Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated changes for the issue #1270 #1272

Merged
merged 2 commits into from
Jan 10, 2023
Merged

Updated changes for the issue #1270 #1272

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d47804
Updated changes for the issue #1270
thangaraj-ramesh Jan 6, 2023
da5157f
Merge branch 'develop' into paloalto_issue_1270
delliott90 Jan 10, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions stix_shifter_modules/paloalto/tests/stix_translation/test_paloalto_json_to_stix.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,10 @@ def test_file_json_to_stix(self):

def test_process_json_to_stix(self):
""" to test process stix object properties """
data = {'xdr_data': {'action_process_image_command_line': 'C:\Windows\system32\lsass.exe',
'actor_process_command_line': 'C:\Windows\system32\lsass.exe',
'causality_actor_process_command_line': 'C:\Windows\system32\lsass.exe',
'os_actor_process_command_line': 'C:\Windows\system32\lsass.exe',
data = {'xdr_data': {'action_process_image_command_line': 'C:\\Windows\\system32\\lsass.exe',
'actor_process_command_line': 'C:\\Windows\\system32\\lsass.exe',
'causality_actor_process_command_line': 'C:\\Windows\\system32\\lsass.exe',
'os_actor_process_command_line': 'C:\\Windows\\system32\\lsass.exe',
'actor_process_file_create_time': '1631299512000',
'causality_actor_process_file_create_time': '1536995564723',
'os_actor_process_file_create_time': '1637334466002',
Expand Down Expand Up @@ -117,7 +117,7 @@ def test_process_json_to_stix(self):
assert process_obj['type'] == 'process'
assert process_obj['name'] == 'wevtutil.exe'
assert process_obj['pid'] == 6228
assert process_obj['command_line'] == 'C:\Windows\system32\lsass.exe'
assert process_obj['command_line'] == 'C:\\Windows\\system32\\lsass.exe'

def test_network_traffic_json_to_stix(self):
"""to test network-traffic stix object properties"""
Expand Down Expand Up @@ -228,7 +228,7 @@ def test_domain_name_json_to_stix(self):
assert domain_obj['value'] == 'dl.delivery.mp.microsoft.com'

def test_windows_registry_key_json_to_stix(self):
"""to test windows registry stix object properties"""
"""to test Windows registry stix object properties"""

data = {'xdr_data': {'action_registry_key_name': 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\terminpt'
'\\Enum',
Expand All @@ -251,7 +251,7 @@ def test_windows_registry_key_json_to_stix(self):
assert windows_obj is not None
assert windows_obj['type'] == 'windows-registry-key'
assert windows_obj['key'] == 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\terminpt\\Enum'
assert windows_obj['values'] == [{'name':'Start'}]
assert windows_obj['values'] == [{'name': 'Start'}]

def test_url_json_to_stix(self):
"""to test url stix object properties"""
Expand Down Expand Up @@ -330,7 +330,7 @@ def test_custom_process_json_to_stix(self):
assert custom_process_obj['extensions']['x-paloalto-process']['signature_vendor'] == "Microsoft Corporation"
assert custom_process_obj['extensions']['x-paloalto-process']['signature_status'] == "SIGNED"
assert custom_process_obj['extensions']['x-paloalto-process']['execution_time'] == "2022-01-04T07:10:55.000Z"
assert custom_process_obj['extensions']['x-paloalto-process']['is_native'] == False
assert custom_process_obj['extensions']['x-paloalto-process']['is_native'] is False

def test_asset_json_to_stix(self):
"""to test custom oca-asset stix object properties"""
Expand Down Expand Up @@ -360,7 +360,7 @@ def test_asset_json_to_stix(self):
assert asset_obj['extensions']['x-paloalto-agent']['content_version'] == "350-80787"
assert asset_obj['extensions']['x-paloalto-agent']['start_time'] == "2022-01-20T07:04:01.933Z"
assert asset_obj['extensions']['x-paloalto-agent']['os_sub_type'] == "Windows Server 2016"
assert asset_obj['extensions']['x-paloalto-agent']['is_vdi'] == False
assert asset_obj['extensions']['x-paloalto-agent']['is_vdi'] is False

def test_evtlog_json_to_stix(self):
"""to test custom evtlog stix object properties"""
Expand Down Expand Up @@ -439,5 +439,5 @@ def test_custom_network_json_to_stix(self):
assert network_obj is not None
assert network_obj['extensions']['x-paloalto-network']['creation_time'] == '1975-03-21T11:12:13.729Z'
assert network_obj['extensions']['x-paloalto-network']['connection_id'] == "AdgAsdUgVlUAAAbYAAAAAA=="
assert network_obj['extensions']['x-paloalto-network']['is_proxy'] == False
assert network_obj['extensions']['x-paloalto-network']['is_proxy'] is False
assert network_obj['extensions']['x-paloalto-network']['external_hostname'] == 'Windows 8'