mozilla
/
MozDef
зеркало из https://github.com/mozilla/MozDef.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 652 коммитов 4 Ветки 53 Теги 68 MiB
Граф коммитов

48 Коммитов

Автор SHA1 Сообщение Дата
Brandon Myers a9dbb4594c
Reassign lastaction to utctimestamp for locality geomodel 2019-10-02 14:32:35 -05:00
Emma Rose 07cfd7f750
Parse lastaction from receivedtimestamp in from_events because we expect it to be more accurate 2019-10-01 17:48:52 -04:00
Emma Rose 5692d01793
Appease the Linter gods 2019-09-26 15:04:33 -04:00
Emma Rose c79ef44685
Fixed a typo 2019-09-25 20:01:55 -04:00
Emma Rose a0e82339e4
Adjust test for moved NamedTuple field 2019-09-25 19:40:05 -04:00
Emma Rose c4f37522ad
Updating tests in preparation for replacement with Alert origin with hops 2019-09-25 19:22:59 -04:00
Emma Rose 2dd28518bb
Removed test that is no longer relevant 2019-09-24 11:45:43 -04:00
Emma Rose eb624f48a2
Update alert() fn tests according to new signature 2019-09-20 18:39:07 -04:00
Brandon Myers 5236879f91
Remove whitelist check from geomodel alert class 2019-09-19 16:05:34 -05:00
Brandon Myers bb71ce75eb
Update locality tests to add details to events 2019-09-06 18:05:34 -05:00
Emma Rose 980fe262dc
Clean up for the linter etc 2019-08-27 16:17:07 -04:00
Emma Rose 909a9e6dc2
Use toUTC everywhere we deal with time 2019-08-27 15:59:02 -04:00
Emma Rose dc3fbba0a7
Don't need to inherit from unittest class 2019-08-27 15:06:26 -04:00
Emma Rose a736d37749
Make all test dates timezone aware 2019-08-20 12:43:45 -04:00
Emma Rose 83892b7044
get tests running 2019-08-16 17:14:41 -04:00
Emma Rose 2fe0118f07
Clean up with feedback from lint 2019-08-15 19:10:11 -04:00
Emma Rose ee77c4b938
Test update function rather than deleted merge function 2019-08-14 18:43:26 -04:00
Emma Rose 987c2967c4
First stab at cleaning things up taking advantage of the fact that we only need to handle one user at a time 2019-08-13 20:40:49 -04:00
Emma Rose 0aa93ebeab
Fleshing out the actual AlertTask implementation 2019-08-13 20:18:49 -04:00
Emma Rose fa6b8da8a3
Adapt QueryInterface specifically for localities since it isn't used for events anymore 2019-08-13 19:12:24 -04:00
Emma Rose efcc19de8e
Removing the event module 2019-08-13 18:12:46 -04:00
Emma Rose 436c15ac0c
Events are going to come from the event interface, so we will move fns pertaining to localities into locality.py 2019-08-13 18:08:37 -04:00
Emma Rose a370bcf74c
Modify tests to conform to new configuration format 2019-08-13 17:17:56 -04:00
Emma Rose 59e12347a9
Implemented a flat_map function on the Update type to be able to more easily chain State operations 2019-08-12 19:05:54 -04:00
Emma Rose 8b74e45893
remove_outdated should have a similar signature to merge 2019-08-12 15:51:37 -04:00
Emma Rose 1a9a2d1f6e
Get test to work by refreshing the ES index we save to 2019-08-09 15:13:15 -04:00
Emma Rose 74ce4e540f
Adding a test to ensure that journaling (saving locality state) works 2019-08-09 15:08:18 -04:00
Emma Rose 851ac6285b
Fix up new tests enough that they run 2019-08-08 16:25:35 -04:00
Emma Rose 08bb3e061a
Removing superfluous spacing 2019-08-08 16:06:24 -04:00
Emma Rose 3d3bf06d09
Writing unit tests for an alert function that optionally produces an alert 2019-08-08 16:05:58 -04:00
Emma Rose e471a9528e
Huge overhaul to handle the _source and _id fields of documents so that JournalInterface can work properly 2019-08-08 15:06:56 -04:00
Emma Rose fd021723fa
Wrote a big fancy integration test to make sure we can extract and merge localities 2019-08-06 19:42:09 -04:00
Emma Rose 5d808155e9
Apparently variables have to exist to use them 2019-08-02 18:30:14 -04:00
Emma Rose 986d8b20ad
Wrote a test for the remove_outdated function 2019-08-02 18:24:22 -04:00
Emma Rose fe08af0ac6
Why are time comparisons so confusing? 2019-08-02 18:02:12 -04:00
Emma Rose 4c17ea7e2a
Fix tests up; make sure the Update.did_update field is handled correctly 2019-08-02 17:03:11 -04:00
Emma Rose 172bc34801
Modify merge tests to reference a new Update type 2019-08-02 16:59:20 -04:00
Emma Rose 1700c6089d
Wrote some tests for the merge function 2019-08-02 16:22:10 -04:00
Emma Rose a95c9b56ce
Conform to spec and replace sourceipv4address with sourceipaddress 2019-07-31 15:24:33 -04:00
Emma Rose 2a43e7775b
Replace extract_sourceip with extract_locality, taking advantage of the fact that Mozdef will lookup geo data for us 2019-07-31 15:17:37 -04:00
Emma Rose 8a2bc4c300
Implemented extract_sourceip to find sourceipaddress in an event 2019-07-30 19:11:30 -04:00
Emma Rose d83120817e
Wrote tests to interface with elasticsearch 2019-07-30 17:39:49 -04:00
Emma Rose bdda134a1b
Working on testing event.find_all against ElasticSearch proper 2019-07-26 18:22:08 -04:00
Emma Rose f4eae35df3
wrote some unit tests for locality.find_all 2019-07-25 19:52:23 -04:00
Emma Rose 7f320988af
move the query_interface mock generator to util.py for use across modules 2019-07-25 18:58:31 -04:00
Emma Rose 1571aa529b
__init__.py required to make tests run 2019-07-25 18:37:21 -04:00
Emma Rose e808c83263
Syntax fixups 2019-07-25 18:05:00 -04:00
Emma Rose 0acb6c2ad5
finished moving files around 2019-07-25 17:42:07 -04:00