diff --git a/main.py b/main.py index c13a0324d..063013309 100644 --- a/main.py +++ b/main.py @@ -159,8 +159,9 @@ def __main__(): time.sleep(1) status = transmission.status(search_id) while status['progress'] < 100: - print( status['progress'] ) - + print(status) + status = transmission.status(search_id) + print(status) result = transmission.results(search_id, 0, 9) if result["success"]: print("Search {} results is:\n{}".format(search_id,result["data"])) diff --git a/stix_shifter/stix_transmission/src/modules/splunk/splunk_status_connector.py b/stix_shifter/stix_transmission/src/modules/splunk/splunk_status_connector.py index 404fa1abb..4fca0a4bc 100644 --- a/stix_shifter/stix_transmission/src/modules/splunk/splunk_status_connector.py +++ b/stix_shifter/stix_transmission/src/modules/splunk/splunk_status_connector.py @@ -2,8 +2,13 @@ from .spl_api_client import APIClient import json import math +from enum import Enum from .....utils.error_response import ErrorResponder +class StatusSplunk(Enum): + COMPLETED = 'DONE' + ERROR = 'FAILED' + RUNNING = 'RUNNING' class SplunkStatusConnector(BaseStatusConnector): def __init__(self, api_client): @@ -20,18 +25,17 @@ def create_status_connection(self, search_id): if 'entry' in response_dict and isinstance(response_dict['entry'], list): content = response_dict['entry'][0]['content'] progress = math.ceil(content['doneProgress'] * 100) # convert 0-1.0 scale to 0-100 + status = content['dispatchState'] - if content['isDone'] is True: + if status == StatusSplunk.COMPLETED.value: status = Status.COMPLETED.value - elif content['isFailed'] is True: + elif status == StatusSplunk.ERROR.value: status = Status.ERROR.value elif content['isFinalized'] is True: status = Status.CANCELED.value - elif progress < 100: - status = Status.RUNNING.value else: - status = 'NA' - + status = Status.RUNNING.value + # Construct a response object return_obj = dict() if response_code == 200: diff --git a/tests/stix_transmission/splunk/api_response/status_by_sid_failed.json b/tests/stix_transmission/splunk/api_response/status_by_sid_failed.json new file mode 100644 index 000000000..2ded25b73 --- /dev/null +++ b/tests/stix_transmission/splunk/api_response/status_by_sid_failed.json @@ -0,0 +1,270 @@ +{ + "links": {}, + "origin": "https://9.99.999.99:0123/services/search/jobs", + "updated": "2018-09-13T09:49:40+00:00", + "generator": { + "build": "2b5b15c4ee89", + "version": "7.0.1" + }, + "entry": [ + { + "name": "search eventtype=network_traffic | fields tag| spath", + "id": "https://9.99.999.99:0123/services/search/jobs/1536832140.4293", + "updated": "2018-09-13T09:49:40.645+00:00", + "links": { + "alternate": "/services/search/jobs/1536832140.4293", + "search.log": "/services/search/jobs/1536832140.4293/search.log", + "events": "/services/search/jobs/1536832140.4293/events", + "results": "/services/search/jobs/1536832140.4293/results", + "results_preview": "/services/search/jobs/1536832140.4293/results_preview", + "timeline": "/services/search/jobs/1536832140.4293/timeline", + "summary": "/services/search/jobs/1536832140.4293/summary", + "control": "/services/search/jobs/1536832140.4293/control" + }, + "published": "2018-09-13T09:49:00.000+00:00", + "author": "bhavesh", + "content": { + "canSummarize": false, + "cursorTime": "1970-01-01T00:00:00.000+00:00", + "defaultSaveTTL": "604800", + "defaultTTL": "600", + "delegate": "", + "diskUsage": 73728, + "dispatchState": "FAILED", + "doneProgress": 1, + "dropCount": 0, + "earliestTime": "2018-04-20T12:36:17.000+00:00", + "eventAvailableCount": 1, + "eventCount": 1, + "eventFieldCount": 10, + "eventIsStreaming": true, + "eventIsTruncated": false, + "eventSearch": "search eventtype=network_traffic | fields tag | spath ", + "eventSorting": "desc", + "indexEarliestTime": 1535991010, + "indexLatestTime": 1535991010, + "isBatchModeSearch": false, + "isDone": true, + "isEventsPreviewEnabled": false, + "isFailed": false, + "isFinalized": false, + "isPaused": false, + "isPreviewEnabled": false, + "isRealTimeSearch": false, + "isRemoteTimeline": false, + "isSaved": false, + "isSavedSearch": false, + "isTimeCursored": true, + "isZombie": false, + "keywords": "eventtype::network_traffic", + "label": "", + "normalizedSearch": "litsearch (index=shifter