From 463e441fb21043a36d5453dd9a3c3a6912b34b8d Mon Sep 17 00:00:00 2001 From: shabina-metron Date: Mon, 11 Mar 2024 12:24:00 +0530 Subject: [PATCH] Added unit test --- .../Cybereason/Cybereason_test.py | 25 ++++++ .../query_malop_management_raw_response.json | 76 +++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 Packs/Cybereason/Integrations/Cybereason/test_data/query_malop_management_raw_response.json diff --git a/Packs/Cybereason/Integrations/Cybereason/Cybereason_test.py b/Packs/Cybereason/Integrations/Cybereason/Cybereason_test.py index 5790c75d234e..cf03be4f14ae 100644 --- a/Packs/Cybereason/Integrations/Cybereason/Cybereason_test.py +++ b/Packs/Cybereason/Integrations/Cybereason/Cybereason_test.py @@ -299,6 +299,31 @@ def test_query_malop_management_command(mocker): assert command_output.outputs[0]['GUID'] == 'AAAA0w7GERjl3oae' +def test_cybereason_process_attack_tree_command(mocker): + from Cybereason import cybereason_process_attack_tree_command, Client + HEADERS = {'Content-Type': 'application/json', 'Connection': 'close'} + client = Client( + base_url="https://test.server.com:8888", + verify=False, + headers=HEADERS, + proxy=True) + args = { + "processGuid": "HobXaEWU0CZ6S6LC" + } + url = "https://test.server.com:8888/#/processTree?guid=HobXaEWU0CZ6S6LC&viewedGuids=HobXaEWU0CZ6S6LC&rootType=Process" + test_reponse = [ + { + 'ProcessID': "HobXaEWU0CZ6S6LC", + 'URL': url, + } + ] + + mocker.patch('Cybereason.Client.cybereason_api_call', return_value=test_reponse) + mocker.patch('Cybereason.SERVER', new='https://test.server.com:8888') + command_output = cybereason_process_attack_tree_command(client, args) + assert command_output.outputs[0] == test_reponse[0] + + def test_update_malop_status_command(mocker): from Cybereason import update_malop_status_command from Cybereason import Client diff --git a/Packs/Cybereason/Integrations/Cybereason/test_data/query_malop_management_raw_response.json b/Packs/Cybereason/Integrations/Cybereason/test_data/query_malop_management_raw_response.json new file mode 100644 index 000000000000..a98535baedbb --- /dev/null +++ b/Packs/Cybereason/Integrations/Cybereason/test_data/query_malop_management_raw_response.json @@ -0,0 +1,76 @@ +{ + "data": { + "pageSize": 100, + "pages": 0, + "offset": 0, + "totalHits": 1, + "token": "", + "data": [ + { + "guid": "AAAA0w7GERjl3oae", + "displayName": "aasiapp.pdf.exe", + "creationTime": 1686720403740, + "lastUpdateTime": 1686720403743, + "metadataUpdateTime": 1686720403743, + "decisionStatuses": [], + "detectionEngines": [ + "EDR" + ], + "mitreTactics": [], + "mitreTechniques": [], + "mitreSubTechniques": [], + "rootCauseElementHashes": [ + "a541fb35b0b750501717df708f1ccade7c176e1d" + ], + "iocs": [ + "File" + ], + "detectionTypes": [ + "Malicious by Obscured Extension" + ], + "labels": [ + { + "id": 108, + "labelText": "IT-Closed", + "count": 47, + "empty": false + } + ], + "investigationStatus": "Pending", + "closerName": "", + "priority": "MEDIUM", + "status": "Active", + "severity": "High", + "detectionType": "EXTENSION_MANIPULATION", + "escalated": false, + "iconBase64": "", + "isEdr": true, + "groups": [ + "" + ], + "rootCauseElementType": "File", + "machines": [ + { + "guid": "", + "displayName": "", + "connected": false, + "isolated": false, + "osType": "WINDOWS", + "lastConnected": 1698818040437, + "pylumId": "" + } + ], + "users": [ + { + "guid": "", + "displayName": "", + "admin": true, + "domainUser": false, + "localSystem": false + } + ] + } + ] + }, + "status": "SUCCESS" +} \ No newline at end of file