mentat.services.test_eventstorage module

Unit test module for testing the mentat.services.eventstorage module.

class mentat.services.test_eventstorage.TestMentatStorage(methodName='runTest')

Bases: unittest.case.TestCase

Unit test class for testing the mentat.services.sqlstorage module.

IDEA_RAW_1 = {'Attach': [{'Handle': 'att1', 'FileName': ['killemall'], 'Type': ['Malware'], 'ContentType': 'application/octet-stream', 'Hash': ['sha1:0c4a38c3569f0cc632e74f4c'], 'Size': 46, 'Ref': ['Trojan-Spy:W32/FinSpy.A'], 'ContentEncoding': 'base64', 'Content': 'TVpqdXN0a2lkZGluZwo='}], 'Category': ['Fraud.Phishing', 'Test'], 'CeaseTime': '2012-11-03T09:55:22Z', 'Confidence': 1.0, 'ConnCount': 20, 'CreateTime': '2012-11-03T10:00:02Z', 'Description': 'Synthetic example', 'DetectTime': '2012-11-03T10:00:07Z', 'EventTime': '2012-11-03T07:36:00Z', 'Format': 'IDEA0', 'ID': '4390fc3f-c753-4a3e-bc83-1b44f24baf75', 'Node': [{'Name': 'org.example.kippo_honey', 'Realm': 'cesnet.cz', 'Type': ['Protocol', 'Honeypot'], 'SW': ['Kippo'], 'AggrWin': '00:05:00'}], 'Note': 'Synthetic example note', 'Ref': ['cve:CVE-1234-5678'], 'Source': [{'Type': ['Phishing'], 'IP4': ['192.168.0.2-192.168.0.5', '192.168.0.0/25'], 'IP6': ['2001:db8::ff00:42:0/112'], 'Hostname': ['example.com'], 'URL': ['http://example.com/cgi-bin/killemall'], 'Proto': ['tcp', 'http'], 'AttachHand': ['att1'], 'Netname': ['ripe:IANA-CBLK-RESERVED1']}], 'Target': [{'Type': ['Backscatter', 'OriginSpam'], 'Email': ['innocent@example.com'], 'Spoofed': True}, {'Type': ['CasualIP'], 'IP4': ['10.2.2.0/24'], 'IP6': ['2001:ffff::ff00:42:0/112'], 'Port': [22, 25, 443], 'Anonymised': True}], 'WinEndTime': '2012-11-03T10:00:00Z', 'WinStartTime': '2012-11-03T05:00:00Z', '_Mentat': {'EventClass': 'vulnerable-config-ssdp', 'EventSeverity': 'low', 'EventTemplate': 'sserv-012', 'Impact': 'System provides SDDP service and can be misused for massive DDoS attack', 'InspectionErrors': ['Demonstration error - first', 'Demonstration error - second'], 'ResolvedAbuses': ['abuse@cesnet.cz'], 'StorageTime': '2017-04-05T10:21:39Z'}}

IDEA_RAW_2 = {'Attach': [{'data': 'root:zlxx.\x00\nenable\x00:system\x00\nshell\x00:sh\x00', 'datalen': 38}], 'Category': ['Attempt.Login', 'Test'], 'ConnCount': 1, 'DetectTime': '2018-04-30T08:54:28.550680Z', 'Format': 'IDEA0', 'ID': 'b434c36f-f0e6-4afb-afab-95863486e76f', 'Node': [{'Name': 'cz.cesnet.hugo.haas_telnetd', 'SW': ['telnetd'], 'Type': ['Honeypot', 'Connection']}], 'Note': 'telnetd event', 'Source': [{'IP4': ['212.111.222.111'], 'Port': [3246], 'Proto': ['tcp']}], 'Target': [{'Anonymised': True, 'IP4': ['192.0.0.0'], 'Port': [23], 'Proto': ['tcp']}], '_Mentat': {'EventClass': 'attempt-login-telnet', 'EventSeverity': 'medium', 'SourceResolvedASN': [12338], 'SourceResolvedCountry': ['ES'], 'StorageTime': '2017-04-05T10:21:39Z'}}

PGDB_CONFIG = {'dbname': 'mentat_utest', 'host': 'localhost', 'password': 'mentat', 'port': 5432, 'user': 'mentat'}

test_01_service()

Perform the basic tests of storage service.

test_02_service_manager()

Perform the basic tests of storage service manager.

test_03_module_service()

Perform the basic tests of module service.

test_04_crd()

Perform the basic event create,read,delete tests.

test_05_build_query()

Perform various query building tests.

test_06_build_query_aggr()

Perform various query building tests.

test_07_search_events()

Perform various event search tests.

test_08_watchdog_events()

Perform event database watchdog tests.

test_09_count_events()

Perform various event count tests.

test_10_delete_events()

Perform various event delete tests.

test_11_distinct_values()

Perform various distinct values tests.

test_12_thresholding_cache()

Perform various thresholding cache tests.

test_13_relapse()

Perform various relapse tests.

test_14_search_event_ghosts()

Perform various event search tests.

verbose = False