def test_get_asset_ips_and_enrich_offense_addresses__no_enrich(self):
"""
Run offense ips enrichment with skip_enrichment=True
Given:
- Offense response was fetched from QRadar with source_ip and destination_ip
When:
- Enriching fetched offense with skip_enrichment=True
Then:
- IPs are not enriched
- Asset map is returned as a result
"""
offense = deepcopy(RAW_RESPONSES["qradar-update-offense"])
src_adrs = {254: '8.8.8.8'}
dst_adrs = {4: '1.2.3.4'}
expected = {'8.8.8.8', '1.2.3.4'}
actual = get_asset_ips_and_enrich_offense_addresses(
offense, src_adrs, dst_adrs, skip_enrichment=True)
assert offense == RAW_RESPONSES["qradar-update-offense"]
assert expected == actual
def test_get_asset_ips_and_enrich_offense_addresses__with_enrich(self):
"""
Run offense ips enrichment with skip_enrichment=False
Given:
- Offense response was fetched from QRadar with source_ip and destination_ip
When:
- Enriching fetched offense with skip_enrichment=False
Then:
- IPs are enriched
- Asset map is returned as a result
"""
offense = deepcopy(RAW_RESPONSES["qradar-update-offense"])
src_adrs = {254: '8.8.8.8', 5: '1.2.3.5'}
dst_adrs = {4: '1.2.3.4'}
expected_assets = {'8.8.8.8', '1.2.3.4'}
actual = get_asset_ips_and_enrich_offense_addresses(
offense, src_adrs, dst_adrs, skip_enrichment=False)
assert offense != RAW_RESPONSES["qradar-update-offense"]
assert offense['source_address_ids'] == [src_adrs[254]]
assert offense['local_destination_address_ids'] == [dst_adrs[4]]
assert expected_assets == actual