diff --git a/Sekoia.io/CHANGELOG.md b/Sekoia.io/CHANGELOG.md index 6988b2fb1..cb6dd4f39 100644 --- a/Sekoia.io/CHANGELOG.md +++ b/Sekoia.io/CHANGELOG.md @@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased + +## 2024-12-12 - 2.66.0 + +### Added + +- Add an action to add events to a case + ## 2024-12-10 - 2.65.12 ### Changed diff --git a/Sekoia.io/action_add_events_to_a_case.json b/Sekoia.io/action_add_events_to_a_case.json new file mode 100644 index 000000000..04c1ce98b --- /dev/null +++ b/Sekoia.io/action_add_events_to_a_case.json @@ -0,0 +1,28 @@ +{ + "arguments": { + "$schema": "http://json-schema.org/draft-07/schema#", + "properties": { + "uuid": { + "description": "UUID of the case", + "type": "string", + "in": "path" + }, + "event_ids": { + "description": "List of event identifiers (__event_id) to add to the case. Do not use event.id which is a different identifier.", + "type": "array", + "in": "body" + } + }, + "required": [ + "uuid", + "event_ids" + ], + "title": "Arguments", + "type": "object" + }, + "description": "Add events to a case", + "docker_parameters": "add_events_to_a_case", + "name": "Add events to a case", + "results": {}, + "uuid": "0bcabc04-43b4-4564-b9b2-08b80e0e1ecf" +} \ No newline at end of file diff --git a/Sekoia.io/main.py b/Sekoia.io/main.py index 39f66208a..8e269caa6 100644 --- a/Sekoia.io/main.py +++ b/Sekoia.io/main.py @@ -36,6 +36,7 @@ UpdateRule, GetIntake, GetEntity, + AddEventsToACase, ) from sekoiaio.operation_center.get_asset import GetAsset from sekoiaio.operation_center.get_aggregation_query import GetAggregationQuery @@ -96,6 +97,7 @@ module.register(GetIntake, "get-intakes/{uuid}") module.register(GetEntity, "get-entities/{uuid}") module.register(GetCommunity, "get-communities/{uuid}") + module.register(AddEventsToACase, "cases/{uuid}/events") # Operation Center Triggers module.register(SecurityAlertsTrigger, "security_alerts_trigger") diff --git a/Sekoia.io/manifest.json b/Sekoia.io/manifest.json index 6fa4f7f61..99f77d507 100644 --- a/Sekoia.io/manifest.json +++ b/Sekoia.io/manifest.json @@ -12,7 +12,7 @@ "name": "Sekoia.io", "uuid": "92d8bb47-7c51-445d-81de-ae04edbb6f0a", "slug": "sekoia.io", - "version": "2.65.12", + "version": "2.66.0", "categories": [ "Generic" ] diff --git a/Sekoia.io/sekoiaio/operation_center/__init__.py b/Sekoia.io/sekoiaio/operation_center/__init__.py index 37be67fee..e218c93c3 100644 --- a/Sekoia.io/sekoiaio/operation_center/__init__.py +++ b/Sekoia.io/sekoiaio/operation_center/__init__.py @@ -297,6 +297,15 @@ }, ) +AddEventsToACase = type( + "AddEventsToACase", + (GenericAPIAction,), + { + "verb": "post", + "endpoint": base_url + "cases/{uuid}/events", + "query_parameters": [], + }, +) assets_base_url = "api/v2/asset-management/" diff --git a/Sekoia.io/tests/test_operation_center.py b/Sekoia.io/tests/test_operation_center.py index 65dbb03c9..36197a0d8 100644 --- a/Sekoia.io/tests/test_operation_center.py +++ b/Sekoia.io/tests/test_operation_center.py @@ -3,7 +3,7 @@ import pytest import requests_mock -from sekoiaio.operation_center import GetAlert, ListAlerts +from sekoiaio.operation_center import GetAlert, ListAlerts, AddEventsToACase module_base_url = "http://fake.url/" base_url = module_base_url + "api/v1/sic/" @@ -100,3 +100,21 @@ def test_get_alert_missing_arg(): pytest.raises(KeyError, action.run, arguments) assert mock.call_count == 0 + + +def test_add_events_to_case(): + action: AddEventsToACase = AddEventsToACase() + action.module.configuration = {"base_url": module_base_url, "api_key": apikey} + + ressource = "cases/fake_uuid/events" + expected_response = {} + arguments = {"uuid": "fake_uuid", "event_ids": []} + + with requests_mock.Mocker() as mock: + mock.post(f"{base_url}{ressource}", json=expected_response) + + action.run(arguments) + assert mock.call_count == 1 + history = mock.request_history + assert history[0].method == "POST" + assert url_decoder(history[0].url) == f"{base_url}{ressource}"