From 8d4e05f762e9c0933525bda16b08265929e077d7 Mon Sep 17 00:00:00 2001 From: Ilya Kheifets Date: Tue, 25 Jul 2023 10:18:54 +0200 Subject: [PATCH] fix migrate from uuid to shortuuid --- .../test_vmware_carbonblack_with_comments.py | 4 +-- poetry.lock | 10 +++++- pyproject.toml | 1 + tests/conftest.py | 4 +-- tests/test_arista.py | 1 - tests/test_aruba_clearpass.py | 2 +- tests/test_avi_vantage.py | 2 +- tests/test_barracuda.py | 4 +-- tests/test_checkpoint.py | 34 +++++++++---------- tests/test_checkpoint_syslog_rfc5424.py | 24 ++++++------- tests/test_cisco_ace.py | 2 +- tests/test_cisco_acs.py | 8 ++--- tests/test_cisco_asa.py | 14 ++++---- tests/test_cisco_cimc.py | 4 +-- tests/test_cisco_dna.py | 4 +-- tests/test_cisco_esa.py | 6 ++-- tests/test_cisco_firepower.py | 4 +-- tests/test_cisco_fwsm.py | 4 +-- tests/test_cisco_hyperflex.py | 8 ++--- tests/test_cisco_ios.py | 8 ++--- tests/test_cisco_ise.py | 10 +++--- tests/test_cisco_meraki.py | 8 ++--- tests/test_cisco_ms.py | 4 +-- tests/test_cisco_pix.py | 4 +-- tests/test_cisco_tvcs.py | 4 +-- tests/test_cisco_ucm.py | 10 +++--- tests/test_cisco_ucs_manager.py | 4 +-- tests/test_cisco_viptela.py | 4 +-- tests/test_cisco_wsa.py | 14 ++++---- tests/test_citrix_netscaler.py | 12 +++---- ...t_clearswift_syslog_rfc5424_test_filter.py | 4 +-- tests/test_common.py | 16 ++++----- tests/test_common_lite.py | 12 +++---- tests/test_cyberark.py | 8 ++--- tests/test_cylance_protect.py | 4 +-- tests/test_darktrace.py | 6 ++-- tests/test_fireye.py | 14 ++++---- tests/test_forcepoint_web.py | 4 +-- tests/test_fortinet_ngfw.py | 16 ++++----- tests/test_fortinet_web.py | 10 +++--- tests/test_github_ent.py | 4 +-- tests/test_haproxy.py | 6 ++-- tests/test_imperva.py | 4 +-- tests/test_infoblox.py | 18 +++++----- tests/test_isc.py | 8 ++--- tests/test_leef.py | 8 ++--- tests/test_linux_syslog.py | 10 +++--- tests/test_loggen.py | 6 ++-- tests/test_mcafee_nsp.py | 2 +- tests/test_mcafee_web_gateway.py | 6 ++-- tests/test_microfocus_arcsight.py | 14 ++++---- tests/test_microsoft_mcas.py | 4 +-- tests/test_mikrotik.py | 4 +-- tests/test_mk8s_config_files.py | 2 +- tests/test_mk8s_custom_ports.py | 4 +-- tests/test_mk8s_hosts_override.py | 4 +-- tests/test_mk8s_splunk_metadata.py | 4 +-- tests/test_netscout_arbor-edge.py | 4 +-- tests/test_novell.py | 4 +-- tests/test_nutanix.py | 4 +-- tests/test_ossec.py | 4 +-- tests/test_palo_alto.py | 22 ++++++------ tests/test_pfsense.py | 8 ++--- tests/test_plugin_example.py | 4 +-- tests/test_pulsesecure.py | 8 ++--- tests/test_purestorage.py | 4 +-- tests/test_qumulo.py | 4 +-- tests/test_radware.py | 6 ++-- tests/test_raritan.py | 4 +-- tests/test_ricoh.py | 4 +-- tests/test_schneider_electric_apc.py | 4 +-- tests/test_secureauth_idp.py | 4 +-- tests/test_solace.py | 4 +-- tests/test_sophos_webappliance.py | 4 +-- tests/test_splunk.py | 8 ++--- tests/test_symantec_brightmail.py | 10 +++--- tests/test_symantec_dlp.py | 6 ++-- tests/test_symantec_ep.py | 26 +++++++------- tests/test_symantec_proxy.py | 8 ++--- tests/test_tanium.py | 4 +-- tests/test_trend_deep_security.py | 18 +++++----- tests/test_ubiquiti_unifi.py | 12 +++---- tests/test_varonis.py | 4 +-- tests/test_vectra_ai.py | 18 +++++----- tests/test_vmware.py | 24 ++++++------- tests/test_vmware_carbonblack.py | 4 +-- tests/test_zscaler_proxy.py | 22 ++++++------ tests/test_zscaler_tunnel.py | 4 +-- 88 files changed, 346 insertions(+), 342 deletions(-) diff --git a/docs/resources/test_vmware_carbonblack_with_comments.py b/docs/resources/test_vmware_carbonblack_with_comments.py index b271b50f75..2a2fa35570 100644 --- a/docs/resources/test_vmware_carbonblack_with_comments.py +++ b/docs/resources/test_vmware_carbonblack_with_comments.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -20,7 +20,7 @@ def test_vmware_carbonblack_protect( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/poetry.lock b/poetry.lock index 883b952b12..5d8c8d5521 100644 --- a/poetry.lock +++ b/poetry.lock @@ -356,6 +356,13 @@ six = ">=1.11.0" format = ["idna", "jsonpointer (>1.13)", "rfc3987", "strict-rfc3339", "webcolors"] format_nongpl = ["idna", "jsonpointer (>1.13)", "webcolors", "rfc3986-validator (>0.1.0)", "rfc3339-validator"] +[[package]] +name = "shortuuid" +version = "1.0.11" +description = "A generator library for concise, unambiguous and URL-safe UUIDs." +optional = false +python-versions = ">=3.5" + [[package]] name = "junit-xml" version = "1.9" @@ -1018,6 +1025,7 @@ pywin32 = [] pyyaml = [] pyyaml-env-tag = [] requests = [] +shortuuid = [] six = [] splunk-sdk = [] sqlitedict = [] @@ -1030,4 +1038,4 @@ verspec = [] virtualenv = [] watchdog = [] websocket-client = [] -zipp = [] +zipp = [] \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index 08be8a55ee..5601355209 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,6 +10,7 @@ python = "^3.9" Jinja2 = "^3.1.2" sqlitedict = "^2.0.0" requests = "^2.28.1" +shortuuid = "^1.0.11" [tool.poetry.dev-dependencies] diff --git a/tests/conftest.py b/tests/conftest.py index 4f7362bf1f..8ae56f1f8f 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -6,7 +6,7 @@ import os import uuid import socket -import uuid +import shortuuid from time import sleep import pytest @@ -16,7 +16,7 @@ @pytest.fixture def get_host_key(): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" return host diff --git a/tests/test_arista.py b/tests/test_arista.py index dcc7df4403..81fefaa559 100644 --- a/tests/test_arista.py +++ b/tests/test_arista.py @@ -4,7 +4,6 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import pytest -import uuid from jinja2 import Environment, select_autoescape diff --git a/tests/test_aruba_clearpass.py b/tests/test_aruba_clearpass.py index 9b8c4ec95c..899b7221dc 100644 --- a/tests/test_aruba_clearpass.py +++ b/tests/test_aruba_clearpass.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape diff --git a/tests/test_avi_vantage.py b/tests/test_avi_vantage.py index 976c4862ab..f966d3b4e6 100644 --- a/tests/test_avi_vantage.py +++ b/tests/test_avi_vantage.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape diff --git a/tests/test_barracuda.py b/tests/test_barracuda.py index 7cb5fcf713..af6c090da4 100644 --- a/tests/test_barracuda.py +++ b/tests/test_barracuda.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import pytest from jinja2 import Environment, select_autoescape @@ -15,7 +15,7 @@ env = Environment(autoescape=select_autoescape(default_for_string=False)) #486 <132>1 2022-04-05T19:56:42.387000Z Barracuda - - - src=10.1.1.1 spt=33217 dst=10.1.1.1 dpt=39971 actionTaken=DENY attackDescription=GEO_IP_BLOCK attackDetails=GeoIP Policy Match attackGroup=Forceful Browsing attackId=1111 logType=WF app=TLSv1.2 request=/apps/ requestMethod=GET rt=1649197620642 userAgent=Mozilla/5.0 [en] (X11, U; OpenVAS-VT 9.0.3) referer= def test_barracuda(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_checkpoint.py b/tests/test_checkpoint.py index 50e45ff103..6deded69f8 100644 --- a/tests/test_checkpoint.py +++ b/tests/test_checkpoint.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import random from jinja2 import Environment, select_autoescape @@ -20,7 +20,7 @@ def test_checkpoint_splunk_ips( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -55,7 +55,7 @@ def test_checkpoint_splunk_ips( def test_checkpoint_splunk_firewall( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -89,7 +89,7 @@ def test_checkpoint_splunk_firewall( def test_checkpoint_splunk_firewall_noise( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -126,7 +126,7 @@ def test_checkpoint_splunk_firewall_noise( def test_checkpoint_splunk_firewall2( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -160,7 +160,7 @@ def test_checkpoint_splunk_firewall2( def test_checkpoint_vsplunk_firewall( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -195,7 +195,7 @@ def test_checkpoint_vsplunk_firewall( def test_checkpoint_splunk_mds( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -230,7 +230,7 @@ def test_checkpoint_splunk_mds( def test_checkpoint_splunk_cpmi( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -265,7 +265,7 @@ def test_checkpoint_splunk_cpmi( def test_checkpoint_splunk_web_api( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -300,7 +300,7 @@ def