Skip to content

DO NOT MERGE: include tests and their info in detections_v2.json #412

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

DO NOT MERGE: include tests and their info in detections_v2.json #412

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions contentctl/objects/abstract_security_content_objects/detection_abstract.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
model_validator,
)

from contentctl.objects.base_test import TestType
from contentctl.objects.lookup import FileBackedLookup, KVStoreLookup, Lookup
from contentctl.objects.macro import Macro

Expand Down Expand Up @@ -512,6 +513,7 @@ def serialize_model(self):
"source": self.source,
"nes_fields": self.nes_fields,
"rba": self.rba or {},
"tests": [t for t in self.tests if t.test_type == TestType.UNIT],
}
if self.deployment.alert_action.notable:
model["risk_severity"] = self.severity
Expand Down
11 changes: 11 additions & 0 deletions contentctl/objects/test_attack_data.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
HttpUrl,
ValidationInfo,
field_validator,
model_serializer,
)


Expand Down Expand Up @@ -46,3 +47,13 @@ def check_for_existence_of_attack_data_repo(
raise ValueError(
"config not passed to TestAttackData constructor in context"
)

@model_serializer
def serialize_model(self) -> dict[str, str]:
return {
"data": str(self.data),
"source": self.source,
"sourcetype": self.sourcetype,
"custom_index": self.custom_index or "",
"host": self.host or "",
}
18 changes: 15 additions & 3 deletions contentctl/objects/unit_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
from __future__ import annotations

from pydantic import Field
from typing import Any

from pydantic import Field, model_serializer

from contentctl.objects.test_attack_data import TestAttackData
from contentctl.objects.unit_test_result import UnitTestResult
from contentctl.objects.base_test import BaseTest, TestType
from contentctl.objects.base_test_result import TestResultStatus
from contentctl.objects.test_attack_data import TestAttackData
from contentctl.objects.unit_test_result import UnitTestResult


class UnitTest(BaseTest):
Expand All @@ -32,3 +34,13 @@ def skip(self, message: str) -> None:
self.result = UnitTestResult( # type: ignore
message=message, status=TestResultStatus.SKIP
)

@model_serializer
def serialize_model(self) -> dict[str, Any]:
return {
"name": self.name,
"test_type": self.test_type.value,
"attack_data": [
attack_data.model_dump() for attack_data in self.attack_data
],
}
1 change: 1 addition & 0 deletions contentctl/output/api_json_output.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ def writeDetections(
"lookups",
"source",
"nes_fields",
"tests",
]
)
)
Expand Down
Loading