From 2d37c68bd7f0576e3a1b2539dff72680715a2265 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 12 Aug 2019 14:12:40 +0200 Subject: [PATCH] chg: Add tests cases for sync, bump describeTypes --- pymisp/aping.py | 13 +- pymisp/data/describeTypes.json | 2062 +++++++++++++++---------------- tests/testlive_comprehensive.py | 10 + tests/testlive_sync.py | 42 +- 4 files changed, 1087 insertions(+), 1040 deletions(-) diff --git a/pymisp/aping.py b/pymisp/aping.py index 29c096c..8ca340e 100644 --- a/pymisp/aping.py +++ b/pymisp/aping.py @@ -500,14 +500,14 @@ class ExpandedPyMISP(PyMISP): # ## BEGIN Sighting ### - def sightings(self, misp_entity: AbstractMISP, org: Union[MISPOrganisation, int, str, UUID]=None, pythonify: bool=False): + def sightings(self, misp_entity: AbstractMISP=None, org: Union[MISPOrganisation, int, str, UUID]=None, pythonify: bool=False): """Get the list of sighting related to a MISPEvent or a MISPAttribute (depending on type of misp_entity)""" if isinstance(misp_entity, MISPEvent): context = 'event' elif isinstance(misp_entity, MISPAttribute): context = 'attribute' else: - raise PyMISPError('misp_entity can only be a MISPEvent or a MISPAttribute') + context = None if org is not None: org_id = self.__get_uuid_or_id_from_abstract_misp(org) else: @@ -519,10 +519,15 @@ class ExpandedPyMISP(PyMISP): url = f'{url}/{org_id}' sightings = self._prepare_request('POST', url) else: - to_post = {'id': misp_entity.id, 'context': context} + if context is None: + url = 'sightings' + to_post = {} + else: + url = 'sightings/listSightings' + to_post = {'id': misp_entity.id, 'context': context} if org_id: to_post['org_id'] = org_id - sightings = self._prepare_request('POST', 'sightings/listSightings', data=to_post) + sightings = self._prepare_request('POST', url, data=to_post) sightings = self._check_response(sightings, expect_json=True) if not (self.global_pythonify or pythonify) or 'errors' in sightings: diff --git a/pymisp/data/describeTypes.json b/pymisp/data/describeTypes.json index d524393..2d2bbc2 100644 --- a/pymisp/data/describeTypes.json +++ b/pymisp/data/describeTypes.json @@ -1,49 +1,551 @@ { "result": { + "categories": [ + "Antivirus detection", + "Artifacts dropped", + "Attribution", + "External analysis", + "Financial fraud", + "Internal reference", + "Network activity", + "Other", + "Payload delivery", + "Payload installation", + "Payload type", + "Persistence mechanism", + "Person", + "Social network", + "Support Tool", + "Targeting data" + ], + "category_type_mappings": { + "Antivirus detection": [ + "anonymised", + "attachment", + "comment", + "hex", + "link", + "other", + "text" + ], + "Artifacts dropped": [ + "anonymised", + "attachment", + "authentihash", + "cdhash", + "comment", + "cookie", + "filename", + "filename|authentihash", + "filename|impfuzzy", + "filename|imphash", + "filename|md5", + "filename|pehash", + "filename|sha1", + "filename|sha224", + "filename|sha256", + "filename|sha384", + "filename|sha512", + "filename|sha512/224", + "filename|sha512/256", + "filename|ssdeep", + "filename|tlsh", + "gene", + "hex", + "impfuzzy", + "imphash", + "malware-sample", + "md5", + "mime-type", + "mutex", + "named pipe", + "other", + "pattern-in-file", + "pattern-in-memory", + "pdb", + "regkey", + "regkey|value", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "sha512/224", + "sha512/256", + "sigma", + "ssdeep", + "stix2-pattern", + "text", + "windows-scheduled-task", + "windows-service-displayname", + "windows-service-name", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "yara" + ], + "Attribution": [ + "anonymised", + "campaign-id", + "campaign-name", + "comment", + "dns-soa-email", + "other", + "text", + "threat-actor", + "whois-creation-date", + "whois-registrant-email", + "whois-registrant-name", + "whois-registrant-org", + "whois-registrant-phone", + "whois-registrar", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256" + ], + "External analysis": [ + "AS", + "anonymised", + "attachment", + "bro", + "comment", + "community-id", + "cortex", + "domain", + "domain|ip", + "filename", + "filename|md5", + "filename|sha1", + "filename|sha256", + "github-repository", + "hassh-md5", + "hasshserver-md5", + "hostname", + "ip-dst", + "ip-dst|port", + "ip-src", + "ip-src|port", + "ja3-fingerprint-md5", + "link", + "mac-address", + "mac-eui-64", + "malware-sample", + "md5", + "other", + "pattern-in-file", + "pattern-in-memory", + "pattern-in-traffic", + "regkey", + "regkey|value", + "sha1", + "sha256", + "snort", + "text", + "url", + "user-agent", + "vulnerability", + "weakness", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "zeek" + ], + "Financial fraud": [ + "aba-rtn", + "anonymised", + "bank-account-nr", + "bic", + "bin", + "btc", + "cc-number", + "comment", + "hex", + "iban", + "other", + "phone-number", + "prtn", + "text", + "xmr" + ], + "Internal reference": [ + "anonymised", + "comment", + "hex", + "link", + "other", + "text" + ], + "Network activity": [ + "AS", + "anonymised", + "attachment", + "bro", + "comment", + "community-id", + "cookie", + "domain", + "domain|ip", + "email-dst", + "email-subject", + "hassh-md5", + "hasshserver-md5", + "hex", + "hostname", + "hostname|port", + "http-method", + "ip-dst", + "ip-dst|port", + "ip-src", + "ip-src|port", + "ja3-fingerprint-md5", + "mac-address", + "mac-eui-64", + "other", + "pattern-in-file", + "pattern-in-traffic", + "port", + "snort", + "stix2-pattern", + "text", + "uri", + "url", + "user-agent", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "zeek" + ], + "Other": [ + "anonymised", + "boolean", + "comment", + "counter", + "cpe", + "datetime", + "float", + "hex", + "other", + "phone-number", + "port", + "size-in-bytes", + "text" + ], + "Payload delivery": [ + "AS", + "anonymised", + "attachment", + "authentihash", + "cdhash", + "comment", + "domain", + "email-attachment", + "email-body", + "email-dst", + "email-dst-display-name", + "email-header", + "email-message-id", + "email-mime-boundary", + "email-reply-to", + "email-src", + "email-src-display-name", + "email-subject", + "email-thread-index", + "email-x-mailer", + "filename", + "filename|authentihash", + "filename|impfuzzy", + "filename|imphash", + "filename|md5", + "filename|pehash", + "filename|sha1", + "filename|sha224", + "filename|sha256", + "filename|sha384", + "filename|sha512", + "filename|sha512/224", + "filename|sha512/256", + "filename|ssdeep", + "filename|tlsh", + "hassh-md5", + "hasshserver-md5", + "hex", + "hostname", + "hostname|port", + "impfuzzy", + "imphash", + "ip-dst", + "ip-dst|port", + "ip-src", + "ip-src|port", + "ja3-fingerprint-md5", + "link", + "mac-address", + "mac-eui-64", + "malware-sample", + "malware-type", + "md5", + "mime-type", + "mobile-application-id", + "other", + "pattern-in-file", + "pattern-in-traffic", + "pehash", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "sha512/224", + "sha512/256", + "sigma", + "ssdeep", + "stix2-pattern", + "text", + "tlsh", + "url", + "user-agent", + "vulnerability", + "weakness", + "whois-registrant-email", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "yara" + ], + "Payload installation": [ + "anonymised", + "attachment", + "authentihash", + "cdhash", + "comment", + "filename", + "filename|authentihash", + "filename|impfuzzy", + "filename|imphash", + "filename|md5", + "filename|pehash", + "filename|sha1", + "filename|sha224", + "filename|sha256", + "filename|sha384", + "filename|sha512", + "filename|sha512/224", + "filename|sha512/256", + "filename|ssdeep", + "filename|tlsh", + "hex", + "impfuzzy", + "imphash", + "malware-sample", + "malware-type", + "md5", + "mime-type", + "mobile-application-id", + "other", + "pattern-in-file", + "pattern-in-memory", + "pattern-in-traffic", + "pehash", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "sha512/224", + "sha512/256", + "sigma", + "ssdeep", + "stix2-pattern", + "text", + "tlsh", + "vulnerability", + "weakness", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "yara" + ], + "Payload type": [ + "anonymised", + "comment", + "other", + "text" + ], + "Persistence mechanism": [ + "anonymised", + "comment", + "filename", + "hex", + "other", + "regkey", + "regkey|value", + "text" + ], + "Person": [ + "anonymised", + "comment", + "country-of-residence", + "date-of-birth", + "first-name", + "frequent-flyer-number", + "gender", + "identity-card-number", + "issue-date-of-the-visa", + "last-name", + "middle-name", + "nationality", + "other", + "passenger-name-record-locator-number", + "passport-country", + "passport-expiration", + "passport-number", + "payment-details", + "phone-number", + "place-of-birth", + "place-port-of-clearance", + "place-port-of-onward-foreign-destination", + "place-port-of-original-embarkation", + "primary-residence", + "redress-number", + "special-service-request", + "text", + "travel-details", + "visa-number" + ], + "Social network": [ + "anonymised", + "comment", + "email-dst", + "email-src", + "github-organisation", + "github-repository", + "github-username", + "jabber-id", + "other", + "text", + "twitter-id", + "whois-registrant-email" + ], + "Support Tool": [ + "anonymised", + "attachment", + "comment", + "hex", + "link", + "other", + "text" + ], + "Targeting data": [ + "anonymised", + "comment", + "target-email", + "target-external", + "target-location", + "target-machine", + "target-org", + "target-user" + ] + }, "sane_defaults": { - "md5": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "sha1": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "sha256": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "filename": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "pdb": { - "default_category": "Artifacts dropped", + "AS": { + "default_category": "Network activity", "to_ids": 0 }, - "filename|md5": { + "aba-rtn": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "anonymised": { + "default_category": "Other", + "to_ids": 0 + }, + "attachment": { + "default_category": "External analysis", + "to_ids": 0 + }, + "authentihash": { "default_category": "Payload delivery", "to_ids": 1 }, - "filename|sha1": { + "bank-account-nr": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "bic": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "bin": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "boolean": { + "default_category": "Other", + "to_ids": 0 + }, + "bro": { + "default_category": "Network activity", + "to_ids": 1 + }, + "btc": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "campaign-id": { + "default_category": "Attribution", + "to_ids": 0 + }, + "campaign-name": { + "default_category": "Attribution", + "to_ids": 0 + }, + "cc-number": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "cdhash": { "default_category": "Payload delivery", "to_ids": 1 }, - "filename|sha256": { - "default_category": "Payload delivery", - "to_ids": 1 + "comment": { + "default_category": "Other", + "to_ids": 0 }, - "ip-src": { + "community-id": { "default_category": "Network activity", "to_ids": 1 }, - "ip-dst": { + "cookie": { "default_category": "Network activity", - "to_ids": 1 + "to_ids": 0 }, - "hostname": { - "default_category": "Network activity", - "to_ids": 1 + "cortex": { + "default_category": "External analysis", + "to_ids": 0 + }, + "counter": { + "default_category": "Other", + "to_ids": 0 + }, + "country-of-residence": { + "default_category": "Person", + "to_ids": 0 + }, + "cpe": { + "default_category": "Other", + "to_ids": 0 + }, + "date-of-birth": { + "default_category": "Person", + "to_ids": 0 + }, + "datetime": { + "default_category": "Other", + "to_ids": 0 + }, + "dns-soa-email": { + "default_category": "Attribution", + "to_ids": 0 }, "domain": { "default_category": "Network activity", @@ -53,18 +555,6 @@ "default_category": "Network activity", "to_ids": 1 }, - "email-src": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "email-dst": { - "default_category": "Network activity", - "to_ids": 1 - }, - "email-subject": { - "default_category": "Payload delivery", - "to_ids": 0 - }, "email-attachment": { "default_category": "Payload delivery", "to_ids": 1 @@ -73,275 +563,51 @@ "default_category": "Payload delivery", "to_ids": 0 }, - "float": { - "default_category": "Other", - "to_ids": 