Python StreamIoc示例

示例#1

    def test_process_ioc_with_unprocessed_keys(self, mock_client):
        """Threat Intel - Test private method process_ioc when response has UnprocessedKeys"""
        mock_client.return_value = MockDynamoDBClient(unprocesed_keys=True)
        threat_intel = StreamThreatIntel.load_from_config(self.config)

        ioc_collections = [
            StreamIoc(value='1.1.1.2', ioc_type='ip'),
            StreamIoc(value='foo', ioc_type='domain'),
            StreamIoc(value='bar', ioc_type='domain')
        ]
        threat_intel._process_ioc(ioc_collections)
        assert_true(ioc_collections[0].is_ioc)
        assert_false(ioc_collections[1].is_ioc)
        assert_false(ioc_collections[2].is_ioc)

示例#2

    def test_process_ioc(self, mock_client):
        """Threat Intel - Test private method process_ioc"""
        mock_client.return_value = MockDynamoDBClient()
        threat_intel = StreamThreatIntel.load_from_config(self.config)

        ioc_collections = [
            StreamIoc(value='1.1.1.2', ioc_type='ip'),
            StreamIoc(value='2.2.2.2', ioc_type='ip'),
            StreamIoc(value='evil.com', ioc_type='domain')
        ]
        threat_intel._process_ioc(ioc_collections)
        assert_true(ioc_collections[0].is_ioc)
        assert_false(ioc_collections[1].is_ioc)
        assert_true(ioc_collections[2].is_ioc)

示例#3

文件： test_threat_intel.py 项目： abtreece/streamalert

    def test_instance_initialization(self):
        """StreamIoc - Test StreamIoc initialization"""
        ioc = StreamIoc()
        assert_equal(ioc.value, None)
        assert_equal(ioc.ioc_type, None)
        assert_equal(ioc.sub_type, None)
        assert_equal(ioc.associated_record, None)
        assert_false(ioc.is_ioc)

        new_ioc = StreamIoc(value='1.1.1.2', ioc_type='ip',
                            associated_record={'foo': 'bar'}, is_ioc=True)
        assert_equal(new_ioc.value, '1.1.1.2')
        assert_equal(new_ioc.ioc_type, 'ip')
        assert_equal(new_ioc.associated_record, {'foo': 'bar'})
        assert_true(new_ioc.is_ioc)

示例#4

文件： test_threat_intel.py 项目： prezi/streamalert

    def test_process_ioc_with_clienterror(self, mock_client):
        """Threat Intel - Test private method process_ioc"""
        mock_client.return_value = MockDynamoDBClient(exception=True)
        threat_intel = StreamThreatIntel.load_from_config(self.config)

        ioc_collections = [StreamIoc(value='1.1.1.2', ioc_type='ip')]
        threat_intel._process_ioc(ioc_collections)

示例#5

    def test_process_ioc_with_clienterror(self, log_mock, mock_client):
        """Threat Intel - Test private method process_ioc with Error"""
        mock_client.return_value = MockDynamoDBClient(exception=True)
        threat_intel = StreamThreatIntel.load_from_config(self.config)

        ioc_collections = [StreamIoc(value='1.1.1.2', ioc_type='ip')]
        threat_intel._process_ioc(ioc_collections)
        log_mock.assert_called_with(
            'An error occurred while quering dynamodb table. Error is: %s',
            {'Error': {
                'Code': 400,
                'Message': 'raising test exception'
            }})

示例#6

文件： test_threat_intel.py 项目： abtreece/streamalert

 def test_set_properties(self):
     """StreamIoc - Test setter of class properties"""
     ioc = StreamIoc(value='evil.com', ioc_type='domain',
                     associated_record={'foo': 'bar'}, is_ioc=True)
     ioc.value = 'evil.com'
     assert_equal(ioc.value, 'evil.com')
     ioc.ioc_type = 'test_ioc_type'
     assert_equal(ioc.ioc_type, 'test_ioc_type')
     ioc.associated_record = None
     assert_equal(ioc.associated_record, None)
     ioc.is_ioc = False
     assert_false(ioc.is_ioc)