar.com Malware Accomplice')

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)

Пример #2

Показать файл

    def testWebReputationParse(self):
        """Tests the Parse function."""
        parser = trendmicroav.OfficeScanWebReputationParser()
        storage_writer = self._ParseFile(['OfcUrlf.log'], parser)

        self.assertEqual(storage_writer.number_of_events, 4)
        self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
        self.assertEqual(storage_writer.number_of_recovery_warnings, 0)

        # The order in which DSVParser generates events is nondeterministic
        # hence we sort the events.
        events = list(storage_writer.GetSortedEvents())

        expected_event_values = {
            'date_time': '2018-01-23 13:16:22',
            'data_type': 'av:trendmicro:webrep'
        }

        self.CheckEventValues(storage_writer, events[1], expected_event_values)

        expected_event_values = {
            'application_name': 'C:\\Users\\user\\Downloads\\wget.exe',
            'block_mode': 1,
            'credibility_rating': 1,
            'credibility_score': 49,
            'date_time': '2018-01-23 13:17:02',
            'data_type': 'av:trendmicro:webrep',
            'group_code': '4E',
            'group_name': 'Malware Accomplice',
            'policy_identifier': 1,
            'threshold': 0,
            'url': 'http://www.eicar.org/download/eicar.com'
        }

        self.CheckEventValues(storage_writer, events[2], expected_event_values)