0 - }, - "url": { + "email-dst": { "default_category": "Network activity", "to_ids": 1 }, - "http-method": { - "default_category": "Network activity", - "to_ids": 0 - }, - "user-agent": { - "default_category": "Network activity", - "to_ids": 0 - }, - "ja3-fingerprint-md5": { - "default_category": "Network activity", - "to_ids": 1 - }, - "hassh-md5": { - "default_category": "Network activity", - "to_ids": 1 - }, - "hasshserver-md5": { - "default_category": "Network activity", - "to_ids": 1 - }, - "regkey": { - "default_category": "Persistence mechanism", - "to_ids": 1 - }, - "regkey|value": { - "default_category": "Persistence mechanism", - "to_ids": 1 - }, - "AS": { - "default_category": "Network activity", - "to_ids": 0 - }, - "snort": { - "default_category": "Network activity", - "to_ids": 1 - }, - "bro": { - "default_category": "Network activity", - "to_ids": 1 - }, - "zeek": { - "default_category": "Network activity", - "to_ids": 1 - }, - "community-id": { - "default_category": "Network activity", - "to_ids": 1 - }, - "pattern-in-file": { - "default_category": "Payload installation", - "to_ids": 1 - }, - "pattern-in-traffic": { - "default_category": "Network activity", - "to_ids": 1 - }, - "pattern-in-memory": { - "default_category": "Payload installation", - "to_ids": 1 - }, - "yara": { - "default_category": "Payload installation", - "to_ids": 1 - }, - "stix2-pattern": { - "default_category": "Payload installation", - "to_ids": 1 - }, - "sigma": { - "default_category": "Payload installation", - "to_ids": 1 - }, - "gene": { - "default_category": "Artifacts dropped", - "to_ids": 0 - }, - "mime-type": { - "default_category": "Artifacts dropped", - "to_ids": 0 - }, - "identity-card-number": { - "default_category": "Person", - "to_ids": 0 - }, - "cookie": { - "default_category": "Network activity", - "to_ids": 0 - }, - "vulnerability": { - "default_category": "External analysis", - "to_ids": 0 - }, - "weakness": { - "default_category": "External analysis", - "to_ids": 0 - }, - "attachment": { - "default_category": "External analysis", - "to_ids": 0 - }, - "malware-sample": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "link": { - "default_category": "External analysis", - "to_ids": 0 - }, - "comment": { - "default_category": "Other", - "to_ids": 0 - }, - "text": { - "default_category": "Other", - "to_ids": 0 - }, - "hex": { - "default_category": "Other", - "to_ids": 0 - }, - "other": { - "default_category": "Other", - "to_ids": 0 - }, - "named pipe": { - "default_category": "Artifacts dropped", - "to_ids": 0 - }, - "mutex": { - "default_category": "Artifacts dropped", - "to_ids": 1 - }, - "target-user": { - "default_category": "Targeting data", - "to_ids": 0 - }, - "target-email": { - "default_category": "Targeting data", - "to_ids": 0 - }, - "target-machine": { - "default_category": "Targeting data", - "to_ids": 0 - }, - "target-org": { - "default_category": "Targeting data", - "to_ids": 0 - }, - "target-location": { - "default_category": "Targeting data", - "to_ids": 0 - }, - "target-external": { - "default_category": "Targeting data", - "to_ids": 0 - }, - "btc": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "xmr": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "iban": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "bic": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "bank-account-nr": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "aba-rtn": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "bin": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "cc-number": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "prtn": { - "default_category": "Financial fraud", - "to_ids": 1 - }, - "phone-number": { - "default_category": "Person", - "to_ids": 0 - }, - "threat-actor": { - "default_category": "Attribution", - "to_ids": 0 - }, - "campaign-name": { - "default_category": "Attribution", - "to_ids": 0 - }, - "campaign-id": { - "default_category": "Attribution", - "to_ids": 0 - }, - "malware-type": { + "email-dst-display-name": { "default_category": "Payload delivery", "to_ids": 0 }, - "uri": { - "default_category": "Network activity", - "to_ids": 1 + "email-header": { + "default_category": "Payload delivery", + "to_ids": 0 }, - "authentihash": { + "email-message-id": { + "default_category": "Payload delivery", + "to_ids": 0 + }, + "email-mime-boundary": { + "default_category": "Payload delivery", + "to_ids": 0 + }, + "email-reply-to": { + "default_category": "Payload delivery", + "to_ids": 0 + }, + "email-src": { "default_category": "Payload delivery", "to_ids": 1 }, - "ssdeep": { + "email-src-display-name": { "default_category": "Payload delivery", - "to_ids": 1 + "to_ids": 0 }, - "imphash": { + "email-subject": { "default_category": "Payload delivery", - "to_ids": 1 + "to_ids": 0 }, - "pehash": { + "email-thread-index": { "default_category": "Payload delivery", - "to_ids": 1 + "to_ids": 0 }, - "impfuzzy": { + "email-x-mailer": { "default_category": "Payload delivery", - "to_ids": 1 + "to_ids": 0 }, - "sha224": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "sha384": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "sha512": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "sha512/224": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "sha512/256": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "tlsh": { - "default_category": "Payload delivery", - "to_ids": 1 - }, - "cdhash": { + "filename": { "default_category": "Payload delivery", "to_ids": 1 }, @@ -349,7 +615,7 @@ "default_category": "Payload delivery", "to_ids": 1 }, - "filename|ssdeep": { + "filename|impfuzzy": { "default_category": "Payload delivery", "to_ids": 1 }, @@ -357,7 +623,7 @@ "default_category": "Payload delivery", "to_ids": 1 }, - "filename|impfuzzy": { + "filename|md5": { "default_category": "Payload delivery", "to_ids": 1 }, @@ -365,10 +631,18 @@ "default_category": "Payload delivery", "to_ids": 1 }, + "filename|sha1": { + "default_category": "Payload delivery", + "to_ids": 1 + }, "filename|sha224": { "default_category": "Payload delivery", "to_ids": 1 }, + "filename|sha256": { + "default_category": "Payload delivery", + "to_ids": 1 + }, "filename|sha384": { "default_category": "Payload delivery", "to_ids": 1 @@ -385,94 +659,122 @@ "default_category": "Payload delivery", "to_ids": 1 }, + "filename|ssdeep": { + "default_category": "Payload delivery", + "to_ids": 1 + }, "filename|tlsh": { "default_category": "Payload delivery", "to_ids": 1 }, - "windows-scheduled-task": { + "first-name": { + "default_category": "Person", + "to_ids": 0 + }, + "float": { + "default_category": "Other", + "to_ids": 0 + }, + "frequent-flyer-number": { + "default_category": "Person", + "to_ids": 0 + }, + "gender": { + "default_category": "Person", + "to_ids": 0 + }, + "gene": { "default_category": "Artifacts dropped", "to_ids": 0 }, - "windows-service-name": { - "default_category": "Artifacts dropped", + "github-organisation": { + "default_category": "Social network", "to_ids": 0 }, - "windows-service-displayname": { - "default_category": "Artifacts dropped", + "github-repository": { + "default_category": "Social network", "to_ids": 0 }, - "whois-registrant-email": { - "default_category": "Attribution", + "github-username": { + "default_category": "Social network", "to_ids": 0 }, - "whois-registrant-phone": { - "default_category": "Attribution", - "to_ids": 0 - }, - "whois-registrant-name": { - "default_category": "Attribution", - "to_ids": 0 - }, - "whois-registrant-org": { - "default_category": "Attribution", - "to_ids": 0 - }, - "whois-registrar": { - "default_category": "Attribution", - "to_ids": 0 - }, - "whois-creation-date": { - "default_category": "Attribution", - "to_ids": 0 - }, - "x509-fingerprint-sha1": { + "hassh-md5": { "default_category": "Network activity", "to_ids": 1 }, - "x509-fingerprint-md5": { + "hasshserver-md5": { "default_category": "Network activity", "to_ids": 1 }, - "x509-fingerprint-sha256": { + "hex": { + "default_category": "Other", + "to_ids": 0 + }, + "hostname": { "default_category": "Network activity", "to_ids": 1 }, - "dns-soa-email": { - "default_category": "Attribution", - "to_ids": 0 + "hostname|port": { + "default_category": "Network activity", + "to_ids": 1 }, - "size-in-bytes": { - "default_category": "Other", - "to_ids": 0 - }, - "counter": { - "default_category": "Other", - "to_ids": 0 - }, - "datetime": { - "default_category": "Other", - "to_ids": 0 - }, - "cpe": { - "default_category": "Other", - "to_ids": 0 - }, - "port": { + "http-method": { "default_category": "Network activity", "to_ids": 0 }, + "iban": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "identity-card-number": { + "default_category": "Person", + "to_ids": 0 + }, + "impfuzzy": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "imphash": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "ip-dst": { + "default_category": "Network activity", + "to_ids": 1 + }, "ip-dst|port": { "default_category": "Network activity", "to_ids": 1 }, + "ip-src": { + "default_category": "Network activity", + "to_ids": 1 + }, "ip-src|port": { "default_category": "Network activity", "to_ids": 1 }, - "hostname|port": { + "issue-date-of-the-visa": { + "default_category": "Person", + "to_ids": 0 + }, + "ja3-fingerprint-md5": { "default_category": "Network activity", "to_ids": 1 }, + "jabber-id": { + "default_category": "Social network", + "to_ids": 0 + }, + "last-name": { + "default_category": "Person", + "to_ids": 0 + }, + "link": { + "default_category": "External analysis", + "to_ids": 0 + }, "mac-address": { "default_category": "Network activity", "to_ids": 0 @@ -481,83 +783,47 @@ "default_category": "Network activity", "to_ids": 0 }, - "email-dst-display-name": { + "malware-sample": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "malware-type": { "default_category": "Payload delivery", "to_ids": 0 }, - "email-src-display-name": { + "md5": { "default_category": "Payload delivery", - "to_ids": 0 - }, - "email-header": { - "default_category": "Payload delivery", - "to_ids": 0 - }, - "email-reply-to": { - "default_category": "Payload delivery", - "to_ids": 0 - }, - "email-x-mailer": { - "default_category": "Payload delivery", - "to_ids": 0 - }, - "email-mime-boundary": { - "default_category": "Payload delivery", - "to_ids": 0 - }, - "email-thread-index": { - "default_category": "Payload delivery", - "to_ids": 0 - }, - "email-message-id": { - "default_category": "Payload delivery", - "to_ids": 0 - }, - "github-username": { - "default_category": "Social network", - "to_ids": 0 - }, - "github-repository": { - "default_category": "Social network", - "to_ids": 0 - }, - "github-organisation": { - "default_category": "Social network", - "to_ids": 0 - }, - "jabber-id": { - "default_category": "Social network", - "to_ids": 0 - }, - "twitter-id": { - "default_category": "Social network", - "to_ids": 0 - }, - "first-name": { - "default_category": "Person", - "to_ids": 0 + "to_ids": 1 }, "middle-name": { "default_category": "Person", "to_ids": 0 }, - "last-name": { + "mime-type": { + "default_category": "Artifacts dropped", + "to_ids": 0 + }, + "mobile-application-id": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "mutex": { + "default_category": "Artifacts dropped", + "to_ids": 1 + }, + "named pipe": { + "default_category": "Artifacts dropped", + "to_ids": 0 + }, + "nationality": { "default_category": "Person", "to_ids": 0 }, - "date-of-birth": { - "default_category": "Person", + "other": { + "default_category": "Other", "to_ids": 0 }, - "place-of-birth": { - "default_category": "Person", - "to_ids": 0 - }, - "gender": { - "default_category": "Person", - "to_ids": 0 - }, - "passport-number": { + "passenger-name-record-locator-number": { "default_category": "Person", "to_ids": 0 }, @@ -569,47 +835,39 @@ "default_category": "Person", "to_ids": 0 }, - "redress-number": { + "passport-number": { "default_category": "Person", "to_ids": 0 }, - "nationality": { - "default_category": "Person", - "to_ids": 0 + "pattern-in-file": { + "default_category": "Payload installation", + "to_ids": 1 }, - "visa-number": { - "default_category": "Person", - "to_ids": 0 + "pattern-in-memory": { + "default_category": "Payload