test_checkpoint_splunk_web_api( def test_checkpoint_splunk_smartconsole( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -335,7 +335,7 @@ def test_checkpoint_splunk_smartconsole( def test_checkpoint_splunk_os( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) mt = env.from_string( @@ -363,7 +363,7 @@ def test_checkpoint_splunk_os( def test_checkpoint_splunk_os_nested( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -399,7 +399,7 @@ def test_checkpoint_splunk_os_nested( def test_checkpoint_splunk_Endpoint_Management( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -435,7 +435,7 @@ def test_checkpoint_splunk_Endpoint_Management( def test_checkpoint_splunk_ios_profile( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -471,7 +471,7 @@ def test_checkpoint_splunk_ios_profile( def test_checkpoint_splunk_SmartUpdate( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -506,7 +506,7 @@ def test_checkpoint_splunk_SmartUpdate( def test_checkpoint_splunk_Endpoint_Compliance( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -541,7 +541,7 @@ def test_checkpoint_splunk_Endpoint_Compliance( def test_checkpoint_splunk_Mobile_Access( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_checkpoint_syslog_rfc5424.py b/tests/test_checkpoint_syslog_rfc5424.py index 889b99d273..6a61393636 100644 --- a/tests/test_checkpoint_syslog_rfc5424.py +++ b/tests/test_checkpoint_syslog_rfc5424.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -19,7 +19,7 @@ def test_checkpoint_syslog_anti_malware( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -55,7 +55,7 @@ def test_checkpoint_syslog_anti_malware( def test_checkpoint_syslog_threat_emulation( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -92,7 +92,7 @@ def test_checkpoint_syslog_threat_emulation( def test_checkpoint_syslog_url_filtering( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -129,7 +129,7 @@ def test_checkpoint_syslog_url_filtering( def test_checkpoint_syslog_vpn_and_firewall( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -167,7 +167,7 @@ def test_checkpoint_syslog_vpn_and_firewall( def test_checkpoint_syslog_web_api_internal( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -199,7 +199,7 @@ def test_checkpoint_syslog_web_api_internal( def test_checkpoint_syslog_cli( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -236,7 +236,7 @@ def test_checkpoint_syslog_cli( def test_checkpoint_syslog_iOS_profiles( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -273,7 +273,7 @@ def test_checkpoint_syslog_iOS_profiles( def test_checkpoint_syslog_Endpoint_Compliance( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -305,7 +305,7 @@ def test_checkpoint_syslog_Endpoint_Compliance( def test_checkpoint_syslog_Endpoint( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -339,7 +339,7 @@ def test_checkpoint_syslog_Endpoint( def test_checkpoint_syslog_Identity_Awareness( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -375,7 +375,7 @@ def test_checkpoint_syslog_Identity_Awareness( def test_checkpoint_syslog_Mobile_Access( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_ace.py b/tests/test_cisco_ace.py index 032a9ccec6..f09f84a42c 100644 --- a/tests/test_cisco_ace.py +++ b/tests/test_cisco_ace.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape diff --git a/tests/test_cisco_acs.py b/tests/test_cisco_acs.py index 9f5b8372d4..58d61b5711 100644 --- a/tests/test_cisco_acs.py +++ b/tests/test_cisco_acs.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ def test_cisco_acs_single(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -50,7 +50,7 @@ def test_cisco_acs_single(record_property, setup_splunk, setup_sc4s): def test_cisco_acs_multi(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -100,7 +100,7 @@ def test_cisco_acs_multi(record_property, setup_splunk, setup_sc4s): def test_cisco_acs_multi_lost( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_asa.py b/tests/test_cisco_asa.py index e953f48b33..b1a51aa8e6 100644 --- a/tests/test_cisco_asa.py +++ b/tests/test_cisco_asa.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -21,7 +21,7 @@ def test_cisco_asa_traditional( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -53,7 +53,7 @@ def test_cisco_asa_traditional( def test_cisco_asa_no_host_no_seq( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -86,7 +86,7 @@ def test_cisco_asa_no_host_no_seq( def test_cisco_asa_traditional_nohost( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -117,7 +117,7 @@ def test_cisco_asa_traditional_nohost( # <166>2018-06-27T12:17:46Z asa : %ASA-3-710003: TCP access denied by ACL from 179.236.133.160/8949 to outside:72.142.18.38/23 def test_cisco_asa_rfc5424(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # Get UTC-based 'dt' time structure dt = datetime.datetime.now(datetime.timezone.utc) @@ -151,7 +151,7 @@ def test_cisco_asa_rfc5424(record_property, setup_splunk, setup_sc4s): # <118>2020-02-04T11:00:54Z %FTD-6-430003: DeviceUUID: 90e14378-2081-11e8-a7fa-d34972ba379f, AccessControlRuleAction: Allow, SrcIP: 75.150.94.75, DstIP: 172.30.0.2, SrcPort: 59698, DstPort: 8027, Protocol: tcp, IngressInterface: Outside2, EgressInterface: DMZ, IngressZone: Outside, EgressZone: DMZ, ACPolicy: Rapid7 5525X, AccessControlRuleName: Allow MDM - Out to DMZ, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, ConnectionDuration: 600, InitiatorPackets: 0, ResponderPackets: 0, InitiatorBytes: 31, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity def test_cisco_ftd(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # Get UTC-based 'dt' time structure dt = datetime.datetime.now(datetime.timezone.utc) @@ -184,7 +184,7 @@ def test_cisco_ftd(record_property, setup_splunk, setup_sc4s): def test_cisco_ftd_nopri(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # Get UTC-based 'dt' time structure dt = datetime.datetime.now(datetime.timezone.utc) diff --git a/tests/test_cisco_cimc.py b/tests/test_cisco_cimc.py index a4a1829039..27bb6e3bb2 100644 --- a/tests/test_cisco_cimc.py +++ b/tests/test_cisco_cimc.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -20,7 +20,7 @@ def test_cisco_cimc(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_dna.py b/tests/test_cisco_dna.py index 590f08cbf2..35187927d2 100644 --- a/tests/test_cisco_dna.py +++ b/tests/test_cisco_dna.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -18,7 +18,7 @@ def test_cisco_dna(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_esa.py b/tests/test_cisco_esa.py index 75941eb6ce..31b9ffffe3 100644 --- a/tests/test_cisco_esa.py +++ b/tests/test_cisco_esa.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -446,7 +446,7 @@ def test_cisco_esa_authentication( def test_cisco_esa_cef1(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -476,7 +476,7 @@ def test_cisco_esa_cef1(record_property, setup_splunk, setup_sc4s): assert result_count == 1 def test_cisco_esa_cef2(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_firepower.py b/tests/test_cisco_firepower.py index 0a08e1ef94..4781416066 100644 --- a/tests/test_cisco_firepower.py +++ b/tests/test_cisco_firepower.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ def test_cisco_firepower(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_fwsm.py b/tests/test_cisco_fwsm.py index 45920b15ff..5ab86e3494 100644 --- a/tests/test_cisco_fwsm.py +++ b/tests/test_cisco_fwsm.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -19,7 +19,7 @@ def test_cisco_fwsm_traditional( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_hyperflex.py b/tests/test_cisco_hyperflex.py index 179bc44eee..900bbf4d2a 100644 --- a/tests/test_cisco_hyperflex.py +++ b/tests/test_cisco_hyperflex.