def selftest_function(opts):
"""
Placeholder for selftest function. An example use would be to test package api connectivity.
Suggested return values are be unimplemented, success, or failure.
"""
try:
options = opts.get("fn_qradar_integration", {})
res_options = opts.get("resilient", {})
log.info("Verifying app.config values for fn_qradar_integration")
if res_options["cafile"].lower() == "false":
qradar_client = qradar_utils.QRadarClient(options["host"],
username=options["username"],
password=options["qradarpassword"],
token=None,
cafile=False)
else:
qradar_client = qradar_utils.QRadarClient(options["host"],
username=options["username"],
password=options["qradarpassword"],
token=None,
cafile=res_options["cafile"])
connected = qradar_client.verify_connect()
log.info("Verifying QRadar connection...")
log.info("Test was successful")
return {
"state": "success"
}
except Exception as err:
err_reason_msg = """Could not connect to QRadar.
error: {0}
---------
Current Configs in app.config file::
---------
host: {1}
username: {2}
qradarpassword: {3}
qradartoken: {4}\n""".format(
err,
options["host"],
options["username"],
options["qradarpassword"],
options["qradartoken"])
log.error(err_reason_msg)
return {
"state": "failure",
"reason": err_reason_msg
}
def test_find_all_ref_set_contains(mocked_search_ref_set,
mocked_get_all_ref_set):
qradar_client = qradar_utils.QRadarClient(host,
username=username,
password=password,
token=None,
cafile=cafile)
all_sets = [{
"timeout_type": "FIRST_SEEN",
"name": "Reference Set 1",
"element_type": "IP"
}, {
"timeout_type": "FIRST_SEEN",
"name": "Reference Set 2",
"element_type": "Hash-512"
}]
mocked_get_all_ref_set.return_value = all_sets
ret1 = {"found": "False", "content": None}
content = {"item_name": "Item1"}
ret2 = {"found": "True", "content": content}
mocked_search_ref_set.side_effect = [ret1, ret2]
ret = qradar_client.find_all_ref_set_contains("Item1")
assert len(ret) == 1
assert ret[0] == content
def test_ariel_search_more(mocked_perform_search):
qradar_client = qradar_utils.QRadarClient(host,
username=username,
password=password,
token=None,
cafile=cafile)
query_string = "SELECT * FROM events"
query_all_results = False
range_start = 1
range_end = 10
time_out = 1000
ret_events = {
"events": [{
"starttime": "12345",
"category": "cat1"
}, {
"starttime": "23456",
"category": "cat2"
}]
}
mocked_perform_search.return_value = ret_events
ret = qradar_client.ariel_search(query_string, query_all_results,
range_start, range_end, time_out)
assert ret == ret_events