installation", + "to_ids": 1 }, - "issue-date-of-the-visa": { - "default_category": "Person", - "to_ids": 0 - }, - "primary-residence": { - "default_category": "Person", - "to_ids": 0 - }, - "country-of-residence": { - "default_category": "Person", - "to_ids": 0 - }, - "special-service-request": { - "default_category": "Person", - "to_ids": 0 - }, - "frequent-flyer-number": { - "default_category": "Person", - "to_ids": 0 - }, - "travel-details": { - "default_category": "Person", - "to_ids": 0 + "pattern-in-traffic": { + "default_category": "Network activity", + "to_ids": 1 }, "payment-details": { "default_category": "Person", "to_ids": 0 }, - "place-port-of-original-embarkation": { + "pdb": { + "default_category": "Artifacts dropped", + "to_ids": 0 + }, + "pehash": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "phone-number": { + "default_category": "Person", + "to_ids": 0 + }, + "place-of-birth": { "default_category": "Person", "to_ids": 0 }, @@ -621,634 +879,376 @@ "default_category": "Person", "to_ids": 0 }, - "passenger-name-record-locator-number": { + "place-port-of-original-embarkation": { "default_category": "Person", "to_ids": 0 }, - "mobile-application-id": { + "port": { + "default_category": "Network activity", + "to_ids": 0 + }, + "primary-residence": { + "default_category": "Person", + "to_ids": 0 + }, + "prtn": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "redress-number": { + "default_category": "Person", + "to_ids": 0 + }, + "regkey": { + "default_category": "Persistence mechanism", + "to_ids": 1 + }, + "regkey|value": { + "default_category": "Persistence mechanism", + "to_ids": 1 + }, + "sha1": { "default_category": "Payload delivery", "to_ids": 1 }, - "cortex": { + "sha224": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "sha256": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "sha384": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "sha512": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "sha512/224": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "sha512/256": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "sigma": { + "default_category": "Payload installation", + "to_ids": 1 + }, + "size-in-bytes": { + "default_category": "Other", + "to_ids": 0 + }, + "snort": { + "default_category": "Network activity", + "to_ids": 1 + }, + "special-service-request": { + "default_category": "Person", + "to_ids": 0 + }, + "ssdeep": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "stix2-pattern": { + "default_category": "Payload installation", + "to_ids": 1 + }, + "target-email": { + "default_category": "Targeting data", + "to_ids": 0 + }, + "target-external": { + "default_category": "Targeting data", + "to_ids": 0 + }, + "target-location": { + "default_category": "Targeting data", + "to_ids": 0 + }, + "target-machine": { + "default_category": "Targeting data", + "to_ids": 0 + }, + "target-org": { + "default_category": "Targeting data", + "to_ids": 0 + }, + "target-user": { + "default_category": "Targeting data", + "to_ids": 0 + }, + "text": { + "default_category": "Other", + "to_ids": 0 + }, + "threat-actor": { + "default_category": "Attribution", + "to_ids": 0 + }, + "tlsh": { + "default_category": "Payload delivery", + "to_ids": 1 + }, + "travel-details": { + "default_category": "Person", + "to_ids": 0 + }, + "twitter-id": { + "default_category": "Social network", + "to_ids": 0 + }, + "uri": { + "default_category": "Network activity", + "to_ids": 1 + }, + "url": { + "default_category": "Network activity", + "to_ids": 1 + }, + "user-agent": { + "default_category": "Network activity", + "to_ids": 0 + }, + "visa-number": { + "default_category": "Person", + "to_ids": 0 + }, + "vulnerability": { "default_category": "External analysis", "to_ids": 0 }, - "boolean": { - "default_category": "Other", + "weakness": { + "default_category": "External analysis", "to_ids": 0 }, - "anonymised": { - "default_category": "Other", + "whois-creation-date": { + "default_category": "Attribution", "to_ids": 0 + }, + "whois-registrant-email": { + "default_category": "Attribution", + "to_ids": 0 + }, + "whois-registrant-name": { + "default_category": "Attribution", + "to_ids": 0 + }, + "whois-registrant-org": { + "default_category": "Attribution", + "to_ids": 0 + }, + "whois-registrant-phone": { + "default_category": "Attribution", + "to_ids": 0 + }, + "whois-registrar": { + "default_category": "Attribution", + "to_ids": 0 + }, + "windows-scheduled-task": { + "default_category": "Artifacts dropped", + "to_ids": 0 + }, + "windows-service-displayname": { + "default_category": "Artifacts dropped", + "to_ids": 0 + }, + "windows-service-name": { + "default_category": "Artifacts dropped", + "to_ids": 0 + }, + "x509-fingerprint-md5": { + "default_category": "Network activity", + "to_ids": 1 + }, + "x509-fingerprint-sha1": { + "default_category": "Network activity", + "to_ids": 1 + }, + "x509-fingerprint-sha256": { + "default_category": "Network activity", + "to_ids": 1 + }, + "xmr": { + "default_category": "Financial fraud", + "to_ids": 1 + }, + "yara": { + "default_category": "Payload installation", + "to_ids": 1 + }, + "zeek": { + "default_category": "Network activity", + "to_ids": 1 } }, "types": [ - "md5", - "sha1", - "sha256", - "filename", - "pdb", - "filename|md5", - "filename|sha1", - "filename|sha256", - "ip-src", - "ip-dst", - "hostname", + "AS", + "aba-rtn", + "anonymised", + "attachment", + "authentihash", + "bank-account-nr", + "bic", + "bin", + "boolean", + "bro", + "btc", + "campaign-id", + "campaign-name", + "cc-number", + "cdhash", + "comment", + "community-id", + "cookie", + "cortex", + "counter", + "country-of-residence", + "cpe", + "date-of-birth", + "datetime", + "dns-soa-email", "domain", "domain|ip", - "email-src", - "email-dst", - "email-subject", "email-attachment", "email-body", - "float", - "url", - "http-method", - "user-agent", - "ja3-fingerprint-md5", - "hassh-md5", - "hasshserver-md5", - "regkey", - "regkey|value", - "AS", - "snort", - "bro", - "zeek", - "community-id", - "pattern-in-file", - "pattern-in-traffic", - "pattern-in-memory", - "yara", - "stix2-pattern", - "sigma", - "gene", - "mime-type", - "identity-card-number", - "cookie", - "vulnerability", - "weakness", - "attachment", - "malware-sample", - "link", - "comment", - "text", - "hex", - "other", - "named