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -33,7 +33,7 @@ def test_cisco_ucs_hyperflex( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -62,7 +62,7 @@ def test_cisco_ucs_hyperflex( def test_cisco_ucs_hyperflex_audit( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -91,7 +91,7 @@ def test_cisco_ucs_hyperflex_audit( def test_cisco_ucs_hyperflex_ssl( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_ios.py b/tests/test_cisco_ios.py index 156dc30fc3..8c56b2c75e 100644 --- a/tests/test_cisco_ios.py +++ b/tests/test_cisco_ios.py @@ -12,7 +12,7 @@ import datetime import pytest -import uuid +import shortuuid env = Environment(autoescape=select_autoescape(default_for_string=False)) @@ -287,7 +287,7 @@ def test_cisco_nx_os_soup2( # <11>July 22 22:45:28 apic1 %LOG_LOCAL0-2-SYSTEM_MSG [F0110][soaking][node-failed][critical][topology/pod-1/node-102/fault-F0110] Node 102 not reachable. unknown def test_cisco_aci_loglocal(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -318,7 +318,7 @@ def test_cisco_aci_loglocal(record_property, setup_splunk, setup_sc4s): def test_cisco_aci_log(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -350,7 +350,7 @@ def test_cisco_aci_log(record_property, setup_splunk, setup_sc4s): #%ACLLOG-5-ACLLOG_PKTLOG def test_cisco_aci_acl(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_ise.py b/tests/test_cisco_ise.py index c9355f9e69..ff55701aca 100644 --- a/tests/test_cisco_ise.py +++ b/tests/test_cisco_ise.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -22,7 +22,7 @@ def test_cisco_ise_multi(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -85,7 +85,7 @@ def test_cisco_ise_multi(record_property, setup_splunk, setup_sc4s): def test_cisco_ise_merge(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -147,7 +147,7 @@ def test_cisco_ise_merge(record_property, setup_splunk, setup_sc4s): # <181>Oct 24 21:00:02 ciscohost CISE_RADIUS_Accounting 0006028545 1 0 2019-10-24 21:00:02.305 +00:00 0088472694 3002 NOTICE Radius-Accounting: RADIUS Accounting watchdog update, ConfigVersionId=336, Device IP Address=10.0.0.3, RequestLatency=3, NetworkDeviceName=nc-aaa-aaa1, User-Name=U100000.ent.corp, NAS-IP-Address=10.0.0.3, NAS-Port=50047, Service-Type=Framed, Framed-IP-Address=10.0.0.80, Class=CACS:0AEF12345677832097B3F362:ncsilsepsuie212/356139633/9969901, Called-Station-ID=00-08-00-00-1B-AF, Calling-Station-ID=00-00-00-00-A0-7E, Acct-Status-Type=Interim-Update, Acct-Delay-Time=0, Acct-Input-Octets=653293631, Acct-Output-Octets=1497972244, Acct-Session-Id=00000B68, Acct-Authentic=RADIUS, Acct-Session-Time=241598, Acct-Input-Packets=2656224, Acct-Output-Packets=7614179, Acct-Input-Gigawords=0, Acct-Output-Gigawords=1, NAS-Port-Type=Ethernet, NAS-Port-Id=FastEthernet0/47, undefined-151=31D7AADD, cisco-av-pair=audit-session-id=0AEF10030000032097B3F362, cisco-av-pair=connect-progress=Auth Open, AcsSessionID=ncsilsepsuie205/359238109/4017186, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=22094, Step=11005, NetworkDeviceGroups=Location#All Locations#NC, NetworkDeviceGroups=Device Type#All Device Types#Switch#2960-Switches, NetworkDeviceGroups=All Network Device Groups#All Network Device Groups, CPMSessionID=0AEF10030000032097B3F362, AllowedProtocolMatchedRule=EAP-TLS, All Network Device Groups=All Network Device Groups#All Network Device Groups, Location=Location#All Locations#NC, Device Type=Device Type#All Device Types#Switch#2960-Switches, Network Device Profile=Cisco, def test_cisco_ise_single(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -183,7 +183,7 @@ def test_cisco_ise_single(record_property, setup_splunk, setup_sc4s): def test_cisco_ise_cise_alarm_single( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_meraki.py b/tests/test_cisco_meraki.py index 11ebde530d..da030aa603 100644 --- a/tests/test_cisco_meraki.py +++ b/tests/test_cisco_meraki.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import random from jinja2 import Environment, select_autoescape @@ -13,13 +13,9 @@ from .timeutils import time_operations import datetime -<<<<<<< HEAD import pytest -env = Environment() -======= env = Environment(autoescape=select_autoescape(default_for_string=False)) ->>>>>>> 34baba6eb (fix: disable autoescaping in tests) # Log samples from https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_and_Log_Samples mx_test_data = [ @@ -158,7 +154,7 @@ def test_cisco_meraki_syslog_app( def test_cisco_meraki_vps_app( record_property, setup_splunk, setup_sc4s ): - host = f"testcm-host-{uuid.uuid4().hex}" + host = f"testcm-host-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_ms.py b/tests/test_cisco_ms.py index 7bbbb79b2a..f541d50b1b 100644 --- a/tests/test_cisco_ms.py +++ b/tests/test_cisco_ms.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -18,7 +18,7 @@ def test_cisco_ms(record_property, setup_splunk, setup_sc4s): - host = f"test-cms-host-{uuid.uuid4().hex}" + host = f"test-cms-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_pix.py b/tests/test_cisco_pix.py index 1e0ff6435b..432fc62391 100644 --- a/tests/test_cisco_pix.py +++ b/tests/test_cisco_pix.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -19,7 +19,7 @@ def test_cisco_pix_traditional( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_tvcs.py b/tests/test_cisco_tvcs.py index f9a5c788d7..bc70c2f8be 100644 --- a/tests/test_cisco_tvcs.py +++ b/tests/test_cisco_tvcs.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -15,7 +15,7 @@ env = Environment(autoescape=select_autoescape(default_for_string=False)) # <166>2018-06-27T12:17:46Z asa : %ASA-3-710003: TCP access denied by ACL from 179.236.133.160/8949 to outside:72.142.18.38/23 def test_cisco_tvcs_rfc5424(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # Get UTC-based 'dt' time structure dt = datetime.datetime.now(datetime.timezone.utc) diff --git a/tests/test_cisco_ucm.py b/tests/test_cisco_ucm.py index 7cbaa6c5a8..2a131047df 100644 --- a/tests/test_cisco_ucm.py +++ b/tests/test_cisco_ucm.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -22,7 +22,7 @@ def test_cisco_ucm_nohost_auditlog( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -55,7 +55,7 @@ def test_cisco_ucm_nohost_auditlog( def test_cisco_ucm_nohost_rtmt( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -90,7 +90,7 @@ def test_cisco_ucm_nohost_rtmt( def test_cisco_ucm_host_auditlog( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -125,7 +125,7 @@ def test_cisco_ucm_host_auditlog( def test_cisco_ucm_nohost_alert( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_ucs_manager.py b/tests/test_cisco_ucs_manager.py index 04dc37a638..b96bd7c04f 100644 --- a/tests/test_cisco_ucs_manager.py +++ b/tests/test_cisco_ucs_manager.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -20,7 +20,7 @@ def test_cisco_ucm_manager(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_viptela.py b/tests/test_cisco_viptela.py index 0a1fb78315..19a15fef61 100644 --- a/tests/test_cisco_viptela.py +++ b/tests/test_cisco_viptela.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -20,7 +20,7 @@ def test_cisco_viptela(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cisco_wsa.py b/tests/test_cisco_wsa.py index 251874aab0..b777dbd901 100644 --- a/tests/test_cisco_wsa.py +++ b/tests/test_cisco_wsa.py @@ -1,4 +1,4 @@ -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -55,7 +55,7 @@ def test_cisco_wsa_squid_11_7( record_property, get_host_key, setup_splunk, setup_sc4s, event ): - host = f"cisco-wsa11-7-host-{uuid.uuid4().hex}" + host = f"cisco-wsa11-7-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -89,7 +89,7 @@ def test_cisco_wsa_squid_11_7( def test_cisco_wsa_squid( record_property, get_host_key, setup_splunk, setup_sc4s, event ): - host = f"cisco-wsa-host-{uuid.uuid4().hex}" + host = f"cisco-wsa-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -123,7 +123,7 @@ def test_cisco_wsa_squid( def test_cisco_wsa_l4tm( record_property, get_host_key, setup_splunk, setup_sc4s, event ): - host = f"cisco-wsa-host-{uuid.uuid4().hex}" + host = f"cisco-wsa-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -155,7 +155,7 @@ def test_cisco_wsa_l4tm( def test_cisco_wsa_w3c_recommended( record_property, get_host_key, setup_splunk, setup_sc4s, event ): - host = f"cisco-wsaw3c-host-{uuid.uuid4().hex}" + host = f"cisco-wsaw3c-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) wsatime = dt.strftime("%s.%f")[:-3] @@ -188,7 +188,7 @@ def test_cisco_wsa_w3c_recommended( def test_cisco_wsa_squid_11_8( record_property, get_host_key, setup_splunk, setup_sc4s, event ): - host = f"cisco-wsa11-7-host-{uuid.uuid4().hex}" + host = f"cisco-wsa11-7-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) wsatime = dt.strftime("%s.%f")[:-3] @@ -221,7 +221,7 @@ def test_cisco_wsa_squid_11_8( def test_cisco_wsa_squid_12_5( record_property, get_host_key, setup_splunk, setup_sc4s, event ): - host = f"cisco-wsa11-7-host-{uuid.uuid4().hex}" + host = f"cisco-wsa11-7-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) wsatime = dt.strftime("%s.