[client] Update expectation signatures

Author: MarineLeM

pyobas/signatures/types.py

@@ -8,9 +8,10 @@ class MatchTypes(str, Enum):
 
 class SignatureTypes(str, Enum):
     SIG_TYPE_PARENT_PROCESS_NAME = "parent_process_name"
-    SIG_TYPE_HOSTNAME = "hostname"
-    SIG_TYPE_PROCESS_NAME = "process_name"
-    SIG_TYPE_COMMAND_LINE = "command_line"
-    SIG_TYPE_FILE_NAME = "file_name"
-    SIG_TYPE_IPV4 = "ipv4_address"
-    SIG_TYPE_IPV6 = "ipv6_address"
+    SIG_TYPE_SOURCE_IPV4_ADDRESS = "source_ipv4_address"
+    SIG_TYPE_SOURCE_IPV6_ADDRESS = "source_ipv6_address"
+    SIG_TYPE_TARGET_IPV4_ADDRESS = "target_ipv4_address"
+    SIG_TYPE_TARGET_IPV6_ADDRESS = "target_ipv6_address"
+    SIG_TYPE_TARGET_HOSTNAME_ADDRESS = "target_hostname_address"
+    SIG_TYPE_START_DATE = "start_date"
+    SIG_TYPE_END_DATE = "end_date"

test/apis/expectation/test_expectation.py

@@ -126,7 +126,7 @@ def test_when_no_expectation_signature_is_relevant_match_alert_return_false(self
 
         relevant_signature_types = [
             SignatureType(
-                label=SignatureTypes.SIG_TYPE_HOSTNAME,
+                label=SignatureTypes.SIG_TYPE_TARGET_HOSTNAME_ADDRESS,
                 match_type=MatchTypes.MATCH_TYPE_SIMPLE,
             )
         ]
@@ -251,7 +251,10 @@ def test_when_relevant_signatures_when_alert_data_missing_for_some_relevant_sign
                         "type": SignatureTypes.SIG_TYPE_PARENT_PROCESS_NAME,
                         "value": "parent.exe",
                     },
-                    {"type": SignatureTypes.SIG_TYPE_FILE_NAME, "value": "filename"},
+                    {
+                        "type": SignatureTypes.SIG_TYPE_SOURCE_IPV4_ADDRESS,
+                        "value": "231.102.107.38",
+                    },
                 ],
             },
             api_client=create_mock_api_client(),
@@ -263,7 +266,7 @@ def test_when_relevant_signatures_when_alert_data_missing_for_some_relevant_sign
             match_score=95,
         )
         file_name_signature_type = SignatureType(
-            label=SignatureTypes.SIG_TYPE_FILE_NAME,
+            label=SignatureTypes.SIG_TYPE_SOURCE_IPV4_ADDRESS,
             match_type=MatchTypes.MATCH_TYPE_FUZZY,
             match_score=95,
         )
@@ -294,8 +297,8 @@ def test_when_relevant_signatures_when_some_alert_data_dont_match_return_false(
                         "value": "parent.exe",
                     },
                     {
-                        "type": SignatureTypes.SIG_TYPE_FILE_NAME,
-                        "value": "some_file.odt",
+                        "type": SignatureTypes.SIG_TYPE_SOURCE_IPV4_ADDRESS,
+                        "value": "108.134.173.48",
                     },
                 ],
             },
@@ -308,7 +311,7 @@ def test_when_relevant_signatures_when_some_alert_data_dont_match_return_false(
             match_score=95,
         )
         file_name_signature_type = SignatureType(
-            label=SignatureTypes.SIG_TYPE_FILE_NAME,
+            label=SignatureTypes.SIG_TYPE_SOURCE_IPV4_ADDRESS,
             match_type=MatchTypes.MATCH_TYPE_FUZZY,
             match_score=95,
         )

test/signatures/test_signature_type.py

@@ -6,7 +6,7 @@
 
 class TestSignatureType(unittest.TestCase):
     def test_make_struct_create_expected_struct_for_simple_sig_type(self):
-        simple_signature_type_label = SignatureTypes.SIG_TYPE_HOSTNAME
+        simple_signature_type_label = SignatureTypes.SIG_TYPE_TARGET_HOSTNAME_ADDRESS
         simple_signature_type = SignatureType(
             label=simple_signature_type_label, match_type=MatchTypes.MATCH_TYPE_SIMPLE
         )
@@ -19,7 +19,7 @@ def test_make_struct_create_expected_struct_for_simple_sig_type(self):
         self.assertFalse("score" in simple_struct.keys())
 
     def test_make_struct_create_expected_struct_for_fuzzy_sig_type(self):
-        fuzzy_signature_type_label = SignatureTypes.SIG_TYPE_HOSTNAME
+        fuzzy_signature_type_label = SignatureTypes.SIG_TYPE_TARGET_HOSTNAME_ADDRESS
         fuzzy_signature_type_score = 50
         fuzzy_signature_type = SignatureType(
             label=fuzzy_signature_type_label,
@@ -37,7 +37,7 @@ def test_make_struct_create_expected_struct_for_fuzzy_sig_type(self):
     def test_make_struct_create_expected_struct_for_fuzzy_sig_type_when_score_is_0(
         self,
     ):
-        fuzzy_signature_type_label = SignatureTypes.SIG_TYPE_HOSTNAME
+        fuzzy_signature_type_label = SignatureTypes.SIG_TYPE_TARGET_HOSTNAME_ADDRESS
         fuzzy_signature_type_score = 0
         fuzzy_signature_type = SignatureType(
             label=fuzzy_signature_type_label,