def test_build_dbot_entry(self): from CommonServerPython import build_dbot_entry res = build_dbot_entry('*****@*****.**', 'Email', 'Vendor', 1) assert res == { 'DBotScore': { 'Indicator': '*****@*****.**', 'Type': 'email', 'Vendor': 'Vendor', 'Score': 1 } }
def test_build_dbot_entry_no_malicious(self): from CommonServerPython import build_dbot_entry res = build_dbot_entry('*****@*****.**', 'Email', 'Vendor', 3, build_malicious=False) assert res == { 'DBotScore': { 'Indicator': '*****@*****.**', 'Type': 'email', 'Vendor': 'Vendor', 'Score': 3 } }
def test_file_indicators(self): from CommonServerPython import build_dbot_entry, outputPaths res = build_dbot_entry('md5hash', 'md5', 'Vendor', 3) assert res == { "DBotScore": { "Indicator": "md5hash", "Type": "file", "Vendor": "Vendor", "Score": 3 }, outputPaths['file']: { "MD5": "md5hash", "Malicious": { "Vendor": "Vendor", "Description": None } } }
def test_build_dbot_entry_malicious(self): from CommonServerPython import build_dbot_entry, outputPaths res = build_dbot_entry('*****@*****.**', 'Email', 'Vendor', 3, 'Malicious email') assert res == { "DBotScore": { "Vendor": "Vendor", "Indicator": "*****@*****.**", "Score": 3, "Type": "email" }, outputPaths['email']: { "Malicious": { "Vendor": "Vendor", "Description": "Malicious email" }, "Address": "*****@*****.**" } }
def test_illegal_indicator_type(self): from CommonServerPython import build_dbot_entry, DemistoException with raises(DemistoException, match='illegal indicator type'): build_dbot_entry('1', 'NOTHING', 'Vendor', 2)
def test_illegal_dbot_score(self): from CommonServerPython import build_dbot_entry, DemistoException with raises(DemistoException, match='illegal DBot score'): build_dbot_entry('1', 'ip', 'Vendor', 8)