%f")[:-3] diff --git a/tests/test_citrix_netscaler.py b/tests/test_citrix_netscaler.py index d8ec5333b3..87dc704b38 100644 --- a/tests/test_citrix_netscaler.py +++ b/tests/test_citrix_netscaler.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import random import pytz @@ -12,7 +12,7 @@ from .sendmessage import sendsingle from .splunkutils import splunk_single -import uuid +import shortuuid from .timeutils import time_operations import datetime @@ -20,7 +20,7 @@ # <12> 01/10/2001:01:01:01 GMT netscaler ABC-D : SSLVPN HTTPREQUEST 1234567 : Context username@192.0.2.1 - SessionId: 12345- example.com User username : Group(s) groupname : Vserver a1b2:c3d4:e5f6:a7b8:c9d0:e1f2:a3b4:c5d6:123 - 01/01/2001:01:01:01 GMT GET file/path.gif - - def test_citrix_netscaler(record_property, setup_splunk, setup_sc4s): - host = f"test-ctitrixns-host-{uuid.uuid4().hex}" + host = f"test-ctitrixns-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -57,7 +57,7 @@ def test_citrix_netscaler(record_property, setup_splunk, setup_sc4s): def test_citrix_netscaler_sdx( record_property, setup_splunk, setup_sc4s ): - host = f"test-ctitrixns-host-{uuid.uuid4().hex}" + host = f"test-ctitrixns-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -94,7 +94,7 @@ def test_citrix_netscaler_sdx( def test_citrix_netscaler_sdx_AAA( record_property, setup_splunk, setup_sc4s ): - host = f"test-ctitrixns-host-{uuid.uuid4().hex}" + host = f"test-ctitrixns-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -159,7 +159,7 @@ def test_citrix_netscaler_appfw_cef( def test_citrix_netscaler_appfw( record_property, setup_splunk, setup_sc4s ): - host = f"test-ctitrixns-host-{uuid.uuid4().hex}" + host = f"test-ctitrixns-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) diff --git a/tests/test_clearswift_syslog_rfc5424_test_filter.py b/tests/test_clearswift_syslog_rfc5424_test_filter.py index 0368414da5..8008d5c0f5 100644 --- a/tests/test_clearswift_syslog_rfc5424_test_filter.py +++ b/tests/test_clearswift_syslog_rfc5424_test_filter.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -18,7 +18,7 @@ #<22>1 2022-03-28T13:58:27Z AOPRDTETPSEG01 mail - - - postfix-inbound/cleanup[25993]: 4KRvRl1NFRzNhXc3: message-id= def test_clearswift(record_property, setup_splunk, setup_sc4s): - host = f"test-clearswift-host-{uuid.uuid4().hex}" + host = f"test-clearswift-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_common.py b/tests/test_common.py index 648430ce9f..816d9ab0e3 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import pytz from jinja2 import Environment, select_autoescape @@ -19,7 +19,7 @@ def test_defaultroute(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -47,7 +47,7 @@ def test_defaultroute(record_property, setup_splunk, setup_sc4s): def test_defaultroute_port(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -75,7 +75,7 @@ def test_defaultroute_port(record_property, setup_splunk, setup_sc4s): def test_fallback(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -120,7 +120,7 @@ def test_metrics(record_property, setup_splunk, setup_sc4s): def test_tz_guess(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -151,7 +151,7 @@ def test_tz_guess(record_property, setup_splunk, setup_sc4s): assert result_count == 1 def test_splunk_meta(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -178,7 +178,7 @@ def test_splunk_meta(record_property, setup_splunk, setup_sc4s): def test_tz_fix_ny(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # 10 minute offset (reserved for future use) # dt = datetime.datetime.now(pytz.timezone('America/New_York')) - datetime.timedelta(minutes=10) @@ -214,7 +214,7 @@ def test_tz_fix_ny(record_property, setup_splunk, setup_sc4s): def test_tz_fix_ch(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # 10 minute offset (reserved for future use) # dt = datetime.datetime.now(pytz.timezone('America/New_York')) - datetime.timedelta(minutes=10) diff --git a/tests/test_common_lite.py b/tests/test_common_lite.py index 558a0e8493..adb2970ab1 100644 --- a/tests/test_common_lite.py +++ b/tests/test_common_lite.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import pytz from jinja2 import Environment, select_autoescape @@ -19,7 +19,7 @@ def test_defaultroute(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -47,7 +47,7 @@ def test_defaultroute(record_property, setup_splunk, setup_sc4s): def test_defaultroute_port(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -75,7 +75,7 @@ def test_defaultroute_port(record_property, setup_splunk, setup_sc4s): def test_fallback(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -119,7 +119,7 @@ def test_metrics(record_property, setup_splunk, setup_sc4s): def test_tz_fix_ny(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # 10 minute offset (reserved for future use) # dt = datetime.datetime.now(pytz.timezone('America/New_York')) - datetime.timedelta(minutes=10) @@ -155,7 +155,7 @@ def test_tz_fix_ny(record_property, setup_splunk, setup_sc4s): def test_tz_fix_ch(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # 10 minute offset (reserved for future use) # dt = datetime.datetime.now(pytz.timezone('America/New_York')) - datetime.timedelta(minutes=10) diff --git a/tests/test_cyberark.py b/tests/test_cyberark.py index 85086fce73..236f46b412 100644 --- a/tests/test_cyberark.py +++ b/tests/test_cyberark.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <5>1 2020-01-24T22:53:03Z REDACTEDHOSTNAME CEF:0|Cyber-Ark|Vault|10.9.0000|22|CPM Verify Password|5|act="CPM Verify Password" suser=PasswordManager fname=Root\Operating System-OBO-ISSO-Windows-Domain-Account-redacted dvc= shost=10.0.0.10 dhost= duser=redacted externalId= app= reason= cs1Label="Affected User Name" cs1= cs2Label="Safe Name" cs2="re-dact-ted" cs3Label="Device Type" cs3="Operating System" cs4Label="Database" cs4= cs5Label="Other info" cs5= cn1Label="Request Id" cn1= cn2Label="Ticket Id" cn2="VerificationPeriod" msg="VerificationPeriod" def test_cyberark_epv_5424(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -48,7 +48,7 @@ def test_cyberark_epv_5424(record_property, setup_splunk, setup_sc4s): # <190>Jul 27 23:31:58 VAULT CEF:0|Cyber-Ark|Vault|9.20.0000|7|Logon|5|act="Logon" suser=user2 fname= dvc= shost=127.0.0.1 dhost= duser= externalId= app= reason= cs1Label="Affected User Name" cs1= cs2Label="Safe Name" cs2= cs3Label="Device Type" cs3=11111 cs4Label="Database" cs4=222222 cs5Label="Other info" cs5= cn1Label="Request Id" cn1= cn2Label="Ticket Id" cn2= msg= def test_cyberark_epv(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -79,7 +79,7 @@ def test_cyberark_epv(record_property, setup_splunk, setup_sc4s): # <190>Jul 12 23:44:25 10.0.0.1 CEF:0|CyberArk|PTA|2.6.1|20|Privileged account anomaly|8|cs1Label=incidentId cs1=55a32ed8e4b0e4a90114e12c start=1436755482000 deviceCustomDate1Label=detectionDate deviceCustomDate1=1436759065017 msg=Incident updated. Now contains 7 anomalies cs2Label=link cs2=https://10.0.0.1/incidents/55a32ed8e4b0e4a90114e12c def test_cyberark_pta(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_cylance_protect.py b/tests/test_cylance_protect.py index 97aa0c532e..db1ef9a36f 100644 --- a/tests/test_cylance_protect.py +++ b/tests/test_cylance_protect.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -18,7 +18,7 @@ def test_cylance_exploit(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_darktrace.py b/tests/test_darktrace.py index 77bc7a1310..e407783655 100755 --- a/tests/test_darktrace.py +++ b/tests/test_darktrace.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import pytest from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ #Apr 01 14:30:23 darktraceserver1.mydomain.com darktrace_audit {"username":"jsmith","method":"POST","endpoint":"/login","ip":"10.72.62.2","status":302,"description":"Failed login"} def test_darktrace_audit(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -48,7 +48,7 @@ def test_darktrace_audit(record_property, setup_splunk, setup_sc4s): #Apr 01 14:39:18 darktraceserver1.mydomain.com darktrace {"child_id":null,"last_updated":1648817054.504227,"message":"Unidirectional Traffic on subnet 10.12.12.0/24 is high (22.0%). This means that Darktrace may experience issues tracking devices on your network.