log_type=\"network\") | fields tag | spath | fields keepcolorder=t \"_bkt\" \"_cd\" \"_si\" \"host\" \"index\" \"linecount\" \"source\" \"sourcetype\" \"splunk_server\"", + "numPreviews": 0, + "optimizedSearch": "| search eventtype=network_traffic | fields tag | spath", + "pid": "9663", + "priority": 5, + "provenance": "", + "remoteSearch": "litsearch (index=shifter log_type=\"network\") | fields tag | spath | fields keepcolorder=t \"_bkt\" \"_cd\" \"_si\" \"host\" \"index\" \"linecount\" \"source\" \"sourcetype\" \"splunk_server\"", + "reportSearch": "", + "resultCount": 1, + "resultIsStreaming": true, + "resultPreviewCount": 1, + "runDuration": 0.242112944, + "sampleRatio": "1", + "sampleSeed": "0", + "scanCount": 2, + "searchCanBeEventType": false, + "searchTotalBucketsCount": 4, + "searchTotalEliminatedBucketsCount": 2, + "sid": "1536832140.4293", + "statusBuckets": 0, + "ttl": 600, + "performance": { + "command.fields": { + "duration_secs": 0.001, + "invocations": 2, + "input_count": 2, + "output_count": 2 + }, + "command.search": { + "duration_secs": 0.004, + "invocations": 1, + "input_count": 0, + "output_count": 1 + }, + "command.search.calcfields": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.expand_search": { + "duration_secs": 0.026, + "invocations": 1 + }, + "command.search.fieldalias": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.filter": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.index": { + "duration_secs": 0.002, + "invocations": 2 + }, + "command.search.index.usec_1_8": { + "invocations": 85 + }, + "command.search.kv": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.lookups": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.parse_directives": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.rawdata": { + "duration_secs": 0.002, + "invocations": 1 + }, + "command.search.summary": { + "invocations": 1 + }, + "command.search.tags": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "command.search.typer": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "command.spath": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "dispatch.check_disk_usage": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.createdSearchResultInfrastructure": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispa100 5684 100 5668 100 16 10361 29 --:--:-- --:--:-- --:--:-- 10704patch.evaluate.fields": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.evaluate.noop": { + "invocations": 1 + }, + "dispatch.evaluate.search": { + "duration_secs": 0.04, + "invocations": 1 + }, + "dispatch.evaluate.spath": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.fetch": { + "duration_secs": 0.052, + "invocations": 2 + }, + "dispatch.localSearch": { + "duration_secs": 0.004, + "invocations": 1 + }, + "dispatch.optimize.FinalEval": { + "duration_secs": 0.041, + "invocations": 1 + }, + "dispatch.optimize.matchReportAcceleration": { + "duration_secs": 0.142, + "invocations": 1 + }, + "dispatch.optimize.optimization": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.reparse": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.toJson": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.toSpl": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.readEventsInResults": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.stream.local": { + "duration_secs": 0.004, + "invocations": 1 + }, + "dispatch.timeline": { + "duration_secs": 0.002, + "invocations": 2 + }, + "dispatch.writeStatus": { + "duration_secs": 0.007, + "invocations": 7 + }, + "startup.configuration": { + "duration_secs": 0.015, + "invocations": 1 + }, + "startup.handoff": { + "duration_secs": 0.055, + "invocations": 1 + } + }, + "messages": [], + "request": { + "search": "search eventtype=network_traffic | fields tag| spath" + }, + "runtime": { + "auto_cancel": "0", + "auto_pause": "0" + }, + "searchProviders": ["splunk3-01.internal.resilientsystems.com"] + }, + "acl": { + "perms": { + "read": ["bhavesh"], + "write": ["bhavesh"] + }, + "owner": "bhavesh", + "modifiable": true, + "sharing": "global", + "app": "search", + "can_write": true, + "ttl": "600" + } + } + ], + "paging": { + "total": 1, + "perPage": 0, + "offset": 0 + } +} diff --git a/tests/stix_transmission/splunk/api_response/status_by_sid_running.json