diff options
Diffstat (limited to 'src/test/resources/parameters')
| -rw-r--r-- | src/test/resources/parameters/applicationAndProtocolTest.json | 60 | ||||
| -rw-r--r-- | src/test/resources/parameters/dslAutoGranularityTest.json | 27 | ||||
| -rw-r--r-- | src/test/resources/parameters/entityTest.json | 132 | ||||
| -rw-r--r-- | src/test/resources/parameters/fieldDiscoveryTest.json | 35 | ||||
| -rw-r--r-- | src/test/resources/parameters/jobTest.json | 37 | ||||
| -rw-r--r-- | src/test/resources/parameters/knowledgeBase.json | 20 | ||||
| -rw-r--r-- | src/test/resources/parameters/recommendTest.json | 20 | ||||
| -rw-r--r-- | src/test/resources/parameters/sqlAdHocTest.json | 29 | ||||
| -rw-r--r-- | src/test/resources/parameters/sqlSavedTest.json | 6 | ||||
| -rw-r--r-- | src/test/resources/parameters/unstructuredTest.json | 54 |
10 files changed, 194 insertions, 226 deletions
diff --git a/src/test/resources/parameters/applicationAndProtocolTest.json b/src/test/resources/parameters/applicationAndProtocolTest.json new file mode 100644 index 00000000..2a8c043d --- /dev/null +++ b/src/test/resources/parameters/applicationAndProtocolTest.json @@ -0,0 +1,60 @@ +{ + "application_and_protocol_summary": { + "name": "application-and-protocol-summary", + "granularity": "PT5S", + "filter": "vsys_id = 1", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ] + }, + "application_and_protocol_tree_composition": { + "name": "application-and-protocol-tree-composition", + "filter": "vsys_id = 1", + "intervals": [ + "2024-01-30T00:00:00+08:00/2024-01-31T00:00:00+08:00" + ] + }, + "application_and_protocol_tree_throughput": { + "name": "application-and-protocol-tree-throughput", + "granularity": "PT1H", + "filter": " (vsys_id = 1) AND (protocol_stack_id = 'ETHERNET.IPv4' OR ( protocol_stack_id LIKE 'ETHERNET.IPv4.%' AND NOT CONTAINS_STRING(REPLACE(protocol_stack_id, 'ETHERNET.IPv4.', ''), '.')))", + "intervals": [ + "2024-01-30T00:00:00.000+01:00/2024-01-31T00:00:00.000+01:00" + ] + }, + "application_and_protocol_top_apps": { + "name": "application-and-protocol-top-apps", + "filter": "vsys_id = 1", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ], + "limit": 10 + }, + "application_and_protocol_app_summary": { + "name": "application-and-protocol-app-summary", + "execution_mode":"oneshot", + "filter": " vsys_id = 1 AND app_name IN ('ftp', 'http')", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ] + }, + "application_and_protocol_app_related_internal_ips": { + "name": "application-and-protocol-app-related-internal-ips", + "execution_mode":"oneshot", + "filter": "vsys_id = 1", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ], + "limit": 10 + }, + "application_and_protocol_app_throughput": { + "name": "application-and-protocol-app-throughput", + "execution_mode":"oneshot", + "granularity": "PT15S", + "filter": "vsys_id = 1", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ], + "limit": 10 + } +}
\ No newline at end of file diff --git a/src/test/resources/parameters/dslAutoGranularityTest.json b/src/test/resources/parameters/dslAutoGranularityTest.json new file mode 100644 index 00000000..2f8a9d4f --- /dev/null +++ b/src/test/resources/parameters/dslAutoGranularityTest.json @@ -0,0 +1,27 @@ +{ + "application_and_protocol_summary_auto": { + "name": "application-and-protocol-summary", + "filter": "vsys_id = 1" + }, + "application_and_protocol_summary_const": { + "name": "application-and-protocol-summary", + "granularity": "PT1S", + "filter": "vsys_id = 1", + "interval": [ + "2019-01-01 00:00:00/2019-10-01 00:00:10" + ] + }, + "application_and_protocol_summary_auto_const_range": { + "name": "application-and-protocol-summary", + "granularity": "CHART_GRANULARITY('2019-01-01 00:00:00', '2019-10-01 00:00:10')", + "filter": "vsys_id = 1", + "interval": [ + "2019-01-01 00:00:00/2019-10-01 00:00:10" + ] + }, + "traffic_spectrum_network_throughput_trend_auto": { + "name": "traffic-spectrum-network-throughput-trend", + "filter": "vsys_id in (1) ", + "execution_mode": "oneshot" + } +}
\ No newline at end of file diff --git a/src/test/resources/parameters/entityTest.json b/src/test/resources/parameters/entityTest.json deleted file mode 100644 index 5a94461e..00000000 --- a/src/test/resources/parameters/entityTest.json +++ /dev/null @@ -1,132 +0,0 @@ -{ - "activeClientIp": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "session_record", - "limit": "10000", - "parameters": { - "match": [ - { - "type": "exactly", - "fieldKey": "app", - "fieldValues": [ - "Freegate" - ] - } - ], - "range": [ - { - "type": "eq", - "fieldKey": "vsys_id", - "fieldValues": [ - 1 - ] - } - ], - "intervals": [ - "2020-08-15T00:00:00.865Z/2022-08-15T00:30:00.865Z" - ] - } - } - }, - "topServerIp": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "session_record", - "limit": "10000", - "parameters": { - "range": [ - { - "type": "eq", - "fieldKey": "vsys_id", - "fieldValues": [ - 1 - ] - } - ], - "intervals": [ - "2020-08-15T00:00:00Z/2022-08-16T00:00:00Z" - ] - } - } - }, - "topSni": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "session_record", - "limit": "10000", - "parameters": { - "range": [ - { - "type": "eq", - "fieldKey": "vsys_id", - "fieldValues": [ - 1 - ] - } - ], - "intervals": [ - "2020-08-15T00:00:00.865+08:00/2022-08-16T00:00:00.865+08:00" - ] - } - } - }, - "subScriberidPool": { - "clientId":null, - "query":{ - "dataEngine":"AnalysisEngine", - "dataSource":"SUBSCRIBER_ID_VIEW", - "parameters":{ - "match":[ - { - "type":"exactly", - "fieldKey":"SUBSCRIBER_ID", - "fieldValues":[ - "test01", - "test02" - ] - } - ], - "range":[ - { - "type":"eq", - "fieldKey":"vsys_id", - "fieldValues":[ - 1 - ] - } - ] - } - } - }, - "gtpc": { - "clientId":null, - "query":{ - "dataEngine":"AnalysisEngine", - "dataSource":"gtpc_knowledge_base", - "parameters":{ - "match":[ - { - "type":"prefix", - "fieldKey":"phone_number", - "fieldValues":[ - "1761041" - ] - } - ], - "range":[ - { - "type":"eq", - "fieldKey":"vsys_id", - "fieldValues":[ - 1 - ] - } - ] - } - } - } -} diff --git a/src/test/resources/parameters/fieldDiscoveryTest.json b/src/test/resources/parameters/fieldDiscoveryTest.json new file mode 100644 index 00000000..e6ed275b --- /dev/null +++ b/src/test/resources/parameters/fieldDiscoveryTest.json @@ -0,0 +1,35 @@ +{ + "field_discovery_default": { + "name": "field_discovery", + "data_source": "session_record", + "filter": "recv_time >= UNIX_TIMESTAMP(now()) - 500 AND recv_time <= UNIX_TIMESTAMP(now()) AND vsys_id = 1" + }, + "field_discovery_sessions": { + "name": "field_discovery", + "data_source": "session_record", + "custom.field_discovery.metric": "sessions", + "custom.field_discovery.metric.fn": "count", + "filter": "recv_time >= UNIX_TIMESTAMP(now()) - 500 AND recv_time <= UNIX_TIMESTAMP(now()) AND vsys_id = 1" + }, + "field_discovery_bytes": { + "name": "field_discovery", + "data_source": "session_record", + "custom.field_discovery.metric": "bytes", + "custom.field_discovery.metric.fn": "sum", + "filter": "recv_time >= UNIX_TIMESTAMP(now()) - 500 AND recv_time <= UNIX_TIMESTAMP(now()) AND vsys_id = 1" + }, + "field_discovery_incoming_bytes": { + "name": "field_discovery", + "data_source": "session_record", + "custom.field_discovery.metric": "incoming_bytes", + "custom.field_discovery.metric.fn": "sum", + "filter": "recv_time >= UNIX_TIMESTAMP(now()) - 500 AND recv_time <= UNIX_TIMESTAMP(now()) AND vsys_id = 1" + }, + "field_discovery_outgoing_bytes": { + "name": "field_discovery", + "data_source": "session_record", + "custom.field_discovery.metric": "outgoing_bytes", + "custom.field_discovery.metric.fn": "sum", + "filter": "recv_time >= UNIX_TIMESTAMP(now()) - 500 AND recv_time <= UNIX_TIMESTAMP(now()) AND vsys_id = 1" + } +}
\ No newline at end of file diff --git a/src/test/resources/parameters/jobTest.json b/src/test/resources/parameters/jobTest.json deleted file mode 100644 index 777418ff..00000000 --- a/src/test/resources/parameters/jobTest.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "field_discovery_default": { - "query.type": "field_discovery", - "query.data_source": "session_record", - "custom.field_discovery.fields": [ - "log_id", - "security_action" - ], - "custom.field_discovery.filter": "vsys_id in (1,2) and client_ip='192.168.0.1' AND server_port = 80" - }, - "field_discovery_bytes": { - "query.type": "field_discovery", - "query.data_source": "session_record", - "custom.field_discovery.metric": "bytes", - "custom.field_discovery.metric.fn": "sum", - "custom.field_discovery.fields": [ - "security_action", - "proxy_action" - ], - "custom.field_discovery.filter": "vsys_id in (1,2) and client_ip='192.168.0.1' AND server_port = 80" - }, - "long_term": { - "query.type": "long_term", - "query.data_source": "session_record", - "custom.long_term.sql": "select client_ip, count(*) as count from session_record where vsys_id in (1,2) and client_ip='192.168.0.1' AND server_port = 80 group by client_ip order by count asc limit 10" - }, - "report": { - "query.type": "report", - "query.data_source": "session_record", - "custom.report.sql": "SELECT log_id, recv_time FROM session_record LIMIT 12 " - }, - "statistics_top": { - "query.type": "statistics", - "query.data_source": "session_record", - "custom.statistics.sql": "select client_ip, count(*) as count from session_record where vsys_id in (1,2) and client_ip='192.168.0.1' AND server_port = 80 group by client_ip order by count desc limit 10" - } -}
\ No newline at end of file diff --git a/src/test/resources/parameters/knowledgeBase.json b/src/test/resources/parameters/knowledgeBase.json index c5eadaaa..8c2bd42e 100644 --- a/src/test/resources/parameters/knowledgeBase.json +++ b/src/test/resources/parameters/knowledgeBase.json @@ -1,7 +1,21 @@ { - "publishTest": { + "publish": { + "kb_id": "test", "name": "test", - "format": "test", - "type": "test" + "format": "format", + "category": "category", + "is_valid": 1 + }, + "update": { + "kb_id": "test", + "version": "latest" + }, + "update_status": { + "kb_id": "test", + "version": "latest", + "is_valid": 0 + }, + "delete": { + "kb_id": "test" } }