\n\nIf you have any issues, please open a ticket using the following link. https://customerportal.darktrace.com/ticket/create","name":"high-unidirectional-traffic-10-12-12-0/24","uuid":"88cf2a43-61b9-4016-b9a6-12c900965f32","ip_address":"10.12.19.57","alert_name":"High Unidirectional Traffic","acknowledge_timeout":null,"priority":53,"status":"Active","hostname":"td-8294-05","priority_level":"medium","last_updated_status":1648817054.504227,"url":"https://darktraceserver1.serco-na.com/sysstatus?alert=87cf2a43-61b1-4006-b9a6-12c900915f72"} def test_darktrace_default(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_fireye.py b/tests/test_fireye.py index fb799be7b4..b885ec45d2 100644 --- a/tests/test_fireye.py +++ b/tests/test_fireye.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -17,7 +17,7 @@ # <164>fenotify-1590500.warning: CEF:0|FireEye|CMS|9.0.1.923211|MC|malware-callback|7|requestClientApplication=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 cn2Label=sid cn2=11111112 cs5Label=cncHost cs5=172.65.203.203 spt=10400 smac=00:1c:7f:3f:a4:4a cn1Label=vlan cn1=0 cs4Label=link cs4=https://uswmsidccm1.cs.ball.com/event_stream/events_for_bot?ev_id\\=1590500 rt=Jan 25 2021 20:37:54 UTC proto=tcp dst=172.65.203.203 externalId=1590500 dmac=7c:ad:4f:10:06:83 dvchost={{ host }} cs6Label=channel cs6=GET /appliance-test/alert.html HTTP/1.1::~~Host: fedeploycheck.fireeye.com::~~User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0::~~Accept: text/html,application/xhtml+xml,application/xml;q\\=0.9,image/webp,*/*;q\\=0.8::~~Accept-Language: en-US,en;q\\=0.5::~~Accept-Encoding: gzip, deflate::~~DNT: 1::~~Connection: keep-alive::~~Cookie: _gcl_au\\=1.1.750220273.1606759464; _lfa\\=LF1.1.6e3cb721e7505c55.1606759467306; apt.uid\\=AP-VMCORKOEGG4K-2-1610403364179-83855235.0.2.bf309e5a-bdbb-4e90-be0b-3c182673fb8a; _uetvid\\=f6904ed04ea311eb9f93275a98a20e01::~~Upgrade-Insecure-Requests: 1::~~::~~ src=162.18.29.1 cn3Label=cncPort cn3=80 dpt=80 request=hxxp://fedeploycheck.fireeye.com/appliance-test/alert.html dvc=10.246.129.27 requestMethod=GET act=notified cs1Label=sname cs1=FETestEvent devicePayloadId=71de5c6d-5faa-4d60-b145-4d060f734023 start=Jan 25 2021 20:37:54 UTC ","PRI":"<164>","MESSAGE":"fenotify-1590500.warning: CEF:0|FireEye|CMS|9.0.1.923211|MC|malware-callback|7|requestClientApplication=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 cn2Label=sid cn2=11111112 cs5Label=cncHost cs5=172.65.203.203 spt=10400 smac=00:1c:7f:3f:a4:4a cn1Label=vlan cn1=0 cs4Label=link cs4=https://uswmsidccm1.cs.ball.com/event_stream/events_for_bot?ev_id\\=1590500 rt=Jan 25 2021 20:37:54 UTC proto=tcp dst=172.65.203.203 externalId=1590500 dmac=7c:ad:4f:10:06:83 dvchost={{ host }} cs6Label=channel cs6=GET /appliance-test/alert.html HTTP/1.1::~~Host: fedeploycheck.fireeye.com::~~User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0::~~Accept: text/html,application/xhtml+xml,application/xml;q\\=0.9,image/webp,*/*;q\\=0.8::~~Accept-Language: en-US,en;q\\=0.5::~~Accept-Encoding: gzip, deflate::~~DNT: 1::~~Connection: keep-alive::~~Cookie: _gcl_au\\=1.1.750220273.1606759464; _lfa\\=LF1.1.6e3cb721e7505c55.1606759467306; apt.uid\\=AP-VMCORKOEGG4K-2-1610403364179-83855235.0.2.bf309e5a-bdbb-4e90-be0b-3c182673fb8a; _uetvid\\=f6904ed04ea311eb9f93275a98a20e01::~~Upgrade-Insecure-Requests: 1::~~::~~ src=162.18.29.1 cn3Label=cncPort cn3=80 dpt=80 request=hxxp://fedeploycheck.fireeye.com/appliance-test/alert.html dvc=10.246.129.27 requestMethod=GET act=notified cs1Label=sname cs1=FETestEvent devicePayloadId=71de5c6d-5faa-4d60-b145-4d060f734023 start=Jan 25 2021 20:37:54 UTC def test_fireeye_cms(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -48,7 +48,7 @@ def test_fireeye_cms(record_property, setup_splunk, setup_sc4s): # cef[24366]: CEF:0|fireeye|hx|5.0.3|FireEye Acquisition Completed|FireEye Acquisition Completed|0|rt=Jan 26 2021 02:14:17 UTC dvchost={{ host }} deviceExternalId=0CC47AA8D848 categoryDeviceGroup=/IDS/Application/Service categoryDeviceType=Forensic Investigation categoryObject=/Host cs1Label=Host Agent Cert Hash cs1=aL9HjiEIvp8d1kiwieaaHG dst=10.49.2.59 dmac=64-00-6a-54-c4-7a dhost=MZAUNG dntdom=CS deviceCustomDate1Label=Agent Last Audit deviceCustomDate1=Jan 26 2021 02:13:19 UTC cs2Label=FireEye Agent Version cs2=32.30.0 cs5Label=Target GMT Offset cs5=+PT6H30M cs6Label=Target OS cs6=Windows 10 Enterprise 15063 externalId=1003 cs3Label=Script Name cs3=Bulk Acquisition suser=fe_services act=Acquisition Status in=1361 categoryOutcome=/Success categorySignificance=/Informational categoryBehavior=/Access/Start msg=Host MZAUNG Bulk Acquisition completed categoryTupleDescription=A Host Acquisition was successfully completed. def test_fireeye_hx(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -79,7 +79,7 @@ def test_fireeye_hx(record_property, setup_splunk, setup_sc4s): # 2021-03-03T20:14:22.226Z CEF:0|FireEye|ETP|3.0|etp|malicious email|10|rt=Mar 03 2021:20:07:54 UTC suser=redacted@redacted.com duser=redacted@redacted.com fname=hxxps://redacted[dot]com/foo fileHash=123456789abcdef destinationDnsDomain=redacted.com externalId=123456789 cs1Label=sname cs1=Phish.LIVE.DTI.URL cs3Label=Subject cs3=Subject Redacted cs4Label=Link cs4=https://etp.us.fireeye.com/alert/123456789/ cs5Label=Client cs5=REDACTED-COMPANY def test_fireeye_etp(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -109,7 +109,7 @@ def test_fireeye_etp(record_property, setup_splunk, setup_sc4s): def test_fireeye_hx_json_1(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -137,7 +137,7 @@ def test_fireeye_hx_json_1(record_property, setup_splunk, setup_sc4s): assert result_count == 1 def test_fireeye_hx_json_2(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -167,7 +167,7 @@ def test_fireeye_hx_json_2(record_property, setup_splunk, setup_sc4s): def test_fireeye_hx_json_with_hdr( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_forcepoint_web.py b/tests/test_forcepoint_web.py index c949b86f42..f3cdf008f3 100644 --- a/tests/test_forcepoint_web.py +++ b/tests/test_forcepoint_web.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -18,7 +18,7 @@ def test_forcepoint_webprotect_kv( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_fortinet_ngfw.py b/tests/test_fortinet_ngfw.py index 699a43e924..164cc1f7b0 100644 --- a/tests/test_fortinet_ngfw.py +++ b/tests/test_fortinet_ngfw.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -17,7 +17,7 @@ # <111> Aug 17 00:00:00 fortigate date=2015-08-11 time=19:19:43 devname=Nosey devid=FG800C3912801080 logid=0004000017 type=traffic subtype=sniffer level=notice vd=root srcip=fe80::20c:29ff:fe77:20d4 srcintf="port3" dstip=ff02::1:ff77:20d4 dstintf="port3" sessionid=408903 proto=58 action=accept policyid=2 dstcountry="Reserved" srccountry="Reserved" trandisp=snat transip=:: transport=0 service="icmp6/131/0" duration=36 sentbyte=0 rcvdbyte=40 sentpkt=0 rcvdpkt=0 appid=16321 app="IPv6.ICMP" appcat="Network.Service" apprisk=elevated applist="sniffer-profile" appact=detected utmaction=allow countapp=1 def test_fortinet_fgt_event(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -55,7 +55,7 @@ def test_fortinet_fgt_event(record_property, setup_splunk, setup_sc4s): def test_fortinet_fgt_traffic( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -89,7 +89,7 @@ def test_fortinet_fgt_traffic( # <111> Aug 17 00:00:00 fortigate date=2015-08-11 time=19:21:40 logver=52 devname=US-Corp_Main1 devid=FGT37D4613800138 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd=root sessionid=1490845588 user="" srcip=172.30.16.119 srcport=53235 srcintf="Internal" dstip=114.112.67.75 dstport=80 dstintf="External-SDC" proto=6 service=HTTP hostname="popo.wan.ijinshan.com" profile="scan" action=passthrough reqtype=direct url="/popo/launch?c=cHA9d29vZHMxOTgyQGhvdG1haWwuY29tJnV1aWQ9NDBiNDkyZDRmNzdhNjFmOTNlMjQwMjhiYjE3ZGRlYTYmY29tcGl" sentbyte=525 rcvdbyte=325 direction=outgoing msg="URL belongs to an allowed category in policy" method=domain cat=52 catdesc="Information Technology" def test_fortinet_fgt_utm(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -125,7 +125,7 @@ def test_fortinet_fgt_utm(record_property, setup_splunk, setup_sc4s): def test_fortinet_fgt_traffic_framed( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -163,7 +163,7 @@ def test_fortinet_fgt_traffic_framed( def test_fortinet_fgt_traffic_nohdr( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -196,7 +196,7 @@ def test_fortinet_fgt_traffic_nohdr( def test_fortinet_fgt_event_et_epoch(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -230,7 +230,7 @@ def test_fortinet_fgt_event_et_epoch(record_property, setup_splunk, setup_sc4s) assert result_count == 1 def test_fortinet_fgt_event_et_epochms(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_fortinet_web.py b/tests/test_fortinet_web.py index cb0d4656cb..c3f6e82455 100644 --- a/tests/test_fortinet_web.py +++ b/tests/test_fortinet_web.