def test_generate_stream_alert_advanced(self):
"""CLI - Terraform Generate StreamAlert - Advanced Cluster"""
streamalert.generate_stream_alert('advanced', self.cluster_dict,
self.config)
expected_advanced_cluster = {
'module': {
'stream_alert_advanced': {
'source': 'modules/tf_stream_alert',
'account_id': '12345678910',
'region': 'us-west-1',
'prefix': 'unit-testing',
'cluster': 'advanced',
'dynamodb_ioc_table': 'test_table_name',
'threat_intel_enabled': False,
'rule_processor_enable_metrics': True,
'rule_processor_log_level': 'info',
'rule_processor_memory': 128,
'rule_processor_timeout': 25,
'rule_processor_version': '$LATEST',
'rule_processor_config': '${var.rule_processor_config}',
'input_sns_topics': ['my-sns-topic-name'],
}
}
}
assert_equal(
self.cluster_dict['module']['stream_alert_advanced'],
expected_advanced_cluster['module']['stream_alert_advanced'])
def test_generate_stream_alert_test(self):
"""CLI - Terraform Generate StreamAlert - Test Cluster"""
streamalert.generate_stream_alert('test', self.cluster_dict,
self.config)
expected_test_cluster = {
'module': {
'stream_alert_test': {
'source': 'modules/tf_stream_alert',
'account_id': '12345678910',
'region': 'us-west-1',
'prefix': 'unit-testing',
'cluster': 'test',
'dynamodb_ioc_table': 'test_table_name',
'lambda_handler':
'stream_alert.rule_processor.main.handler',
'threat_intel_enabled': False,
'rule_processor_enable_metrics': True,
'rule_processor_log_level': 'info',
'rule_processor_memory': 128,
'rule_processor_timeout': 25,
'rules_table_arn': '${module.globals.rules_table_arn}',
}
}
}
assert_equal(self.cluster_dict['module']['stream_alert_test'],
expected_test_cluster['module']['stream_alert_test'])
def test_generate_stream_alert_test(self):
"""CLI - Terraform Generate StreamAlert - Test Cluster"""
streamalert.generate_stream_alert('test', self.cluster_dict,
self.config)
expected_test_cluster = {
'module': {
'stream_alert_test': {
'source': 'modules/tf_stream_alert',
'account_id': '12345678910',
'region': 'us-west-1',
'prefix': 'unit-testing',
'cluster': 'test',
'kms_key_arn': '${aws_kms_key.stream_alert_secrets.arn}',
'dynamodb_ioc_table': 'test_table_name',
'threat_intel_enabled': False,
'rule_processor_enable_metrics': True,
'rule_processor_log_level': 'info',
'rule_processor_memory': 128,
'rule_processor_timeout': 25,
'rule_processor_version': '$LATEST',
'rule_processor_config': '${var.rule_processor_config}',
'alert_processor_enable_metrics': True,
'alert_processor_log_level': 'info',
'alert_processor_memory': 128,
'alert_processor_timeout': 25,
'alert_processor_version': '$LATEST',
'alert_processor_config': '${var.alert_processor_config}',
}
}
}
assert_equal(self.cluster_dict['module']['stream_alert_test'],
expected_test_cluster['module']['stream_alert_test'])
def generate_cluster(**kwargs):
"""Generate a StreamAlert cluster file.
Keyword Args:
cluster_name (str): The name of the currently generating cluster
config (dict): The loaded config from the 'conf/' directory
Returns:
dict: generated Terraform cluster dictionary
"""
config = kwargs.get('config')
cluster_name = kwargs.get('cluster_name')
modules = config['clusters'][cluster_name]['modules']
cluster_dict = infinitedict()
if not generate_stream_alert(cluster_name, cluster_dict, config):
return
generate_cloudwatch_metric_filters(cluster_name, cluster_dict, config)
generate_cloudwatch_metric_alarms(cluster_name, cluster_dict, config)
if modules.get('cloudwatch_monitoring', {}).get('enabled'):
if not generate_monitoring(cluster_name, cluster_dict, config):
return
if modules.get('kinesis'):
if not generate_kinesis_streams(cluster_name, cluster_dict, config):
return
outputs = config['clusters'][cluster_name].get('outputs')
if outputs:
if not generate_outputs(cluster_name, cluster_dict, config):
return
if modules.get('kinesis_events'):
if not generate_kinesis_events(cluster_name, cluster_dict, config):
return
cloudtrail_info = modules.get('cloudtrail')
if cloudtrail_info:
if not generate_cloudtrail(cluster_name, cluster_dict, config):
return
flow_log_info = modules.get('flow_logs')
if flow_log_info:
if not generate_flow_logs(cluster_name, cluster_dict, config):
return
s3_events_info = modules.get('s3_events')
if s3_events_info:
if not generate_s3_events(cluster_name, cluster_dict, config):
return
generate_app_integrations(cluster_name, cluster_dict, config)
return cluster_dict
def test_generate_stream_alert_advanced(self):
"""CLI - Terraform Generate StreamAlert - Advanced Cluster"""
streamalert.generate_stream_alert('advanced', self.cluster_dict,
self.config)
expected_advanced_cluster = {
'module': {
'stream_alert_advanced': {
'source': 'modules/tf_stream_alert',
'account_id': '12345678910',
'region': 'us-west-1',
'prefix': 'unit-testing',
'cluster': 'advanced',
'kms_key_arn': '${aws_kms_key.stream_alert_secrets.arn}',
'dynamodb_ioc_table': 'test_table_name',
'threat_intel_enabled': False,
'rule_processor_enable_metrics': True,
'rule_processor_log_level': 'info',
'rule_processor_memory': 128,
'rule_processor_timeout': 25,
'rule_processor_version': '$LATEST',
'rule_processor_config': '${var.rule_processor_config}',
'alert_processor_enable_metrics': True,
'alert_processor_log_level': 'info',
'alert_processor_memory': 128,
'alert_processor_timeout': 25,
'alert_processor_version': '$LATEST',
'alert_processor_config': '${var.alert_processor_config}',
'output_lambda_functions':
['my-lambda-function:production'],
'output_s3_buckets': ['my-s3-bucket.with.data'],
'input_sns_topics': ['my-sns-topic-name'],
'alert_processor_vpc_enabled': True,
'alert_processor_vpc_subnet_ids': ['subnet-id-1'],
'alert_processor_vpc_security_group_ids': ['sg-id-1']
}
}
}
assert_equal(
self.cluster_dict['module']['stream_alert_advanced'],
expected_advanced_cluster['module']['stream_alert_advanced'])
