def test_indicator_search_ipv6(client): INDICATOR = '2001:4860:4860::8888' # create feed and test created feed f = Feed(client).new(USER, FEED, description='build search test feed') assert f['created_at'] # create test and submit test indicator i = Indicator( client, { 'user': USER, 'feed': FEED, 'indicator': INDICATOR, 'comment': 'this is a test comment' }) r = i.submit() # test creating the indicator assert r['indicator']['indicator'] == INDICATOR assert r['indicator']['itype'] == 'ipv6' assert r['indicator']['created_at'] # search for indicator s = Search(client) r = s.search(INDICATOR, 10) for record in r['feed']['indicators']: if record['indicator']['feed'] == 'live-test-feed': assert record['indicator']['indicator'] == INDICATOR # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def test_indicator_search_url(client): INDICATOR = 'http://www.example.com/test/index.html' # create feed and test created feed f = Feed(client).new(USER, FEED, description='build search test feed') assert f['created_at'] # create test and submit test indicator i = Indicator( client, { 'user': USER, 'feed': FEED, 'indicator': INDICATOR, 'comment': 'this is a test comment' }) r = i.submit() # test creating the indicator assert r['indicator'] == INDICATOR assert r['itype'] == 'uri' assert r['created_at'] # search for indicator s = Search(client) r = s.search(INDICATOR, 10) for record in r: if record['feed'] == 'live-test-feed': assert record['indicator'] == INDICATOR # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def indicators_create(self, data): if not isinstance(data, list): data = [data] indicators = [] for x in data: d = {} if isinstance(x, csirtg_indicator.Indicator): d = x.__dict__() else: d = x d['feed'] = self.feed d['user'] = self.user i = Indicator( self.handle, d ) rv = i.submit() indicators.append(rv) assert len(indicators) > 0 return indicators
def indicators_create(self, data): d = data.__dict__() d['feed'] = self.feed d['user'] = self.user i = Indicator( self.handle, d ) rv = i.submit() assert rv
def indicators_create(self, data): if not isinstance(data, list): data = [data] indicators = [] for x in data: d = x.__dict__() d['feed'] = self.feed d['user'] = self.user i = Indicator(d) rv = i.submit() indicators.append(rv) assert len(indicators) > 0 return indicators
def test_indicator_attachment_docx(client): f = Feed(client).new(USER, FEED, description='test build feed') assert f['created_at'] i = Indicator( client, { 'user': USER, 'feed': FEED, 'attachment': 'samples/c..docx', 'comment': 'asdfasdfasdf' }) r = i.submit() assert r['indicator'] == 'c2642e519c7f325300ed250710b4f815ac542c1d' assert r['attachments'][0]['attachment'] assert r['attachments'][0]['filesize'] assert r['attachments'][0]['created_at'] # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def test_indicator_attachment_jar(client): f = Feed(client).new(USER, FEED, description='test build feed') assert f['created_at'] i = Indicator( client, { 'user': USER, 'feed': FEED, 'attachment': 'samples/malware.jar', 'comment': 'asdfasdfasdf' }) r = i.submit() assert r['indicator'] == '8ab0079d8e80c2e166b3b12364c89255d79c9f75' assert r['attachments'][0]['attachment'] assert r['attachments'][0]['filesize'] assert r['attachments'][0]['created_at'] # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def test_indicator_attachment_zip(client): f = Feed(client).new(USER, FEED, description='test build feed') assert f['created_at'] i = Indicator( client, { 'user': USER, 'feed': FEED, 'attachment': 'samples/malware.jar.zip', 'comment': 'asdfasdfasdf' }) r = i.submit() assert r['indicator'] == 'f31e226048d9bd45513e691a50a4b83893397235' assert r['attachments'][0]['attachment'] assert r['attachments'][0]['filesize'] assert r['attachments'][0]['created_at'] # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def test_indicator_attachment_txt(client): f = Feed(client).new(USER, FEED, description='test build feed') assert f['created_at'] i = Indicator( client, { 'user': USER, 'feed': FEED, 'attachment': 'samples/message.eml', 'comment': 'asdfasdfasdf' }) r = i.submit() assert r['indicator'] == '2f9496a6331b2e75e5208b93d144e8fe484b316a' assert r['attachments'][0]['attachment'] assert r['attachments'][0]['filesize'] assert r['attachments'][0]['created_at'] # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def test_indicator_attachment_pdf(client): f = Feed(client).new(USER, FEED, description='test build feed') assert f['created_at'] i = Indicator( client, { 'user': USER, 'feed': FEED, 'attachment': 'samples/hello_world.pdf', 'comment': 'asdfasdfasdf' }) r = i.submit() assert r['indicator'] == 'cc9881dc27a8d3e410cdf7e667ff5efa5cbfdaed' assert r['attachments'][0]['attachment'] assert r['attachments'][0]['filesize'] assert r['attachments'][0]['created_at'] # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def test_indicator_attachment_doc(client): f = Feed(client).new(USER, FEED, description='test build feed') assert f['created_at'] i = Indicator( client, { 'user': USER, 'feed': FEED, 'attachment': 'samples/business_relationship.doc', 'comment': 'asdfasdfasdf' }) r = i.submit() assert r['indicator'] == 'f0ee0d5a1279fbdd93a9c5b9a1377894113f0ec0' assert r['attachments'][0]['attachment'] assert r['attachments'][0]['filesize'] assert r['attachments'][0]['created_at'] # delete test feed f = Feed(client).remove(USER, FEED) assert f == 200
def indicators_create(self, data): if not isinstance(data, list): data = [data] indicators = [] for x in data: d = {} if isinstance(x, csirtg_indicator.Indicator): d = x.__dict__() else: d = x d['feed'] = self.feed d['user'] = self.user i = Indicator(d) rv = i.submit() indicators.append(rv) assert len(indicators) > 0 return indicators