def test_insert_ioc_info(self):
"""ThreatIntel - Insert IOC Info"""
record = {
'key': 'value'
}
ioc_type = 'ip'
ioc_value = 'ioc_value'
expected_result = {
'key': 'value',
'streamalert:ioc': {
ioc_type: {ioc_value}
}
}
ThreatIntel._insert_ioc_info(record, ioc_type, ioc_value)
assert_equal(record, expected_result)
def test_insert_ioc_info_existing(self):
"""ThreatIntel - Insert IOC Info, With Existing"""
ioc_type = 'ip'
existing_value = 'existing_value'
record = {
'key': 'value',
'streamalert:ioc': {
ioc_type: {existing_value}
}
}
new_value = 'new_value'
expected_result = {
'key': 'value',
'streamalert:ioc': {
ioc_type: {existing_value, new_value}
}
}
ThreatIntel._insert_ioc_info(record, ioc_type, new_value)
assert_equal(record, expected_result)