pipe", - "mutex", - "target-user", - "target-email", - "target-machine", - "target-org", - "target-location", - "target-external", - "btc", - "xmr", - "iban", - "bic", - "bank-account-nr", - "aba-rtn", - "bin", - "cc-number", - "prtn", - "phone-number", - "threat-actor", - "campaign-name", - "campaign-id", - "malware-type", - "uri", - "authentihash", - "ssdeep", - "imphash", - "pehash", - "impfuzzy", - "sha224", - "sha384", - "sha512", - "sha512/224", - "sha512/256", - "tlsh", - "cdhash", + "email-dst", + "email-dst-display-name", + "email-header", + "email-message-id", + "email-mime-boundary", + "email-reply-to", + "email-src", + "email-src-display-name", + "email-subject", + "email-thread-index", + "email-x-mailer", + "filename", "filename|authentihash", - "filename|ssdeep", - "filename|imphash", "filename|impfuzzy", + "filename|imphash", + "filename|md5", "filename|pehash", + "filename|sha1", "filename|sha224", + "filename|sha256", "filename|sha384", "filename|sha512", "filename|sha512/224", "filename|sha512/256", + "filename|ssdeep", "filename|tlsh", - "windows-scheduled-task", - "windows-service-name", - "windows-service-displayname", - "whois-registrant-email", - "whois-registrant-phone", - "whois-registrant-name", - "whois-registrant-org", - "whois-registrar", - "whois-creation-date", - "x509-fingerprint-sha1", - "x509-fingerprint-md5", - "x509-fingerprint-sha256", - "dns-soa-email", - "size-in-bytes", - "counter", - "datetime", - "cpe", - "port", - "ip-dst|port", - "ip-src|port", + "first-name", + "float", + "frequent-flyer-number", + "gender", + "gene", + "github-organisation", + "github-repository", + "github-username", + "hassh-md5", + "hasshserver-md5", + "hex", + "hostname", "hostname|port", + "http-method", + "iban", + "identity-card-number", + "impfuzzy", + "imphash", + "ip-dst", + "ip-dst|port", + "ip-src", + "ip-src|port", + "issue-date-of-the-visa", + "ja3-fingerprint-md5", + "jabber-id", + "last-name", + "link", "mac-address", "mac-eui-64", - "email-dst-display-name", - "email-src-display-name", - "email-header", - "email-reply-to", - "email-x-mailer", - "email-mime-boundary", - "email-thread-index", - "email-message-id", - "github-username", - "github-repository", - "github-organisation", - "jabber-id", - "twitter-id", - "first-name", + "malware-sample", + "malware-type", + "md5", "middle-name", - "last-name", - "date-of-birth", - "place-of-birth", - "gender", - "passport-number", + "mime-type", + "mobile-application-id", + "mutex", + "named pipe", + "nationality", + "other", + "passenger-name-record-locator-number", "passport-country", "passport-expiration", - "redress-number", - "nationality", - "visa-number", - "issue-date-of-the-visa", - "primary-residence", - "country-of-residence", - "special-service-request", - "frequent-flyer-number", - "travel-details", + "passport-number", + "pattern-in-file", + "pattern-in-memory", + "pattern-in-traffic", "payment-details", - "place-port-of-original-embarkation", + "pdb", + "pehash", + "phone-number", + "place-of-birth", "place-port-of-clearance", "place-port-of-onward-foreign-destination", - "passenger-name-record-locator-number", - "mobile-application-id", - "cortex", - "boolean", - "anonymised" - ], - "categories": [ - "Internal reference", - "Targeting data", - "Antivirus detection", - "Payload delivery", - "Artifacts dropped", - "Payload installation", - "Persistence mechanism", - "Network activity", - "Payload type", - "Attribution", - "External analysis", - "Financial fraud", - "Support Tool", - "Social network", - "Person", - "Other" - ], - "category_type_mappings": { - "Internal reference": [ - "text", - "link", - "comment", - "other", - "hex", - "anonymised" - ], - "Targeting data": [ - "target-user", - "target-email", - "target-machine", - "target-org", - "target-location", - "target-external", - "comment", - "anonymised" - ], - "Antivirus detection": [ - "link", - "comment", - "text", - "hex", - "attachment", - "other", - "anonymised" - ], - "Payload delivery": [ - "md5", - "sha1", - "sha224", - "sha256", - "sha384", - "sha512", - "sha512/224", - "sha512/256", - "ssdeep", - "imphash", - "impfuzzy", - "authentihash", - "pehash", - "tlsh", - "cdhash", - "filename", - "filename|md5", - "filename|sha1", - "filename|sha224", - "filename|sha256", - "filename|sha384", - "filename|sha512", - "filename|sha512/224", - "filename|sha512/256", - "filename|authentihash", - "filename|ssdeep", - "filename|tlsh", - "filename|imphash", - "filename|impfuzzy", - "filename|pehash", - "mac-address", - "mac-eui-64", - "ip-src", - "ip-dst", - "ip-dst|port", - "ip-src|port", - "hostname", - "domain", - "email-src", - "email-dst", - "email-subject", - "email-attachment", - "email-body", - "url", - "user-agent", - "AS", - "pattern-in-file", - "pattern-in-traffic", - "stix2-pattern", - "yara", - "sigma", - "mime-type", - "attachment", - "malware-sample", - "link", - "malware-type", - "comment", - "text", - "hex", - "vulnerability", - "weakness", - "x509-fingerprint-sha1", - "x509-fingerprint-md5", - "x509-fingerprint-sha256", - "ja3-fingerprint-md5", - "hassh-md5", - "hasshserver-md5", - "other", - "hostname|port", - "email-dst-display-name", - "email-src-display-name", - "email-header", - "email-reply-to", - "email-x-mailer", - "email-mime-boundary", - "email-thread-index", - "email-message-id", - "mobile-application-id", - "whois-registrant-email", - "anonymised" - ], - "Artifacts dropped": [ - "md5", - "sha1", - "sha224", - "sha256", - "sha384", - "sha512", - "sha512/224", - "sha512/256", - "ssdeep", - "imphash", - "impfuzzy", - "authentihash", - "cdhash", - "filename", - "filename|md5", - "filename|sha1", - "filename|sha224", - "filename|sha256", - "filename|sha384", - "filename|sha512", - "filename|sha512/224", - "filename|sha512/256", - "filename|authentihash", - "filename|ssdeep", - "filename|tlsh", - "filename|imphash", - "filename|impfuzzy", - "filename|pehash", - "regkey", - "regkey|value", - "pattern-in-file", - "pattern-in-memory", - "pdb", - "stix2-pattern", - "yara", - "sigma", - "attachment", - "malware-sample", - "named