b/tests/stix_transmission/splunk/api_response/status_by_sid_running.json new file mode 100644 index 000000000..57316fd66 --- /dev/null +++ b/tests/stix_transmission/splunk/api_response/status_by_sid_running.json @@ -0,0 +1,270 @@ +{ + "links": {}, + "origin": "https://9.99.999.99:0123/services/search/jobs", + "updated": "2018-09-13T09:49:40+00:00", + "generator": { + "build": "2b5b15c4ee89", + "version": "7.0.1" + }, + "entry": [ + { + "name": "search eventtype=network_traffic | fields tag| spath", + "id": "https://9.99.999.99:0123/services/search/jobs/1536832140.4293", + "updated": "2018-09-13T09:49:40.645+00:00", + "links": { + "alternate": "/services/search/jobs/1536832140.4293", + "search.log": "/services/search/jobs/1536832140.4293/search.log", + "events": "/services/search/jobs/1536832140.4293/events", + "results": "/services/search/jobs/1536832140.4293/results", + "results_preview": "/services/search/jobs/1536832140.4293/results_preview", + "timeline": "/services/search/jobs/1536832140.4293/timeline", + "summary": "/services/search/jobs/1536832140.4293/summary", + "control": "/services/search/jobs/1536832140.4293/control" + }, + "published": "2018-09-13T09:49:00.000+00:00", + "author": "bhavesh", + "content": { + "canSummarize": false, + "cursorTime": "1970-01-01T00:00:00.000+00:00", + "defaultSaveTTL": "604800", + "defaultTTL": "600", + "delegate": "", + "diskUsage": 73728, + "dispatchState": "RUNNING", + "doneProgress": 1, + "dropCount": 0, + "earliestTime": "2018-04-20T12:36:17.000+00:00", + "eventAvailableCount": 1, + "eventCount": 1, + "eventFieldCount": 10, + "eventIsStreaming": true, + "eventIsTruncated": false, + "eventSearch": "search eventtype=network_traffic | fields tag | spath ", + "eventSorting": "desc", + "indexEarliestTime": 1535991010, + "indexLatestTime": 1535991010, + "isBatchModeSearch": false, + "isDone": true, + "isEventsPreviewEnabled": false, + "isFailed": false, + "isFinalized": false, + "isPaused": false, + "isPreviewEnabled": false, + "isRealTimeSearch": false, + "isRemoteTimeline": false, + "isSaved": false, + "isSavedSearch": false, + "isTimeCursored": true, + "isZombie": false, + "keywords": "eventtype::network_traffic", + "label": "", + "normalizedSearch": "litsearch (index=shifter log_type=\"network\") | fields tag | spath | fields keepcolorder=t \"_bkt\" \"_cd\" \"_si\" \"host\" \"index\" \"linecount\" \"source\" \"sourcetype\" \"splunk_server\"", + "numPreviews": 0, + "optimizedSearch": "| search eventtype=network_traffic | fields tag | spath", + "pid": "9663", + "priority": 5, + "provenance": "", + "remoteSearch": "litsearch (index=shifter log_type=\"network\") | fields tag | spath | fields keepcolorder=t \"_bkt\" \"_cd\" \"_si\" \"host\" \"index\" \"linecount\" \"source\" \"sourcetype\" \"splunk_server\"", + "reportSearch": "", + "resultCount": 1, + "resultIsStreaming": true, + "resultPreviewCount": 1, + "runDuration": 0.242112944, + "sampleRatio": "1", + "sampleSeed": "0", + "scanCount": 2, + "searchCanBeEventType": false, + "searchTotalBucketsCount": 4, + "searchTotalEliminatedBucketsCount": 2, + "sid": "1536832140.4293", + "statusBuckets": 0, + "ttl": 600, + "performance": { + "command.fields": { + "duration_secs": 0.001, + "invocations": 2, + "input_count": 2, + "output_count": 2 + }, + "command.search": { + "duration_secs": 0.004, + "invocations": 1, + "input_count": 0, + "output_count": 1 + }, + "command.search.calcfields": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.expand_search": { + "duration_secs": 0.026, + "invocations": 1 + }, + "command.search.fieldalias": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.filter": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.index": { + "duration_secs": 0.002, + "invocations": 2 + }, + "command.search.index.usec_1_8": { + "invocations": 85 + }, + "command.search.kv": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.lookups": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.parse_directives": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.rawdata": { + "duration_secs": 0.002, + "invocations": 1 + }, + "command.search.summary": { + "invocations": 1 + }, + "command.search.tags": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "command.search.typer": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "command.spath": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "dispatch.check_disk_usage": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.createdSearchResultInfrastructure": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispa100 5684 100 5668 100 16 10361 29 --:--:-- --:--:-- --:--:-- 10704patch.evaluate.fields": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.evaluate.noop": { + "invocations": 1 + }, + "dispatch.evaluate.search": { + "duration_secs": 0.04, + "invocations": 1 + }, + "dispatch.evaluate.spath": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.fetch": { + "duration_secs": 0.052, + "invocations": 2 + }, + "dispatch.localSearch": { + "duration_secs": 0.004, + "invocations": 1 + }, + "dispatch.optimize.FinalEval": { + "duration_secs": 0.041, + "invocations": 1 + }, + "dispatch.optimize.matchReportAcceleration": { + "duration_secs": 0.142, + "invocations": 1 + }, + "dispatch.optimize.optimization": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.reparse": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.toJson": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.toSpl": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.readEventsInResults": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.stream.local": { + "duration_secs": 0.004, + "invocations": 1 + }, + "dispatch.timeline": { + "duration_secs": 0.002, + "invocations": 2 + }, + "dispatch.writeStatus": { + "duration_secs": 0.007, + "invocations": 7 + }, + "startup.configuration": { + "duration_secs": 0.015, + "invocations": 1 + }, + "startup.handoff": { + "duration_secs": 0.055, + "invocations": 1 + } + }, + "messages": [], + "request": { + "search": "search eventtype=network_traffic | fields tag| spath" + }, + "runtime": { + "auto_cancel": "0", + "auto_pause": "0" + }, + "searchProviders": ["splunk3-01.internal.resilientsystems.com"] + }, + "acl": { + "perms": { + "read": ["bhavesh"], + "write": ["bhavesh"] + }, + "owner": "bhavesh", + "modifiable": true, + "sharing": "global", + "app": "search", + "can_write": true, + "ttl": "600" + } + } + ], + "paging": { + "total": 1, + "perPage": 0, + "offset": 0 + } +} diff --git a/tests/stix_transmission/splunk/api_response/status_by_sid_running_cancel.json b/tests/stix_transmission/splunk/api_response/status_by_sid_running_cancel.json new file mode 100644 index 000000000..45b65a322 --- /dev/null +++ b/tests/stix_transmission/splunk/api_response/status_by_sid_running_cancel.json @@ -0,0 +1,270 @@ +{ + "links": {}, + "origin": "https://9.99.999.99:0123/services/search/jobs", + "updated": "2018-09-13T09:49:40+00:00", + "generator": { + "build": "2b5b15c4ee89", + "version": "7.0.1" + }, + "entry": [ + { + "name": "search eventtype=network_traffic | fields tag| spath", + "id": "https://9.99.999.99:0123/services/search/jobs/1536832140.4293", + "updated": "2018-09-13T09:49:40.645+00:00", + "links": { + "alternate": "/services/search/jobs/1536832140.4293", + "search.log": "/services/search/jobs/1536832140.4293/search.log", + "events": "/services/search/jobs/1536832140.4293/events", + "results": "/services/search/jobs/1536832140.4293/results", + "results_preview": "/services/search/jobs/1536832140.4293/results_preview", + "timeline": "/services/search/jobs/1536832140.4293/timeline", + "summary": "/services/search/jobs/1536832140.4293/summary", + "control": "/services/search/jobs/1536832140.4293/control" + }, + "published": "2018-09-13T09:49:00.000+00:00", + "author": "bhavesh", + "content": { + "canSummarize": false, + "cursorTime": "1970-01-01T00:00:00.000+00:00", + "defaultSaveTTL": "604800", + "defaultTTL": "600", + "delegate": "", + "diskUsage": 73728, + "dispatchState": "RUNNING", + "doneProgress": 1, + "dropCount": 0, + "earliestTime": "2018-04-20T12:36:17.000+00:00", + "eventAvailableCount": 1, + "eventCount": 1, + "eventFieldCount": 10, + "eventIsStreaming": true, + "eventIsTruncated": false, + "eventSearch": "search eventtype=network_traffic | fields tag | spath ", + "eventSorting": "desc", + "indexEarliestTime": 1535991010, + "indexLatestTime": 