Python LookupTables.load_lookup_tables示例

示例#1

 def test_load_lookup_tables_missing_buckets(self, log_mock):
     """LookupTables - Load Lookup Tables, Missing Buckets"""
     del self.config['global']['infrastructure']['lookup_tables']['buckets']
     self.config['global']['infrastructure']['lookup_tables'][
         'enabled'] = True
     LookupTables.load_lookup_tables(self.config)
     log_mock.assert_called_with('Buckets not defined')

示例#2

文件： test_lookup_tables.py 项目： cxxr/streamalert

    def test_load_lookup_tables(self, mock_logger):
        """LookupTables - Load lookup table"""
        self.config['global']['infrastructure']['lookup_tables']['enabled'] = True
        lookup_tables = LookupTables.load_lookup_tables(self.config)
        result = lookup_tables.download_s3_objects()

        assert_equal(result.get('foo'), {'bucket_name_key': 'foo_value'})
        assert_equal(result.get('bar'), {'bucket_name_key': 'bar_value'})
        assert_equal(result.get('not_exist'), None)

        LookupTables.load_lookup_tables(self.config)
        mock_logger.assert_called()

示例#3

文件： test_lookup_tables.py 项目： sytpb/streamalert

    def test_load_lookup_tables_missing_config(self, mock_logger):
        """LookupTables - Load lookup tables with missing config"""
        # Remove lookup_tables config for this test case.
        self.config['global']['infrastructure'].pop('lookup_tables')
        lookup_tables = LookupTables.load_lookup_tables(self.config)
        assert_equal(lookup_tables, False)
        assert_equal(LookupTables._LOOKUP_TABLES_LAST_REFRESH,
                     datetime(year=1970, month=1, day=1))

        self.config['global']['infrastructure']['lookup_tables'] = {
            'cache_refresh_minutes': 10,
            'enabled': True
        }
        lookup_tables = LookupTables.load_lookup_tables(self.config)
        mock_logger.assert_called_with('Buckets not defined')

示例#4

 def test_load_lookup_tables_missing_config(self):
     """LookupTables - Load Lookup Tables, Missing Config"""
     # Remove lookup_tables config for this test case.
     self.config['global']['infrastructure'].pop('lookup_tables')
     lookup_tables = LookupTables.load_lookup_tables(self.config)
     assert_equal(lookup_tables, False)
     assert_equal(LookupTables._LOOKUP_TABLES_LAST_REFRESH,
                  datetime(year=1970, month=1, day=1))

示例#5

 def test_load_lookup_tables_no_refresh(self):
     """LookupTables - Load Lookup Table, No Refresh"""
     self.config['global']['infrastructure']['lookup_tables'][
         'enabled'] = True
     LookupTables._LOOKUP_TABLES_LAST_REFRESH = datetime.utcnow()
     with patch.object(LookupTables,
                       '_download_s3_objects') as download_mock:
         result = LookupTables.load_lookup_tables(self.config)
         download_mock.assert_not_called()
         assert_equal(result, LookupTables)

示例#6

    def __init__(self, config, *rule_paths):
        """Initialize a RulesEngine instance to cache a StreamThreatIntel instance."""

        self._threat_intel = StreamThreatIntel.load_from_config(config)
        self._required_outputs_set = resources.get_required_outputs()
        import_folders(*rule_paths)
        self._load_rule_table(config)
        lookup_tables = LookupTables.load_lookup_tables(config)
        if lookup_tables:
            RulesEngine._LOOKUP_TABLES = lookup_tables.download_s3_objects()

示例#7

    def test_load_lookup_tables(self):
        """LookupTables - Load Lookup Table"""
        self.config['global']['infrastructure']['lookup_tables'][
            'enabled'] = True
        with patch.object(LookupTables,
                          '_download_s3_objects') as download_mock:
            result = LookupTables.load_lookup_tables(self.config)

            download_mock.assert_called_with(self.buckets_info)
            assert_equal(result, LookupTables)
            assert_equal(
                LookupTables._LOOKUP_TABLES_LAST_REFRESH != datetime(
                    year=1970, month=1, day=1), True)

示例#8

文件： test_lookup_tables.py 项目： ts33/streamalert

    def test_load_lookup_tables_compresed(self, mock_logger):
        """LookupTables - Load lookup table, compressed file"""
        self.config['global']['infrastructure']['lookup_tables'][
            'enabled'] = True
        lookup_tables = LookupTables.load_lookup_tables(self.config)
        # Replace one of the S3 objects with a compressed version
        put_mock_s3_object(
            'bucket_name', 'bar.json',
            zlib.compress(json.dumps({'compressed_key': 'compressed_val'})),
            self.region)
        result = lookup_tables.download_s3_objects()

        assert_equal(result.get('bar'), {'compressed_key': 'compressed_val'})
        assert_equal(result.get('foo'), {'bucket_name_key': 'foo_value'})
        mock_logger.assert_any_call('Data in \'%s\' is not compressed',
                                    'foo.json')

示例#9

文件： rules_engine.py 项目： appcoreopc/streamalert

    def __init__(self, *rule_paths):
        RulesEngine._config = RulesEngine._config or load_config()
        RulesEngine._threat_intel = (
            RulesEngine._threat_intel or ThreatIntel.load_from_config(self.config)
        )
        # Instantiate the alert forwarder to handle sending alerts to the alert processor
        RulesEngine._alert_forwarder = RulesEngine._alert_forwarder or AlertForwarder()

        # Load the lookup tables, which include logic for refreshing the tables
        RulesEngine._lookup_tables = LookupTables.load_lookup_tables(self.config)

        # If not rule import paths are specified, default to the config
        if not rule_paths:
            rule_paths = [item for location in {'rule_locations', 'matcher_locations'}
                          for item in self.config['global']['general'][location]]

        import_folders(*rule_paths)

        self._in_lambda = 'LAMBDA_RUNTIME_DIR' in env
        self._required_outputs_set = resources.get_required_outputs()
        self._load_rule_table(self.config)