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <111> Oct 25 13:08:00 fortiweb date=2013-10-07 time=11:30:53 devname=FortiWeb-A log_id=10000017 msg_id=000000001117 device_id=FVVM040000010871 vd="root" timezone="(GMT-5:00)Eastern Time(US & Canada)" type=event subtype="system" pri=information trigger_policy="" user=admin ui=GUI action=login status=success msg="User admin login successfully from GUI(172.20.120.47)" def test_fortinet_fwb_event(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -51,7 +51,7 @@ def test_fortinet_fwb_event(record_property, setup_splunk, setup_sc4s): def test_fortinet_fwb_traffic( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -84,7 +84,7 @@ def test_fortinet_fwb_traffic( # <111> Oct 25 13:08:00 fortiweb date=2013-10-07 time=11:30:53 devname=FortiWeb-A log_id=20000010 msg_id=000139289631 device_id=FV-1KD3A15800072 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" type=attack subtype="waf_signature_detection" pri=alert trigger_policy="" severity_level=Medium proto=tcp service=http action=Alert policy="123" src=172.22.6.234 src_port=60554 dst=10.0.9.13 dst_port=80 http_method=get http_url="/preview.php?file==../" http_host="10.0.9.123" http_agent="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0" http_session_id=3B9864AEKNQSLLODNTILCG37M2FZ6A88 msg="[Signatures name: 123] [main class name: Generic Attacks(Extended)] [sub class name: Directory Traversal]: 060150002" signature_subclass="Directory Traversal" signature_id="060150002" srccountry="Reserved" content_switch_name="none" server_pool_name="123" false_positive_mitigation="none" log_type=LOG_TYPE_SCORE_SUM event_score=3 score_message="[score_type: total_score] [score_scope: TCP Session] [score_threshold: 5] [score_sum: 7]" entry_sequence="000139289630" def test_fortinet_fwb_attack(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -116,7 +116,7 @@ def test_fortinet_fwb_attack(record_property, setup_splunk, setup_sc4s): #<21>date=2022-03-02 time=12:03:03.181 device_id=FEVM02000011111 log_id=0300021505 type=spam subtype=default pri=notice session_id="222I2usQ021504-222I2usS021504" client_name="a30-94.smtp-out.amazonses.com" client_ip="24.24.24.94" dst_ip="1.1.1.1" from="0100017f4bcc9f6f-8675877c-7b27-45fa-bf62-cb892ae7c2f5-000000@mail.xxx.xxx.com" to="jadoe@mail.com" subject="your two-step authentication code is ready" msg="DNS Lookup failure using DNSBL/SURBL server multi.surbl.org" def test_fortinet_fortimail(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_github_ent.py b/tests/test_github_ent.py index 143ec1dc8a..7b6b1e034a 100644 --- a/tests/test_github_ent.py +++ b/tests/test_github_ent.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -23,7 +23,7 @@ @pytest.mark.parametrize("event", testdata_github_ent) def test_data_github_ent(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_haproxy.py b/tests/test_haproxy.py index bcc345e46c..15ae083b92 100644 --- a/tests/test_haproxy.py +++ b/tests/test_haproxy.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import random import pytz import pytest @@ -26,7 +26,7 @@ @pytest.mark.parametrize("event", haproxy_testdata) def test_haproxy(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -63,7 +63,7 @@ def test_haproxy(record_property, setup_splunk, setup_sc4s, event): def test_haproxy_splunk( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() diff --git a/tests/test_imperva.py b/tests/test_imperva.py index ae9a70038e..696d5c2136 100644 --- a/tests/test_imperva.py +++ b/tests/test_imperva.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ def test_imperva_incapsula(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_infoblox.py b/tests/test_infoblox.py index 2d5aa2d81b..920269d313 100644 --- a/tests/test_infoblox.py +++ b/tests/test_infoblox.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import random import pytz import pytest @@ -84,7 +84,7 @@ def test_infoblox_dns_rpz_cef( record_property, setup_splunk, setup_sc4s ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -116,7 +116,7 @@ def test_infoblox_dns_rpz_cef( @pytest.mark.parametrize("event", infoblox_dns_testdata) def test_infoblox_dns(record_property, setup_splunk, setup_sc4s, event): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -148,7 +148,7 @@ def test_infoblox_dns(record_property, setup_splunk, setup_sc4s, event): def test_infoblox_dhcp( record_property, setup_splunk, setup_sc4s, event ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -180,7 +180,7 @@ def test_infoblox_dhcp( def test_infoblox_dns_threatprotect_cef( record_property, setup_splunk, setup_sc4s ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -214,7 +214,7 @@ def test_infoblox_dns_threatprotect_cef( def test_infoblox_dns_threatprotect( record_property, setup_splunk, setup_sc4s, event ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -246,7 +246,7 @@ def test_infoblox_dns_threatprotect( def test_infoblox_audit( record_property, setup_splunk, setup_sc4s, event ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -278,7 +278,7 @@ def test_infoblox_audit( def test_infoblox_fallback( record_property, setup_splunk, setup_sc4s, event ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -310,7 +310,7 @@ def test_infoblox_fallback( def test_infoblox_headeralter_dhcp( record_property, setup_splunk, setup_sc4s, event ): - host = f"infoblox-host-{uuid.uuid4().hex}" + host = f"infoblox-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() diff --git a/tests/test_isc.py b/tests/test_isc.py index 7744d40a69..48982ab15e 100644 --- a/tests/test_isc.py +++ b/tests/test_isc.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import random import pytz import pytest @@ -45,7 +45,7 @@ @pytest.mark.parametrize("event", isc_dns_testdata) def test_isc_dns(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -77,7 +77,7 @@ def test_isc_dns(record_property, setup_splunk, setup_sc4s, event): def test_isc_dnsfailed( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -107,7 +107,7 @@ def test_isc_dnsfailed( @pytest.mark.parametrize("event", isc_dhcp_testdata) def test_isc_dhcpd(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() diff --git a/tests/test_leef.py b/tests/test_leef.py index 94158eb2d5..17a540c211 100644 --- a/tests/test_leef.py +++ b/tests/test_leef.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import pytest from jinja2 import Environment, select_autoescape @@ -54,7 +54,7 @@ def test_leef1_generic( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -86,7 +86,7 @@ def test_leef1_generic( def test_leef2_generic( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -116,7 +116,7 @@ def test_leef2_generic( @pytest.mark.parametrize("event", testdata3) def test_leef_devtime(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_linux_syslog.py b/tests/test_linux_syslog.py index bc0314b5c2..0467fe540d 100644 --- a/tests/test_linux_syslog.py +++ b/tests/test_linux_syslog.