1535991010, + "isBatchModeSearch": false, + "isDone": false, + "isEventsPreviewEnabled": false, + "isFailed": false, + "isFinalized": true, + "isPaused": false, + "isPreviewEnabled": false, + "isRealTimeSearch": false, + "isRemoteTimeline": false, + "isSaved": false, + "isSavedSearch": false, + "isTimeCursored": true, + "isZombie": false, + "keywords": "eventtype::network_traffic", + "label": "", + "normalizedSearch": "litsearch (index=shifter log_type=\"network\") | fields tag | spath | fields keepcolorder=t \"_bkt\" \"_cd\" \"_si\" \"host\" \"index\" \"linecount\" \"source\" \"sourcetype\" \"splunk_server\"", + "numPreviews": 0, + "optimizedSearch": "| search eventtype=network_traffic | fields tag | spath", + "pid": "9663", + "priority": 5, + "provenance": "", + "remoteSearch": "litsearch (index=shifter log_type=\"network\") | fields tag | spath | fields keepcolorder=t \"_bkt\" \"_cd\" \"_si\" \"host\" \"index\" \"linecount\" \"source\" \"sourcetype\" \"splunk_server\"", + "reportSearch": "", + "resultCount": 1, + "resultIsStreaming": true, + "resultPreviewCount": 1, + "runDuration": 0.242112944, + "sampleRatio": "1", + "sampleSeed": "0", + "scanCount": 2, + "searchCanBeEventType": false, + "searchTotalBucketsCount": 4, + "searchTotalEliminatedBucketsCount": 2, + "sid": "1536832140.4293", + "statusBuckets": 0, + "ttl": 600, + "performance": { + "command.fields": { + "duration_secs": 0.001, + "invocations": 2, + "input_count": 2, + "output_count": 2 + }, + "command.search": { + "duration_secs": 0.004, + "invocations": 1, + "input_count": 0, + "output_count": 1 + }, + "command.search.calcfields": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.expand_search": { + "duration_secs": 0.026, + "invocations": 1 + }, + "command.search.fieldalias": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.filter": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.index": { + "duration_secs": 0.002, + "invocations": 2 + }, + "command.search.index.usec_1_8": { + "invocations": 85 + }, + "command.search.kv": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.lookups": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 2, + "output_count": 2 + }, + "command.search.parse_directives": { + "duration_secs": 0.001, + "invocations": 1 + }, + "command.search.rawdata": { + "duration_secs": 0.002, + "invocations": 1 + }, + "command.search.summary": { + "invocations": 1 + }, + "command.search.tags": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "command.search.typer": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "command.spath": { + "duration_secs": 0.001, + "invocations": 1, + "input_count": 1, + "output_count": 1 + }, + "dispatch.check_disk_usage": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.createdSearchResultInfrastructure": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispa100 5684 100 5668 100 16 10361 29 --:--:-- --:--:-- --:--:-- 10704patch.evaluate.fields": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.evaluate.noop": { + "invocations": 1 + }, + "dispatch.evaluate.search": { + "duration_secs": 0.04, + "invocations": 1 + }, + "dispatch.evaluate.spath": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.fetch": { + "duration_secs": 0.052, + "invocations": 2 + }, + "dispatch.localSearch": { + "duration_secs": 0.004, + "invocations": 1 + }, + "dispatch.optimize.FinalEval": { + "duration_secs": 0.041, + "invocations": 1 + }, + "dispatch.optimize.matchReportAcceleration": { + "duration_secs": 0.142, + "invocations": 1 + }, + "dispatch.optimize.optimization": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.reparse": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.toJson": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.optimize.toSpl": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.readEventsInResults": { + "duration_secs": 0.001, + "invocations": 1 + }, + "dispatch.stream.local": { + "duration_secs": 0.004, + "invocations": 1 + }, + "dispatch.timeline": { + "duration_secs": 0.002, + "invocations": 2 + }, + "dispatch.writeStatus": { + "duration_secs": 0.007, + "invocations": 7 + }, + "startup.configuration": { + "duration_secs": 0.015, + "invocations": 1 + }, + "startup.handoff": { + "duration_secs": 0.055, + "invocations": 1 + } + }, + "messages": [], + "request": { + "search": "search eventtype=network_traffic | fields