\ No newline at end of file diff --git a/src/test/resources/parameters/recommendTest.json b/src/test/resources/parameters/recommendTest.json new file mode 100644 index 00000000..34ad5030 --- /dev/null +++ b/src/test/resources/parameters/recommendTest.json @@ -0,0 +1,20 @@ +{ + "ip_learning_fqdn_relate_ip": { + "name": "ip-learning-fqdn-relate-ip", + "filter": "VSYS_ID in (1,2,3,4,5) AND PROTOCOL in ('SSL', 'HTTP', 'DNS') AND DEPTH = 1 and UNIQ_NAME > 12 AND FQDN_NAME in ('google.com', 'itunes.apple.com')", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ], + "limit": 100 + }, + "ip_learning_active_ip": { + "name": "ip-learning-active-ip", + "execution_mode": "oneshot", + "filter": "vsys_id in (1) AND 1=1", + "intervals": [ + "2024-01-30 00:00:00/2024-01-31 00:00:00" + ], + "order_by": "BYTES_TOTAL desc, LAST_FOUND_TIME desc", + "limit": 1 + } +}
\ No newline at end of file diff --git a/src/test/resources/parameters/sqlAdHocTest.json b/src/test/resources/parameters/sqlAdHocTest.json new file mode 100644 index 00000000..efc526fd --- /dev/null +++ b/src/test/resources/parameters/sqlAdHocTest.json @@ -0,0 +1,29 @@ +{ + "query_sql_default": { + "statement": "select * from session_record limit 1" + }, + "query_sql_oneshot": { + "statement": "select * from session_record limit 1", + "execution_mode": "oneshot" + }, + "query_sql_normal": { + "statement": "select * from session_record limit 1", + "execution_mode": "normal" + }, + "query_sql_blocking": { + "statement": "select * from session_record limit 1", + "execution_mode": "blocking" + }, + "query_sql_json": { + "statement": "select * from session_record limit 1", + "output_mode": "json" + }, + "query_sql_csv": { + "statement": "select * from session_record limit 1", + "output_mode": "csv" + }, + "query_sql_oneshot_error_trigger_sub_query": { + "statement": "SELECT COUNT_DISTINCT(client_ip) AS \"Client IP\" FROM security_event WHERE ((security_action = 'Deny')) AND recv_time >= UNIX_TIMESTAMP('2024-03-12T00:00:00+08:00') AND recv_time < UNIX_TIMESTAMP('2024-03-12T23:59:59+08:00') AND security_event.vsys_id IN (1) ORDER BY \"Client IP\" DESC LIMIT 20", + "execution_mode": "oneshot" + } +}
\ No newline at end of file diff --git a/src/test/resources/parameters/sqlSavedTest.json b/src/test/resources/parameters/sqlSavedTest.json new file mode 100644 index 00000000..dd128a67 --- /dev/null +++ b/src/test/resources/parameters/sqlSavedTest.json @@ -0,0 +1,6 @@ +{ + "default": { + "statement": "select * from session_record limit 1", + "is_saved_query": 1 + } +}
\ No newline at end of file diff --git a/src/test/resources/parameters/unstructuredTest.json b/src/test/resources/parameters/unstructuredTest.json deleted file mode 100644 index 64412dd7..00000000 --- a/src/test/resources/parameters/unstructuredTest.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "all": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "tsg_galaxy_v3", - "limit": "1000", - "parameters": { - "intervals": [ - "2023-03-01T00:00:00+08:00/2023-04-06T00:00:00+08:00" - ] - } - } - }, - "mail": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "session_record", - "limit": "1000", - "parameters": { - "intervals": [ - "2023-03-01T00:00:00+08:00/2023-04-06T00:00:00+08:00" - ] - } - } - }, - "http": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "security_event", - "limit": "1000", - "parameters": { - "intervals": [ - "2023-03-01T00:00:00+08:00/2023-04-06T00:00:00+08:00" - ] - } - } - }, - "pcap": { - "clientId": null, - "query": { - "dataEngine": "BusinessEngine", - "dataSource": "voip_record", - "limit": "1000", - "parameters": { - "intervals": [ - "2023-03-01T00:00:00+08:00/2023-04-06T00:00:00+08:00" - ] - } - } - } -}
\ No newline at end of file |