Skip to content

Commit f1d4cc1

Browse files
rishagg01rishagg01
authored
API calls code for Data Insertion (#343)
* modified: testing/tests/api_tests/helpers.py new file: testing/tests/api_tests/selenium_tests/__init__.py new file: testing/tests/api_tests/selenium_tests/conftest.py new file: testing/tests/api_tests/selenium_tests/fixtures/hosts.json new file: testing/tests/api_tests/selenium_tests/fixtures/logonevents.json new file: testing/tests/api_tests/selenium_tests/queries/filter_hosts.json new file: testing/tests/api_tests/selenium_tests/queries/filter_logonevents.json new file: testing/tests/api_tests/selenium_tests/test_server.py * commit renamed: testing/tests/api_tests/selenium_tests/__init__.py -> testing/tests/api_tests/data_insertion_tests/__init__.py commit renamed: testing/tests/api_tests/selenium_tests/conftest.py -> testing/tests/api_tests/data_insertion_tests/conftest.py commit renamed: testing/tests/api_tests/selenium_tests/fixtures/hosts.json -> testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json commit renamed: testing/tests/api_tests/selenium_tests/fixtures/logonevents.json -> testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json commit renamed: testing/tests/api_tests/selenium_tests/queries/filter_hosts.json -> testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json commit renamed: testing/tests/api_tests/selenium_tests/queries/filter_logonevents.json -> testing/tests/api_tests/data_insertion_tests/queries/filter_logonevents.json commit renamed: testing/tests/api_tests/selenium_tests/test_server.py -> testing/tests/api_tests/data_insertion_tests/test_server.py commit modified: testing/tests/api_tests/helpers.py
1 parent 45c783e commit f1d4cc1

File tree

8 files changed

+653
-0
lines changed

8 files changed

+653
-0
lines changed

testing/tests/api_tests/data_insertion_tests/__init__.py

Whitespace-only changes.

testing/tests/api_tests/data_insertion_tests/conftest.py

+37
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# conftest.py
2+
3+
import os
4+
import warnings
5+
import pytest
6+
import urllib3
7+
8+
# Disable SSL warnings
9+
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
10+
11+
12+
@pytest.fixture(autouse=True)
13+
def suppress_insecure_request_warning():
14+
warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning)
15+
16+
17+
@pytest.fixture
18+
def es_host():
19+
return os.getenv("ES_HOST", os.getenv("ELASTIC_HOST", "localhost"))
20+
21+
22+
@pytest.fixture
23+
def es_port():
24+
return os.getenv("ES_PORT", os.getenv("ELASTIC_PORT", "9200"))
25+
26+
27+
@pytest.fixture
28+
def username():
29+
return os.getenv("ES_USERNAME", os.getenv("ELASTIC_USERNAME", "elastic"))
30+
31+
32+
@pytest.fixture
33+
def password():
34+
return os.getenv(
35+
"elastic",
36+
os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")),
37+
)

testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json

+29
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"winlog": {
3+
"computer_name": "testing.lme.local",
4+
"event_id": "4625",
5+
"task": "Logon",
6+
"keywords": [
7+
"Audit Failure"
8+
],
9+
"provider_name": "Microsoft-Windows-Security-Auditing",
10+
"event_data": {
11+
"LogonType": "3",
12+
"IpAddress": "194.165.16.73",
13+
"TargetUserName": "Administrator",
14+
"TargetDomainName": "testserver.LME.LOCAL",
15+
"LogonProcessName": "NtLmSsp ",
16+
"AuthenticationPackageName": "NTLM"
17+
}
18+
},
19+
"@timestamp": "2024-05-08T08:40:18.252Z",
20+
"host": {
21+
"name": "testing.lme.local"
22+
},
23+
"event": {
24+
"code": "4625",
25+
"provider": "Microsoft-Windows-Security-Auditing",
26+
"action": "Logon",
27+
"outcome": "failure"
28+
}
29+
}

testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json

+38
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
"winlog": {
3+
"computer_name": "C2.lme.local",
4+
"keywords": [
5+
"Audit Failure"
6+
],
7+
"user": {
8+
"name": "APItestuserid",
9+
"domain": ""
10+
},
11+
"event_data": {
12+
"LogonType": "2",
13+
"SubjectUserName": "-",
14+
"FailureReason": "%%2313",
15+
"SubjectDomainName": "-",
16+
"IpAddress": "194.169.175.22",
17+
"TargetUserName": "solidart",
18+
"LogonProcessName": "NtLmSsp ",
19+
"SubjectUserSid": "S-1-0-0",
20+
"TargetUserSid": "S-1-0-0",
21+
"AuthenticationPackageName": "NTLM"
22+
},
23+
"@timestamp": "2024-06-12T09:50:18.252Z",
24+
"host": {
25+
"name": "C2.lme.local"
26+
}
27+
},
28+
"event": {
29+
"code": "4624",
30+
"provider": "Microsoft-Windows-Security-Auditing",
31+
"action": "Logon",
32+
"outcome": "failure"
33+
},
34+
"user": {
35+
"name": "APItestuserid",
36+
"domain": "test"
37+
}
38+
}

testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json

+287
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,287 @@
1+
{
2+
"aggs": {
3+
"2": {
4+
"terms": {
5+
"field": "host.name",
6+
"order": {
7+
"_count": "desc"
8+
},
9+
"size": 25
10+
}
11+
}
12+
},
13+
"size": 0,
14+
"fields": [
15+
{
16+
"field": "@timestamp",
17+
"format": "date_time"
18+
},
19+
{
20+
"field": "code_signature.timestamp",
21+
"format": "date_time"
22+
},
23+
{
24+
"field": "dll.code_signature.timestamp",
25+
"format": "date_time"
26+
},
27+
{
28+
"field": "elf.creation_date",
29+
"format": "date_time"
30+
},
31+
{
32+
"field": "event.created",
33+
"format": "date_time"
34+
},
35+
{
36+
"field": "event.end",
37+
"format": "date_time"
38+
},
39+
{
40+
"field": "event.ingested",
41+
"format": "date_time"
42+
},
43+
{
44+
"field": "event.start",
45+
"format": "date_time"
46+
},
47+
{
48+
"field": "file.accessed",
49+
"format": "date_time"
50+
},
51+
{
52+
"field": "file.code_signature.timestamp",
53+
"format": "date_time"
54+
},
55+
{
56+
"field": "file.created",
57+
"format": "date_time"
58+
},
59+
{
60+
"field": "file.ctime",
61+
"format": "date_time"
62+
},
63+
{
64+
"field": "file.elf.creation_date",
65+
"format": "date_time"
66+
},
67+
{
68+
"field": "file.mtime",
69+
"format": "date_time"
70+
},
71+
{
72+
"field": "file.x509.not_after",
73+
"format": "date_time"
74+
},
75+
{
76+
"field": "file.x509.not_before",
77+
"format": "date_time"
78+
},
79+
{
80+
"field": "package.installed",
81+
"format": "date_time"
82+
},
83+
{
84+
"field": "process.code_signature.timestamp",
85+
"format": "date_time"
86+
},
87+
{
88+
"field": "process.elf.creation_date",
89+
"format": "date_time"
90+
},
91+
{
92+
"field": "process.end",
93+
"format": "date_time"
94+
},
95+
{
96+
"field": "process.parent.code_signature.timestamp",
97+
"format": "date_time"
98+
},
99+
{
100+
"field": "process.parent.elf.creation_date",
101+
"format": "date_time"
102+
},
103+
{
104+
"field": "process.parent.end",
105+
"format": "date_time"
106+
},
107+
{
108+
"field": "process.parent.start",
109+
"format": "date_time"
110+
},
111+
{
112+
"field": "process.start",
113+
"format": "date_time"
114+
},
115+
{
116+
"field": "threat.enrichments.indicator.file.accessed",
117+
"format": "date_time"
118+
},
119+
{
120+
"field": "threat.enrichments.indicator.file.code_signature.timestamp",
121+
"format": "date_time"
122+
},
123+
{
124+
"field": "threat.enrichments.indicator.file.created",
125+
"format": "date_time"
126+
},
127+
{
128+