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import random import pytz @@ -21,7 +21,7 @@ def test_linux__nohost_program_as_path( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -54,7 +54,7 @@ def test_linux__nohost_program_as_path( def test_linux__host_program_as_path( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -87,7 +87,7 @@ def test_linux__host_program_as_path( def test_linux__nohost_program_conforms( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -120,7 +120,7 @@ def test_linux__nohost_program_conforms( def test_linux__host_program_conforms( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() diff --git a/tests/test_loggen.py b/tests/test_loggen.py index 11555d6315..b990fb2f3d 100644 --- a/tests/test_loggen.py +++ b/tests/test_loggen.py @@ -1,4 +1,4 @@ -import uuid +import shortuuid import random from jinja2 import Environment, select_autoescape @@ -13,7 +13,7 @@ # <38>1 2020-07-21T21:05:56+02:00 localhost prg00000 1234 - - seq: 0000000000, thread: 0000, runid: 1595365556, stamp: 2020-07-21T21:05:56 PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPAD def test_loggen_rfc(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -40,7 +40,7 @@ def test_loggen_rfc(record_property, setup_splunk, setup_sc4s): # <38>2020-07-24T17:04:52 localhost prg00000[1234]: seq: 0000000008, thread: 0000, runid: 1595610292, stamp: 2020-07-24T17:04:52 PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADD def test_loggen_bsd(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() diff --git a/tests/test_mcafee_nsp.py b/tests/test_mcafee_nsp.py index 5dd07252c8..180cbc33df 100644 --- a/tests/test_mcafee_nsp.py +++ b/tests/test_mcafee_nsp.py @@ -1,4 +1,4 @@ -import uuid +import shortuuid from jinja2 import Environment, select_autoescape diff --git a/tests/test_mcafee_web_gateway.py b/tests/test_mcafee_web_gateway.py index b8b320ea82..9cb9f1b8cf 100644 --- a/tests/test_mcafee_web_gateway.py +++ b/tests/test_mcafee_web_gateway.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -17,7 +17,7 @@ def test_data_mcafeewg(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -51,7 +51,7 @@ def test_data_mcafeewg(record_property, setup_splunk, setup_sc4s): def test_data_mcafeewg_product( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_microfocus_arcsight.py b/tests/test_microfocus_arcsight.py index 4aec2a37ba..099ce301d9 100644 --- a/tests/test_microfocus_arcsight.py +++ b/tests/test_microfocus_arcsight.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -21,7 +21,7 @@ def test_microfocus_arcsight_ts_rt( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -57,7 +57,7 @@ def test_microfocus_arcsight_ts_rt( def test_microfocus_arcsight_ts_end( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -93,7 +93,7 @@ def test_microfocus_arcsight_ts_end( def test_microfocus_arcsight_ts_syslog( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -127,7 +127,7 @@ def test_microfocus_arcsight_ts_syslog( def test_microfocus_arcsight_windows( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -163,7 +163,7 @@ def test_microfocus_arcsight_windows( def test_microfocus_arcsight_windows_system( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -197,7 +197,7 @@ def test_microfocus_arcsight_windows_system( def test_microfocus_unknown(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_microsoft_mcas.py b/tests/test_microsoft_mcas.py index 7ccd32d2b8..26dad57245 100644 --- a/tests/test_microsoft_mcas.py +++ b/tests/test_microsoft_mcas.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # 2020-05-15T13:25:05+00:00 HOSTNAME CEF:0|MCAS|SIEM_Agent|0.172.123|EVENT_CATEGORY_UPLOAD_DISCOVERY_FILE|Upload Cloud Discovery file|0|externalId=111005697_1589549105456_dc4b870227e1474f94cab2cb4d256d1c rt=1589549105456 start=1589549105456 end=1589549105456 msg=Upload Cloud Discovery file suser= destinationServiceName=Microsoft Cloud App Security dvc=111.222.18.21 requestClientApplication=Apache-HttpClient/4.5.10 (Java/1.8.0_222) cs1Label=portalURL cs1=https://companyname.portal.cloudappsecurity.com/#/audits?activity.id\=eq(111005697_1589549105456_dc4b870227e1474f94cab2cb4d256d1c,) cs2Label=uniqueServiceAppIds cs2=APPID_OFFICE,APPID_MCAS cs3Label=targetObjects cs3= cs4Label=policyIDs cs4= c6a1Label=“Device IPv6 Address” c6a1= def test_microsoft_mcas(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_mikrotik.py b/tests/test_mikrotik.py index 8bc71cc9d8..95288d28de 100644 --- a/tests/test_mikrotik.py +++ b/tests/test_mikrotik.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -23,7 +23,7 @@ @pytest.mark.parametrize("event", testdata) def test_routeros(record_property, setup_splunk, setup_sc4s, event): - host = f"test-mrtros-host-{uuid.uuid4().hex}" + host = f"test-mrtros-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_mk8s_config_files.py b/tests/test_mk8s_config_files.py index cfc2e118e8..5ae4ad7e3b 100644 --- a/tests/test_mk8s_config_files.py +++ b/tests/test_mk8s_config_files.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import pytest -import uuid +import shortuuid import sys from jinja2 import Environment, select_autoescape diff --git a/tests/test_mk8s_custom_ports.py b/tests/test_mk8s_custom_ports.py index 0639f4f24e..2a0e33efe1 100644 --- a/tests/test_mk8s_custom_ports.py +++ b/tests/test_mk8s_custom_ports.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import pytest -import uuid +import shortuuid import sys from jinja2 import Environment, select_autoescape @@ -19,7 +19,7 @@ @pytest.mark.skipif(sys.platform != 'darwin', reason='it should not run in CICD') def test_custom_ports_mk8s(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_mk8s_hosts_override.py b/tests/test_mk8s_hosts_override.py index 21d7c2b0d4..aa32b62fbc 100644 --- a/tests/test_mk8s_hosts_override.py +++ b/tests/test_mk8s_hosts_override.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import pytest -import uuid +import shortuuid import sys from jinja2 import Environment, select_autoescape @@ -19,7 +19,7 @@ @pytest.mark.skipif(sys.platform != 'darwin', reason='it should not run in CICD') def test_host_override_mk8s(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_mk8s_splunk_metadata.py b/tests/test_mk8s_splunk_metadata.py index 5942a35fa6..d7326e9fd8 100644 --- a/tests/test_mk8s_splunk_metadata.py +++ b/tests/test_mk8s_splunk_metadata.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import pytest -import uuid +import shortuuid import sys from jinja2 import Environment, select_autoescape @@ -21,7 +21,7 @@ def test_splunk_metadata( record_property, setup_splunk, setup_sc4s ): - host = f"testcm-host-{uuid.uuid4().hex}" + host = f"testcm-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_netscout_arbor-edge.py b/tests/test_netscout_arbor-edge.py index 8f2814d81e..b14d3cf830 100644 --- a/tests/test_netscout_arbor-edge.py +++ b/tests/test_netscout_arbor-edge.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ def test_netscout_arboredge(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_novell.py b/tests/test_novell.py index 522f5eb734..bd99417d6d 100644 --- a/tests/test_novell.py +++ b/tests/test_novell.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -25,7 +25,7 @@ def test_data_access_manager( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_nutanix.py b/tests/test_nutanix.py index 1cdf8e7786..28ffd521ff 100644 --- a/tests/test_nutanix.py +++ b/tests/test_nutanix.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -15,7 +15,7 @@ env = Environment(autoescape=select_autoescape(default_for_string=False)) def test_nutanix(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" # Get UTC-based 'dt' time structure dt = datetime.datetime.now(datetime.timezone.utc) diff --git a/tests/test_ossec.py b/tests/test_ossec.py index 69e6d623ce..1c60d26148 100644 --- a/tests/test_ossec.py +++ b/tests/test_ossec.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -25,7 +25,7 @@ @pytest.mark.parametrize("event", testdata_ossec) def test_data_ossec(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_palo_alto.py b/tests/test_palo_alto.py index b1608f01de..8ed57cafec 100644 --- a/tests/test_palo_alto.py +++ b/tests/test_palo_alto.