Skip to content

Commit

Permalink
[docs|tests] Update method description and format test event.
Browse files Browse the repository at this point in the history
  • Loading branch information
Chunyong Lin committed Sep 7, 2017
1 parent f97a6a7 commit e6add10
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 36 deletions.
8 changes: 7 additions & 1 deletion stream_alert/rule_processor/rules_engine.py
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ def match_types_helper(cls, record, normalized_types, datatypes):
Args:
record (dict): Parsed data
normalized_types (dict): Normalized types
datatypes (list): normalized types users interested in.
datatypes (list): Normalized types users interested in
Returns:
(dict): A dict of normalized_types with original key names
Expand All @@ -219,6 +219,12 @@ def update(cls, results, parent_key, nested_results):
"""Update nested_results by inserting parent key to beginning of list.
Also combine results and nested_results into one dictionary
Args:
results (dict): A dict of normalized_types with original key names
parent_key (str): Parent key of values in nested_results. The values
in nested_results are original keys of normalized types.
nested_results (dict): A dict of normalized_types from nested record
Example 1:
results = {
'ipv4': [['key1']]
Expand Down
70 changes: 35 additions & 35 deletions tests/unit/stream_alert_rule_processor/test_rule_helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,49 +77,49 @@ def test_in_network():
def test_fetch_values_by_datatype():
"""Helpers - Fetch values from a record by normalized type"""
rec = {
u'account': 12345,
u'region': '123456123456',
u'detail': {
u'eventVersion': u'...',
u'eventID': u'...',
u'eventTime': u'...',
u'additionalEventData': {
u'MFAUsed': u'Yes',
u'LoginTo': u'...',
u'MobileVersion': u'No'
'account': 12345,
'region': '123456123456',
'detail': {
'eventVersion': '...',
'eventID': '...',
'eventTime': '...',
'additionalEventData': {
'MFAUsed': 'Yes',
'LoginTo': '...',
'MobileVersion': 'No'
},
u'requestParameters': None,
u'eventType': u'AwsConsoleSignIn',
u'responseElements': {
u'ConsoleLogin': u'...'
'requestParameters': None,
'eventType': 'AwsConsoleSignIn',
'responseElements': {
'ConsoleLogin': '...'
},
u'awsRegion': u'...',
u'eventName': u'ConsoleLogin',
u'userIdentity': {
u'userName': u'alice',
u'type': u'Root',
u'principalId': u'12345',
u'arn': u'arn:aws:iam::12345:root',
u'accountId': u'12345'
'awsRegion': '...',
'eventName': 'ConsoleLogin',
'userIdentity': {
'userName': 'alice',
'type': 'Root',
'principalId': '12345',
'arn': 'arn:aws:iam::12345:root',
'accountId': '12345'
},
u'eventSource': u'...',
u'userAgent': u'...',
u'sourceIPAddress': u'1.1.1.2',
u'recipientAccountId': u'12345'
'eventSource': '...',
'userAgent': '...',
'sourceIPAddress': '1.1.1.2',
'recipientAccountId': '12345'
},
u'detail-type': '...',
u'source': '1.1.1.2',
u'version': '1.05',
'detail-type': '...',
'source': '1.1.1.2',
'version': '1.05',
'normalized_types': {
'ipv4': [[u'detail', u'sourceIPAddress'], [u'source']],
'ipv4': [['detail', 'sourceIPAddress'], ['source']],
'username': [['detail', 'userIdentity', 'userName']]
},
u'time': '...',
u'id': '12345',
u'resources': {
u'test': u'...'
'time': '...',
'id': '12345',
'resources': {
'test': '...'
}
}
assert_equal(len(base.fetch_values_by_datatype(rec, 'ipv4')), 2)
assert_equal(len(base.fetch_values_by_datatype(rec, 'cmd')), 0)
assert_equal(base.fetch_values_by_datatype(rec, 'username'), [u'alice'])
assert_equal(base.fetch_values_by_datatype(rec, 'username'), ['alice'])

0 comments on commit e6add10

Please sign in to comment.