41 lines
1.5 KiB
Python
41 lines
1.5 KiB
Python
from datetime import timedelta
|
|
|
|
import pytest
|
|
|
|
from correlation.models import Rule
|
|
from correlation.serializers import RuleExportSerializer
|
|
from incident.models import IncidentCategory
|
|
|
|
|
|
@pytest.mark.unit
|
|
def test_rule_export_serializer(add_user_with_permissions):
|
|
user = add_user_with_permissions(username='testuser1', password='pwdqwe1')
|
|
category = IncidentCategory.objects.create(name='test name 123', description='test description 123')
|
|
assigned_to = [{'id': user.id, 'username': user.username, 'first_name': user.first_name,
|
|
'is_active': user.is_active,'email':user.email}]
|
|
category_json = [{'id': category.id, 'name': category.name, 'description': category.description}]
|
|
|
|
rule = Rule.objects.create(
|
|
name='Test event',
|
|
type=1,
|
|
status=True,
|
|
sid=3,
|
|
depth=timedelta(seconds=80037),
|
|
rule_json={
|
|
"type": "query_string",
|
|
"field": "",
|
|
"operands": "event_severity:>=6",
|
|
},
|
|
actions_json=[{
|
|
"type": "incident",
|
|
"title": "{{.SignName}}",
|
|
"comment": "",
|
|
"category": category.id,
|
|
"importance": "50",
|
|
"assigned_to": user.id,
|
|
"description": "{{.EventSrcMsg}}"
|
|
}]
|
|
)
|
|
result_data = RuleExportSerializer(rule).data
|
|
assert result_data['actions_json'][0]['assigned_to'] == '' # now we remove user in field
|
|
assert result_data['actions_json'][0]['category'] == category_json
|