def test_demo_rules_tag_limited(): """ Retrieves the demo rules from the rule feed with custom expressions :return: """ v = ValhallaAPI(api_key=DEMO_KEY) rules_response1 = v.get_rules_json() rules_response2 = v.get_rules_json(tags=['APT']) assert len(rules_response1['rules']) > 0 assert len(rules_response2['rules']) > 0 assert len(rules_response1['rules']) > len(rules_response2['rules'])
def test_demo_rules_search_limited(): """ Retrieves the demo rules from the rule feed with custom expressions :return: """ v = ValhallaAPI(api_key=DEMO_KEY) rules_response1 = v.get_rules_json() rules_response2 = v.get_rules_json(search="Mimikatz") assert len(rules_response1['rules']) > 1 assert len(rules_response2['rules']) > 1 assert len(rules_response1['rules']) > len(rules_response2['rules'])
def test_demo_rules_product_limited(): """ Retrieves the demo rules from the rule feed with a product set :return: """ v = ValhallaAPI(api_key=DEMO_KEY) rules_response = v.get_rules_json() rules_response_limited = v.get_rules_json(product="DummyTest") assert len(rules_response['rules']) > 0 assert len(rules_response['rules']) > len(rules_response_limited['rules']) rules_response_limited2 = v.get_rules_json(product="CarbonBlack") assert len(rules_response_limited2['rules']) > 0
def test_demo_rules_custom_limited(): """ Retrieves the demo rules from the rule feed with custom expressions :return: """ v = ValhallaAPI(api_key=DEMO_KEY) rules_response1 = v.get_rules_json(product="DummyTest") rules_response2 = v.get_rules_json(max_version="3.2.0", modules=['pe']) rules_response3 = v.get_rules_json(max_version="3.2.0", modules=['pe'], with_crypto=False) assert len(rules_response1['rules']) > 0 assert len(rules_response2['rules']) > 0 assert len(rules_response1['rules']) < len(rules_response2['rules']) assert len(rules_response3['rules']) < len(rules_response2['rules'])
def test_demo_rules_combo_limited(): """ Retrieves the demo rules from the rule feed with custom expressions :return: """ v = ValhallaAPI(api_key=DEMO_KEY) rules_response1 = v.get_rules_json() rules_response2 = v.get_rules_json(score=60) rules_response3 = v.get_rules_json(tags=['SUSP'], score=60) assert len(rules_response1['rules']) > 1 assert len(rules_response2['rules']) > 1 assert len(rules_response3['rules']) > 1 assert len(rules_response1['rules']) > len(rules_response2['rules']) assert len(rules_response2['rules']) > len(rules_response3['rules'])
def test_demo_rules_json(): """ Retrieves the demo rules from the rule feed :return: """ v = ValhallaAPI(api_key=DEMO_KEY) rules_response = v.get_rules_json() assert len(rules_response['rules']) > 0