"field": "threat.enrichments.indicator.file.ctime",
129+
"format": "date_time"
130+
},
131+
{
132+
"field": "threat.enrichments.indicator.file.elf.creation_date",
133+
"format": "date_time"
134+
},
135+
{
136+
"field": "threat.enrichments.indicator.file.mtime",
137+
"format": "date_time"
138+
},
139+
{
140+
"field": "threat.enrichments.indicator.first_seen",
141+
"format": "date_time"
142+
},
143+
{
144+
"field": "threat.enrichments.indicator.last_seen",
145+
"format": "date_time"
146+
},
147+
{
148+
"field": "threat.enrichments.indicator.modified_at",
149+
"format": "date_time"
150+
},
151+
{
152+
"field": "threat.enrichments.indicator.x509.not_after",
153+
"format": "date_time"
154+
},
155+
{
156+
"field": "threat.enrichments.indicator.x509.not_before",
157+
"format": "date_time"
158+
},
159+
{
160+
"field": "threat.indicator.file.accessed",
161+
"format": "date_time"
162+
},
163+
{
164+
"field": "threat.indicator.file.code_signature.timestamp",
165+
"format": "date_time"
166+
},
167+
{
168+
"field": "threat.indicator.file.created",
169+
"format": "date_time"
170+
},
171+
{
172+
"field": "threat.indicator.file.ctime",
173+
"format": "date_time"
174+
},
175+
{
176+
"field": "threat.indicator.file.elf.creation_date",
177+
"format": "date_time"
178+
},
179+
{
180+
"field": "threat.indicator.file.mtime",
181+
"format": "date_time"
182+
},
183+
{
184+
"field": "threat.indicator.first_seen",
185+
"format": "date_time"
186+
},
187+
{
188+
"field": "threat.indicator.last_seen",
189+
"format": "date_time"
190+
},
191+
{
192+
"field": "threat.indicator.modified_at",
193+
"format": "date_time"
194+
},
195+
{
196+
"field": "threat.indicator.x509.not_after",
197+
"format": "date_time"
198+
},
199+
{
200+
"field": "threat.indicator.x509.not_before",
201+
"format": "date_time"
202+
},
203+
{
204+
"field": "tls.client.not_after",
205+
"format": "date_time"
206+
},
207+
{
208+
"field": "tls.client.not_before",
209+
"format": "date_time"
210+
},
211+
{
212+
"field": "tls.client.x509.not_after",
213+
"format": "date_time"
214+
},
215+
{
216+
"field": "tls.client.x509.not_before",
217+
"format": "date_time"
218+
},
219+
{
220+
"field": "tls.server.not_after",
221+
"format": "date_time"
222+
},
223+
{
224+
"field": "tls.server.not_before",
225+
"format": "date_time"
226+
},
227+
{
228+
"field": "tls.server.x509.not_after",
229+
"format": "date_time"
230+
},
231+
{
232+
"field": "tls.server.x509.not_before",
233+
"format": "date_time"
234+
},
235+
{
236+
"field": "winlog.time_created",
237+
"format": "date_time"
238+
},
239+
{
240+
"field": "x509.not_after",
241+
"format": "date_time"
242+
},
243+
{
244+
"field": "x509.not_before",
245+
"format": "date_time"
246+
}
247+
],
248+
"script_fields": {},
249+
"stored_fields": [
250+
"*"
251+
],
252+
"runtime_mappings": {
253+
"day_of_week": {
254+
"type": "long",
255+
"script": {
256+
"source": "emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())"
257+
}
258+
},
259+
"hour_of_day": {
260+
"type": "long",
261+
"script": {
262+
"source": "emit (doc['@timestamp'].value.getHour())"
263+
}
264+
}
265+
},
266+
"_source": {
267+
"excludes": []
268+
},
269+
"query": {
270+
"bool": {
271+
"must": [],
272+
"filter": [
273+
{
274+
"range": {
275+
"@timestamp": {
276+
"format": "strict_date_optional_time",
277+
"gte": "2024-05-29T13:29:01.758Z",
278+
"lte": "2024-05-29T13:44:01.758Z"
279+
}
280+
}
281+
}
282+
],
283+
"should": [],
284+
"must_not": []
285+
}
286+
}
287+
}

0 commit comments

Comments
 (0)