Merge pull request #1213 from aheuze/new_action_add_events_to_case

Add action AddEventsToACase
SEKOIA-IO · Dec 12, 2024 · e94557d · e94557d
2 parents a25e193 + 1483517
commit e94557d
Show file tree

Hide file tree

Showing 6 changed files with 66 additions and 2 deletions.
diff --git a/Sekoia.io/CHANGELOG.md b/Sekoia.io/CHANGELOG.md
@@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+
+## 2024-12-12 - 2.66.0
+
+### Added
+
+- Add an action to add events to a case
+
 ## 2024-12-10 - 2.65.12
 
 ### Changed

diff --git a/Sekoia.io/action_add_events_to_a_case.json b/Sekoia.io/action_add_events_to_a_case.json
@@ -0,0 +1,28 @@
+{
+  "arguments": {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "properties": {
+      "uuid": {
+        "description": "UUID of the case",
+        "type": "string",
+        "in": "path"
+      },
+      "event_ids": {
+        "description": "List of event identifiers (__event_id) to add to the case. Do not use event.id which is a different identifier.",
+        "type": "array",
+        "in": "body"
+      }
+    },
+    "required": [
+      "uuid",
+      "event_ids"
+    ],
+    "title": "Arguments",
+    "type": "object"
+  },
+  "description": "Add events to a case",
+  "docker_parameters": "add_events_to_a_case",
+  "name": "Add events to a case",
+  "results": {},
+  "uuid": "0bcabc04-43b4-4564-b9b2-08b80e0e1ecf"
+}
diff --git a/Sekoia.io/main.py b/Sekoia.io/main.py
@@ -36,6 +36,7 @@
     UpdateRule,
     GetIntake,
     GetEntity,
+    AddEventsToACase,
 )
 from sekoiaio.operation_center.get_asset import GetAsset
 from sekoiaio.operation_center.get_aggregation_query import GetAggregationQuery
@@ -96,6 +97,7 @@
     module.register(GetIntake, "get-intakes/{uuid}")
     module.register(GetEntity, "get-entities/{uuid}")
     module.register(GetCommunity, "get-communities/{uuid}")
+    module.register(AddEventsToACase, "cases/{uuid}/events")
 
     # Operation Center Triggers
     module.register(SecurityAlertsTrigger, "security_alerts_trigger")

diff --git a/Sekoia.io/manifest.json b/Sekoia.io/manifest.json
@@ -12,7 +12,7 @@
   "name": "Sekoia.io",
   "uuid": "92d8bb47-7c51-445d-81de-ae04edbb6f0a",
   "slug": "sekoia.io",
-  "version": "2.65.12",
+  "version": "2.66.0",
   "categories": [
     "Generic"
   ]

diff --git a/Sekoia.io/sekoiaio/operation_center/__init__.py b/Sekoia.io/sekoiaio/operation_center/__init__.py
@@ -297,6 +297,15 @@
     },
 )
 
+AddEventsToACase = type(
+    "AddEventsToACase",
+    (GenericAPIAction,),
+    {
+        "verb": "post",
+        "endpoint": base_url + "cases/{uuid}/events",
+        "query_parameters": [],
+    },
+)
 
 assets_base_url = "api/v2/asset-management/"
 

diff --git a/Sekoia.io/tests/test_operation_center.py b/Sekoia.io/tests/test_operation_center.py
@@ -3,7 +3,7 @@
 import pytest
 import requests_mock
 
-from sekoiaio.operation_center import GetAlert, ListAlerts
+from sekoiaio.operation_center import GetAlert, ListAlerts, AddEventsToACase
 
 module_base_url = "http://fake.url/"
 base_url = module_base_url + "api/v1/sic/"
@@ -100,3 +100,21 @@ def test_get_alert_missing_arg():
         pytest.raises(KeyError, action.run, arguments)
 
         assert mock.call_count == 0
+
+
+def test_add_events_to_case():
+    action: AddEventsToACase = AddEventsToACase()
+    action.module.configuration = {"base_url": module_base_url, "api_key": apikey}
+
+    ressource = "cases/fake_uuid/events"
+    expected_response = {}
+    arguments = {"uuid": "fake_uuid", "event_ids": []}
+
+    with requests_mock.Mocker() as mock:
+        mock.post(f"{base_url}{ressource}", json=expected_response)
+
+        action.run(arguments)
+        assert mock.call_count == 1
+        history = mock.request_history
+        assert history[0].method == "POST"
+        assert url_decoder(history[0].url) == f"{base_url}{ressource}"