def test_insert_ioc_info(self): """ThreatIntel - Insert IOC Info""" record = { 'key': 'value' } ioc_type = 'ip' ioc_value = 'ioc_value' expected_result = { 'key': 'value', 'streamalert:ioc': { ioc_type: {ioc_value} } } ThreatIntel._insert_ioc_info(record, ioc_type, ioc_value) assert_equal(record, expected_result)
def test_insert_ioc_info_existing(self): """ThreatIntel - Insert IOC Info, With Existing""" ioc_type = 'ip' existing_value = 'existing_value' record = { 'key': 'value', 'streamalert:ioc': { ioc_type: {existing_value} } } new_value = 'new_value' expected_result = { 'key': 'value', 'streamalert:ioc': { ioc_type: {existing_value, new_value} } } ThreatIntel._insert_ioc_info(record, ioc_type, new_value) assert_equal(record, expected_result)