tag| spath" + }, + "runtime": { + "auto_cancel": "0", + "auto_pause": "0" + }, + "searchProviders": ["splunk3-01.internal.resilientsystems.com"] + }, + "acl": { + "perms": { + "read": ["bhavesh"], + "write": ["bhavesh"] + }, + "owner": "bhavesh", + "modifiable": true, + "sharing": "global", + "app": "search", + "can_write": true, + "ttl": "600" + } + } + ], + "paging": { + "total": 1, + "perPage": 0, + "offset": 0 + } +} diff --git a/tests/stix_transmission/splunk/test_class.py b/tests/stix_transmission/splunk/test_class.py index ed02723be..95af3b94f 100644 --- a/tests/stix_transmission/splunk/test_class.py +++ b/tests/stix_transmission/splunk/test_class.py @@ -168,6 +168,105 @@ def test_status_response(self, mock_status_response, mock_api_client): assert 'success' in status_response assert status_response['success'] is True + @patch('stix_shifter.stix_transmission.src.modules.splunk.spl_api_client.APIClient.get_search', autospec=True) + def test_status_response_error(self, mock_status_response, mock_api_client): + mock_api_client.return_value = None + + dir_path = os.path.dirname(os.path.realpath(__file__)) + file_path = os.path.join(dir_path, 'api_response', 'status_by_sid_failed.json') + mocked_return_value = open(file_path, 'r').read() + + mock_status_response.return_value = SplunkMockResponse(200, mocked_return_value) + + config = { + "auth": { + "username": "", + "password": "" + } + } + connection = { + "host": "host", + "port": "8080" + } + + search_id = "1536832140.4293" + module = splunk_connector + status_response = module.Connector(connection, config).create_status_connection(search_id) + + assert status_response is not None + assert 'status' in status_response + assert status_response['status'] == 'ERROR' + assert 'progress' in status_response + assert status_response['progress'] == 100 + assert 'success' in status_response + assert status_response['success'] is True + + @patch('stix_shifter.stix_transmission.src.modules.splunk.spl_api_client.APIClient.get_search', autospec=True) + def test_status_response_running(self, mock_status_response, mock_api_client): + mock_api_client.return_value = None + + dir_path = os.path.dirname(os.path.realpath(__file__)) + file_path = os.path.join(dir_path, 'api_response', 'status_by_sid_running.json') + mocked_return_value = open(file_path, 'r').read() + + mock_status_response.return_value = SplunkMockResponse(200, mocked_return_value) + + config = { + "auth": { + "username": "", + "password": "" + } + } + connection = { + "host": "host", + "port": "8080" + } + + search_id = "1536832140.4293" + module = splunk_connector + status_response = module.Connector(connection, config).create_status_connection(search_id) + + assert status_response is not None + assert 'status' in status_response + assert status_response['status'] == 'RUNNING' + assert 'progress' in status_response + assert status_response['progress'] == 100 + assert 'success' in status_response + assert status_response['success'] is True + + @patch('stix_shifter.stix_transmission.src.modules.splunk.spl_api_client.APIClient.get_search', autospec=True) + def test_status_response_cancelled(self, mock_status_response, mock_api_client): + mock_api_client.return_value = None + + dir_path = os.path.dirname(os.path.realpath(__file__)) + file_path = os.path.join(dir_path, 'api_response', 'status_by_sid_running_cancel.json') + mocked_return_value = open(file_path, 'r').read() + + mock_status_response.return_value = SplunkMockResponse(200, mocked_return_value) + + config = { + "auth": { + "username": "", + "password": "" + } + } + connection = { + "host": "host", + "port": "8080" + } + + search_id = "1536832140.4293" + module = splunk_connector + status_response = module.Connector(connection, config).create_status_connection(search_id) + + assert status_response is not None + assert 'status' in status_response + assert status_response['status'] == 'CANCELED' + assert 'progress' in status_response + assert status_response['progress'] == 100 + assert 'success' in status_response + assert status_response['success'] is True + @patch('stix_shifter.stix_transmission.src.modules.splunk.spl_api_client.APIClient.get_search', autospec=True) def test_status_response_exception(self, mock_status_response, mock_api_client): mock_api_client.return_value = None