CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

ThreatFox test

Browse Source
This commit is contained in:
Wes
2023-12-15 15:16:44 +00:00
parent 8aaeee20b9
commit 020472085b
1 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
salt/sensoroni/files/analyzers/threatfox/threatfox_test.py
View File

@@ -96,6 +96,51 @@ class TestThreatfoxMethods(unittest.TestCase):
results = threatfox.prepareResults(raw) results = threatfox.prepareResults(raw)
self.assertEqual(results, sim_results) self.assertEqual(results, sim_results)
def test_prepareResults_threat_type_does_not_exist(self):
# threat type does not exist
raw = {'query_status': 'ok', 'data': [
{'threat_type': '', 'threat_type_desc': 'description', 'confidence_level': 0}]}
sim_results = {'response': raw,
'summary': 'description', 'status': 'ok'}
results = threatfox.prepareResults(raw)
self.assertEqual(results, sim_results)
def test_prepareResults_threat_type_25_or_less(self):
# confidence level of 25 or less
raw = {'query_status': 'ok', 'data': [
{'threat_type': 'threat', 'confidence_level': 25}]}
sim_results = {'response': raw,
'summary': 'threat', 'status': 'ok'}
results = threatfox.prepareResults(raw)
self.assertEqual(results, sim_results)
def test_prepareResults_threat_type_greater_than_25(self):
# confidence level greater than 25
raw = {'query_status': 'ok', 'data': [
{'threat_type': 'threat', 'confidence_level': 26}]}
sim_results = {'response': raw,
'summary': 'threat', 'status': 'info'}
results = threatfox.prepareResults(raw)
self.assertEqual(results, sim_results)
def test_prepareResults_threat_type_greater_than_50(self):
# confidence level greater than 50
raw = {'query_status': 'ok', 'data': [
{'threat_type': 'threat', 'confidence_level': 51}]}
sim_results = {'response': raw,
'summary': 'threat', 'status': 'caution'}
results = threatfox.prepareResults(raw)
self.assertEqual(results, sim_results)
def test_prepareResults_threat_type_greater_than_75(self):
# confidence level greater than 75
raw = {'query_status': 'ok', 'data': [
{'threat_type': 'threat', 'confidence_level': 76}]}
sim_results = {'response': raw,
'summary': 'threat', 'status': 'threat'}
results = threatfox.prepareResults(raw)
self.assertEqual(results, sim_results)
def test_prepareResults_error(self): def test_prepareResults_error(self):
raw = {} raw = {}
sim_results = {'response': raw, 'status': 'caution', sim_results = {'response': raw, 'status': 'caution',