def test_slug(self):
sessionizer = yetiindicators.YetiIndicators('test_index', 1)
mock_event = mock.Mock()
sessionizer.mark_event(
MOCK_YETI_INTEL['x-regex--6ebc9344-1111-4d65-8bdd-b6dddf613068'],
mock_event, MOCK_YETI_NEIGHBORS)
# The name of the entity is "Random incident"
mock_event.add_tags.assert_called_once_with(['random-incident'])
def test_indicator_nomatch(self, mock_get_indicators, mock_get_neighbors):
"""Test that ES queries for indicators are correctly built."""
sessionizer = yetiindicators.YetiIndicators('test_index', 1)
sessionizer.datastore.client = mock.Mock()
sessionizer.intel = MOCK_YETI_INTEL
mock_get_neighbors.return_value = MOCK_YETI_NEIGHBORS
event = copy.deepcopy(MockDataStore.event_dict)
event['_source'].update(OK_DOMAIN_MESSAGE)
sessionizer.datastore.import_event('test_index', event['_type'],
event['_source'], '0')
message = sessionizer.run()
self.assertEqual(message, 'No indicators were found in the timeline.')
mock_get_indicators.assert_called_once()
mock_get_neighbors.assert_not_called()
def test_indicator_match(self, mock_get_indicators, mock_get_neighbors):
"""Test that ES queries for indicators are correctly built."""
sessionizer = yetiindicators.YetiIndicators("test_index", 1)
sessionizer.datastore.client = mock.Mock()
sessionizer.intel = MOCK_YETI_INTEL
mock_get_neighbors.return_value = MOCK_YETI_NEIGHBORS
event = copy.deepcopy(MockDataStore.event_dict)
event["_source"].update(MATCHING_DOMAIN_MESSAGE)
sessionizer.datastore.import_event("test_index", event["_type"],
event["_source"], "0")
message = sessionizer.run()
self.assertEqual(
message,
"1 events matched 1 indicators. [Random incident:x-incident]")
mock_get_indicators.assert_called_once()
mock_get_neighbors.assert_called_once()