pipe", - "mutex", - "windows-scheduled-task", - "windows-service-name", - "windows-service-displayname", - "comment", - "text", - "hex", - "x509-fingerprint-sha1", - "x509-fingerprint-md5", - "x509-fingerprint-sha256", - "other", - "cookie", - "gene", - "mime-type", - "anonymised" - ], - "Payload installation": [ - "md5", - "sha1", - "sha224", - "sha256", - "sha384", - "sha512", - "sha512/224", - "sha512/256", - "ssdeep", - "imphash", - "impfuzzy", - "authentihash", - "pehash", - "tlsh", - "cdhash", - "filename", - "filename|md5", - "filename|sha1", - "filename|sha224", - "filename|sha256", - "filename|sha384", - "filename|sha512", - "filename|sha512/224", - "filename|sha512/256", - "filename|authentihash", - "filename|ssdeep", - "filename|tlsh", - "filename|imphash", - "filename|impfuzzy", - "filename|pehash", - "pattern-in-file", - "pattern-in-traffic", - "pattern-in-memory", - "stix2-pattern", - "yara", - "sigma", - "vulnerability", - "weakness", - "attachment", - "malware-sample", - "malware-type", - "comment", - "text", - "hex", - "x509-fingerprint-sha1", - "x509-fingerprint-md5", - "x509-fingerprint-sha256", - "mobile-application-id", - "other", - "mime-type", - "anonymised" - ], - "Persistence mechanism": [ - "filename", - "regkey", - "regkey|value", - "comment", - "text", - "other", - "hex", - "anonymised" - ], - "Network activity": [ - "ip-src", - "ip-dst", - "ip-dst|port", - "ip-src|port", - "port", - "hostname", - "domain", - "domain|ip", - "mac-address", - "mac-eui-64", - "email-dst", - "url", - "uri", - "user-agent", - "http-method", - "AS", - "snort", - "pattern-in-file", - "stix2-pattern", - "pattern-in-traffic", - "attachment", - "comment", - "text", - "x509-fingerprint-md5", - "x509-fingerprint-sha1", - "x509-fingerprint-sha256", - "ja3-fingerprint-md5", - "hassh-md5", - "hasshserver-md5", - "other", - "hex", - "cookie", - "hostname|port", - "bro", - "zeek", - "anonymised", - "community-id", - "email-subject" - ], - "Payload type": [ - "comment", - "text", - "other", - "anonymised" - ], - "Attribution": [ - "threat-actor", - "campaign-name", - "campaign-id", - "whois-registrant-phone", - "whois-registrant-email", - "whois-registrant-name", - "whois-registrant-org", - "whois-registrar", - "whois-creation-date", - "comment", - "text", - "x509-fingerprint-sha1", - "x509-fingerprint-md5", - "x509-fingerprint-sha256", - "other", - "dns-soa-email", - "anonymised" - ], - "External analysis": [ - "md5", - "sha1", - "sha256", - "filename", - "filename|md5", - "filename|sha1", - "filename|sha256", - "ip-src", - "ip-dst", - "ip-dst|port", - "ip-src|port", - "mac-address", - "mac-eui-64", - "hostname", - "domain", - "domain|ip", - "url", - "user-agent", - "regkey", - "regkey|value", - "AS", - "snort", - "bro", - "zeek", - "pattern-in-file", - "pattern-in-traffic", - "pattern-in-memory", - "vulnerability", - "weakness", - "attachment", - "malware-sample", - "link", - "comment", - "text", - "x509-fingerprint-sha1", - "x509-fingerprint-md5", - "x509-fingerprint-sha256", - "ja3-fingerprint-md5", - "hassh-md5", - "hasshserver-md5", - "github-repository", - "other", - "cortex", - "anonymised", - "community-id" - ], - "Financial fraud": [ - "btc", - "xmr", - "iban", - "bic", - "bank-account-nr", - "aba-rtn", - "bin", - "cc-number", - "prtn", - "phone-number", - "comment", - "text", - "other", - "hex", - "anonymised" - ], - "Support Tool": [ - "link", - "text", - "attachment", - "comment", - "other", - "hex", - "anonymised" - ], - "Social network": [ - "github-username", - "github-repository", - "github-organisation", - "jabber-id", - "twitter-id", - "email-src", - "email-dst", - "comment", - "text", - "other", - "whois-registrant-email", - "anonymised" - ], - "Person": [ - "first-name", - "middle-name", - "last-name", - "date-of-birth", - "place-of-birth", - "gender", - "passport-number", - "passport-country", - "passport-expiration", - "redress-number", - "nationality", - "visa-number", - "issue-date-of-the-visa", - "primary-residence", - "country-of-residence", - "special-service-request", - "frequent-flyer-number", - "travel-details", - "payment-details", - "place-port-of-original-embarkation", - "place-port-of-clearance", - "place-port-of-onward-foreign-destination", - "passenger-name-record-locator-number", - "comment", - "text", - "other", - "phone-number", - "identity-card-number", - "anonymised" - ], - "Other": [ - "comment", - "text", - "other", - "size-in-bytes", - "counter", - "datetime", - "cpe", - "port", - "float", - "hex", - "phone-number", - "boolean", - "anonymised" - ] - } + "place-port-of-original-embarkation", + "port", + "primary-residence", + "prtn", + "redress-number", + "regkey", + "regkey|value", + "sha1", + "sha224", + "sha256", + "sha384", + "sha512", + "sha512/224", + "sha512/256", + "sigma", + "size-in-bytes", + "snort", + "special-service-request", + "ssdeep", + "stix2-pattern", + "target-email", + "target-external", + "target-location", + "target-machine", + "target-org", + "target-user", + "text", + "threat-actor", + "tlsh", + "travel-details", + "twitter-id", + "uri", + "url", + "user-agent", + "visa-number", + "vulnerability", + "weakness", + "whois-creation-date", + "whois-registrant-email", + "whois-registrant-name", + "whois-registrant-org", + "whois-registrant-phone", + "whois-registrar", + "windows-scheduled-task", + "windows-service-displayname", + "windows-service-name", + "x509-fingerprint-md5", + "x509-fingerprint-sha1", + "x509-fingerprint-sha256", + "xmr", + "yara", + "zeek" + ] } } diff --git a/tests/testlive_comprehensive.py b/tests/testlive_comprehensive.py index 7b75a01..7ba3a5d 100644 --- a/tests/testlive_comprehensive.py +++ b/tests/testlive_comprehensive.py @@ -1535,8 +1535,18 @@ class TestComprehensive(unittest.TestCase): def test_describe_types(self): remote = self.admin_misp_connector.describe_types_remote + remote_types = remote.pop('types') + remote_categories = remote.pop('categories') + remote_category_type_mappings = remote.pop('category_type_mappings') local = self.admin_misp_connector.describe_types_local + local_types = local.pop('types') + local_categories = local.pop('categories') + local_category_type_mappings = local.pop('category_type_mappings') self.assertDictEqual(remote, local) + self.assertEqual(sorted(remote_types), sorted(local_types)) + self.assertEqual(sorted(remote_categories), sorted(local_categories)) + for category, mapping in remote_category_type_mappings.items(): + self.assertEqual(sorted(local_category_type_mappings[category]), sorted(mapping)) def test_versions(self): self.assertEqual(self.user_misp_connector.version, self.user_misp_connector.pymisp_version_master) diff --git a/tests/testlive_sync.py b/tests/testlive_sync.py index f546808..edbad9f 100644 --- a/tests/testlive_sync.py +++ b/tests/testlive_sync.py @@ -123,6 +123,8 @@ class MISPInstance(): self.site_admin_connector.set_server_setting('MISP.external_baseurl', params['external_baseurl'], force=True) # Setup baseurl self.site_admin_connector.set_server_setting('MISP.baseurl', params['url'], force=True) + # Setup host org + self.site_admin_connector.set_server_setting('MISP.host_org_id', self.test_org.id) self.external_base_url = params['external_baseurl'] self.sync = [] @@ -169,6 +171,24 @@ class MISPInstance(): # Delete org self.initial_user_connector.delete_organisation(self.test_org.id) + # Make sure the instance is back to a clean state + if self.initial_user_connector.events(): + raise Exception(f'Events still on the instance {self.external_base_url}') + if self.initial_user_connector.attributes(): + raise Exception(f'Attributes still on the instance {self.external_base_url}') + if self.initial_user_connector.attribute_proposals(): + raise Exception(f'AttributeProposals still on the instance {self.external_base_url}') + if self.initial_user_connector.sightings(): + raise Exception(f'Sightings still on the instance {self.external_base_url}') + if self.initial_user_connector.servers(): + raise Exception(f'Servers still on the instance {self.external_base_url}') + if self.initial_user_connector.sharing_groups(): + raise Exception(f'SharingGroups still on the instance {self.external_base_url}') + if len(self.initial_user_connector.organisations()) > 1: + raise Exception(f'Organisations still on the instance {self.external_base_url}') + if len(self.initial_user_connector.users()) > 1: + raise Exception(f'Users still on the instance {self.external_base_url}') + class TestSync(unittest.TestCase): @@ -231,7 +251,7 @@ class TestSync(unittest.TestCase): def test_simple_sync(self): '''Test simple event, push to one server''' event = MISPEvent() - event.info = 'Event created on first instance' + event.info = 'Event created on first instance - test_simple_sync' event.distribution = Distribution.all_communities event.add_attribute('ip-src', '1.1.1.1') try: @@ -251,7 +271,7 @@ class TestSync(unittest.TestCase): def test_sync_community(self): '''Simple event, this community only, pull from member of the community''' event = MISPEvent() - event.info = 'Event created on first instance' + event.info = 'Event created on first instance - test_sync_community' event.distribution = Distribution.this_community_only event.add_attribute('ip-src', '1.1.1.1') try: @@ -270,7 +290,7 @@ class TestSync(unittest.TestCase): def test_sync_all_communities(self): '''Simple event, all communities, enable automatic push on two sub-instances''' event = MISPEvent() - event.info = 'Event created on first instance' + event.info = 'Event created on first instance - test_sync_all_communities' event.distribution = Distribution.all_communities event.add_attribute('ip-src', '1.1.1.1') try: @@ -292,6 +312,8 @@ class TestSync(unittest.TestCase): source.org_admin_connector.delete_event(event) middle.site_admin_connector.delete_event(middle_event) last.site_admin_connector.delete_event(last_event) + source.site_admin_connector.update_server({'push': False}, source.sync_servers[0].id) + middle.site_admin_connector.update_server({'push': False}, middle.sync_servers[1].id) def create_complex_event(self): event = MISPEvent() @@ -367,6 +389,8 @@ class TestSync(unittest.TestCase): source.org_admin_connector.delete_event(event) middle.site_admin_connector.delete_event(event_middle) last.site_admin_connector.delete_event(event_last) + source.site_admin_connector.update_server({'push': False}, source.sync_servers[0].id) + middle.site_admin_connector.update_server({'push': False}, middle.sync_servers[1].id) def test_complex_event_pull(self): '''Test pull''' @@ -419,7 +443,7 @@ class TestSync(unittest.TestCase): event = source.org_admin_connector.add_event(event) source.org_admin_connector.publish(event) - time.sleep(60) + time.sleep(15) event_middle = middle.user_connector.get_event(event.uuid) event_last = last.user_connector.get_event(event.uuid) @@ -429,9 +453,17 @@ class TestSync(unittest.TestCase): event_middle_as_site_admin = middle.site_admin_connector.get_event(event.uuid) self.assertEqual(len(event_middle_as_site_admin.attributes), 3) event_last_as_site_admin = last.site_admin_connector.get_event(event.uuid) - self.assertEqual(len(event_last_as_site_admin.attributes), 2) # FIXME: should be 1, I think. + self.assertEqual(len(event_last_as_site_admin.attributes), 1) + # Get sharing group from middle instance + sgs = middle.site_admin_connector.sharing_groups() + self.assertEqual(len(sgs), 1) + self.assertEqual(sgs[0].name, 'Testcases SG') + middle.site_admin_connector.delete_sharing_group(sgs[0]) finally: source.org_admin_connector.delete_event(event) middle.site_admin_connector.delete_event(event_middle) last.site_admin_connector.delete_event(event_last) source.site_admin_connector.delete_sharing_group(sharing_group.id) + middle.site_admin_connector.delete_sharing_group(sharing_group.id) + source.site_admin_connector.update_server({'push': False}, source.sync_servers[0].id) + middle.site_admin_connector.update_server({'push': False}, middle.sync_servers[1].id)