def test_alert_display(self):
alert = SecurityAlert(self.raw_alert)
entity_str = ", ".join([str(e) for e in alert.entities])
self.assertIsNotNone(entity_str)
alert_html = alert.to_html(show_entities=True)
self.assertIsNotNone(alert_html)
alert_html = alert.to_html(show_entities=False)
self.assertIsNotNone(alert_html)
alert_html = format_alert(alert)
self.assertIsNotNone(alert_html)
alert_html = format_alert(self.raw_alert)
self.assertIsNotNone(alert_html)
def show_full_alert(selected_alert):
global security_alert # pylint: disable=global-variable-undefined, invalid-name
output = []
security_alert = SecurityAlert(selected_alert)
output.append(format_alert(security_alert, show_entities=True))
ioc_list = []
if security_alert["Entities"] is not None:
for entity in security_alert["Entities"]:
if entity["Type"] in ("ipaddress", "ip"):
ioc_list.append(entity["Address"])
elif entity["Type"] == "url":
ioc_list.append(entity["Url"])
if ioc_list:
ti_data = ti_prov.lookup_iocs(data=ioc_list,
prov_scope=ti_provs)
output.append(ti_data[[
"Ioc", "IocType", "Provider", "Result", "Severity",
"Details"
]].reset_index().style.applymap(_color_cells).hide_index())
ti_ips = ti_data[ti_data["IocType"] == "ipv4"]
# If we have IP entities try and plot these on a map
if not ti_ips.empty:
ip_ents = [
convert_to_ip_entities(i, geo_lookup=geo_lookup)
for i in ti_ips["Ioc"].unique()
]
ip_ents = [
ip_ent for ip_ent_list in ip_ents
for ip_ent in ip_ent_list
]
center = get_center_ip_entities(ip_ents)
ip_map = FoliumMap(location=center, zoom_start=4)
ip_map.add_ip_cluster(ip_ents, color="red")
output.append(ip_map)
else:
output.append("")
else:
output.append("No IoCs")
else:
output.append("No Entities with IoCs")
return output