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from pytest import mark @@ -19,7 +19,7 @@ def test_palo_alto_traffic(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -53,7 +53,7 @@ def test_palo_alto_traffic(record_property, setup_splunk, setup_sc4s): def test_palo_alto_traffic_dvc_name( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -85,7 +85,7 @@ def test_palo_alto_traffic_dvc_name( # <190>Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,THREAT,url,1,2012/04/10 04:39:55,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,22860,1,59303,80,0,0,0x208000,tcp,alert,"litetopdetect.cn/index.php",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html def test_palo_alto_threat(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -117,7 +117,7 @@ def test_palo_alto_threat(record_property, setup_splunk, setup_sc4s): # <190>Jan 28 01:28:35 fooooo 1,2020/07/08 16:48:50,013201020735,THREAT,url,2049,2020/07/08 16:48:48,10.1.1.1,1.1.1.2,1.1.1.1,1.1.1.3,URLFilter_CatchAll_Internet,testuser,,arcgis,vsys1,DMZ,Outside,ae3,ae1,Panorama-Only,2020/07/08 16:48:48,357728,1,61066,80,33396,80,0x8403000,tcp,alert,"geocode.arcgis.com/arcgis/rest/services/World/GeocodeServer/reverseGeocode?distance=100&f=json&location={""x"":-33,""y"":22.3,""spatialReference"":{""wkid"":111}}",(9999),ALL-WhitelistedURLs,informational,client-to-server,6816029286804555581,0xa000000000000000,Internal,United States,0,application/json,0,,,1,,,,,,,,0,11,16,0,0,,TESTFW01,,,,get,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295, def test_palo_alto_threat2(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -151,7 +151,7 @@ def test_palo_alto_threat2(record_property, setup_splunk, setup_sc4s): def test_palo_alto_traffic_5424( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -184,7 +184,7 @@ def test_palo_alto_traffic_5424( def test_palo_alto_traffic_mstime( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -217,7 +217,7 @@ def test_palo_alto_traffic_mstime( # <14>May 11 10:13:22 xxxxxx 1,2020/05/11 10:13:22,015451000001111,HIPMATCH,0,2049,2020/05/11 10:13:22,xx.xx,vsys1,xx-xxxxx-MB,Mac,10.252.31.187,GP-HIP,1,profile,0,0,1052623,0x0,17,11,12,0,,xxxxx,1,0.0.0.0, def test_palo_alto_hipmatch(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -251,7 +251,7 @@ def test_palo_alto_hipmatch(record_property, setup_splunk, setup_sc4s): def test_palo_alto_globalprotect( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -285,7 +285,7 @@ def test_palo_alto_globalprotect( # <190>Jan 23 00:45:02 panw-system-host 1,2021/01/23 00:45:03,012001003714,SYSTEM,userid,0,2021/01/22 18:00:10,,connect-ldap-sever-failure,xxx.xxx.xxx.109,0,0,general,medium,"ldap cfg blue-uxxxx-ldap-gm failed to connect to server xxx.xxx.xxx.109 xxx.xxx.xxx.xxx connect to xxx.xxx.xxx.xxx(xxx.xxx.xxx.xxx):636",6837908,0x8000000000000000,0,0,0,0,,XXX_UK_GLA_PAXXX def test_palo_alto_system(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -320,7 +320,7 @@ def test_palo_alto_system(record_property, setup_splunk, setup_sc4s): def test_palo_alto_system_futureproof( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_pfsense.py b/tests/test_pfsense.py index bfabb1c129..9ae74419dc 100644 --- a/tests/test_pfsense.py +++ b/tests/test_pfsense.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <27>Jan 25 01:58:06 filterlog: 82,,,1000002666,mvneta2,match,pass,out,6,0x00,0x00000,64,ICMPv6,58,8,fe80::208:a2ff:fe0f:cb66,fe80::56a6:5cff:fe7d:1d43, def test_pfsense_filterlog(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -46,7 +46,7 @@ def test_pfsense_filterlog(record_property, setup_splunk, setup_sc4s): # <27>Jan 25 01:58:06 kqueue error: unknown def test_pfsense_other(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -74,7 +74,7 @@ def test_pfsense_other(record_property, setup_splunk, setup_sc4s): # <27>Jan 25 01:58:06 syslogd: restart def test_pfsense_syslogd(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_plugin_example.py b/tests/test_plugin_example.py index ade5d20603..28b9a2e82a 100644 --- a/tests/test_plugin_example.py +++ b/tests/test_plugin_example.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment @@ -18,7 +18,7 @@ def test_plugin_local_example( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}-{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_pulsesecure.py b/tests/test_pulsesecure.py index 8522e8bd47..10df424f90 100644 --- a/tests/test_pulsesecure.py +++ b/tests/test_pulsesecure.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from pytest import mark @@ -17,7 +17,7 @@ def test_pulse_secure_5424(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -45,7 +45,7 @@ def test_pulse_secure_5424(record_property, setup_splunk, setup_sc4s): def test_pulse_secure_6587(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -76,7 +76,7 @@ def test_pulse_secure_6587(record_property, setup_splunk, setup_sc4s): def test_pulse_secure_6587_web( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_purestorage.py b/tests/test_purestorage.py index 1a99e47b87..641c2e44f7 100644 --- a/tests/test_purestorage.py +++ b/tests/test_purestorage.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <182>Jan 19 10:47:33 host purity.test: INFO [root] This is a test message generated by Pure Storage FlashArray. UTC Time: 2022 Jan 19 15:47:33 Array Name: TTDSA-PS02 def test_pure_storage(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_qumulo.py b/tests/test_qumulo.py index 3acdf5a3ff..101f2008f2 100644 --- a/tests/test_qumulo.py +++ b/tests/test_qumulo.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -16,7 +16,7 @@ # <14>1 2021-12-08T21:14:32.063248Z xxxxxx-1 qumulo - - - 127.0.0.1,"admin",api,fs_read_metadata,ok,2,"/","" def test_qumulo_storage(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_radware.py b/tests/test_radware.py index a15690d9f6..1d881b36b6 100644 --- a/tests/test_radware.py +++ b/tests/test_radware.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <110>M_00796: User radware Session with client radware was terminated due to Inactivity. def test_radware_sample_1(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -44,7 +44,7 @@ def test_radware_sample_1(record_property, setup_splunk, setup_sc4s): # <109>[Device: DP01 10.200.193.135] M_20000: 2 attacks of type "Intrusions" started between 15:36:06 UTC and 15:36:21 UTC. Detected by policiess: 206-212-144-0-POL, 206-212-128-0-POL; Attack name: DNS-named-version-attempt-UDP; Source IP: 92.1.1.1; Destination IPs: 206.1.1.1, 206.11.1.1; Destination port: 53; Action: drop. def test_radware_sample_2(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_raritan.py b/tests/test_raritan.py index 6ba4479d04..5a3633880e 100644 --- a/tests/test_raritan.py +++ b/tests/test_raritan.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <110>M_00796: User radware Session with client radware was terminated due to Inactivity. def test_raritan_dsx(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_ricoh.py b/tests/test_ricoh.py index fadbc81c24..594566d707 100644 --- a/tests/test_ricoh.py +++ b/tests/test_ricoh.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -17,7 +17,7 @@ # note prt5454 is host this is a bug but for now its real # <38>1 2021-03-04T11:44:30.190-08:00 foo-gw1 prt5454 - RICOH_MFPLP_ACCESS - {"logVersion":"3.6"}' def test_ricoh(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_schneider_electric_apc.py b/tests/test_schneider_electric_apc.py index bc6f89c17d..c336e2e734 100644 --- a/tests/test_schneider_electric_apc.py +++ b/tests/test_schneider_electric_apc.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <27>Mar 24 21:45:28 10.1.1.1 Detected an unauthorized user attempting to access the SNMP interface from 10.1.1.1 0x0004 def test_apc(record_property, setup_splunk, setup_sc4s): - host = f"test_apc-host-{uuid.uuid4().hex}" + host = f"test_apc-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_secureauth_idp.py b/tests/test_secureauth_idp.py index 701674d54b..1725f6f10c 100644 --- a/tests/test_secureauth_idp.py +++ b/tests/test_secureauth_idp.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import pytest from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ #<86>1 2023-06-01T15:57:33.760Z 10.164.2.132 SecureAuth2 2928 ID90020 [SecureAuth@27389 UserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" UserHostAddress="10.1.2.2" RequestID="d2014021-4e06-45c6-a580-346e12346b60" Realm="SecureAuth2" Appliance="SecureAuth05VM.domain.com" Company="National Title Group Inc" Version="9.2.0.85" PEN="27389" HostName="10.1.2.2" Category="AUDIT" Priority="4" EventID="90020"] Application - Begin request def test_secureauth(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_solace.py b/tests/test_solace.py index 7e5d1865d7..630043ce30 100644 --- a/tests/test_solace.py +++ b/tests/test_solace.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -27,7 +27,7 @@ @pytest.mark.parametrize("event", testdata) def test_solace(record_property, setup_splunk, setup_sc4s, event): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_sophos_webappliance.py b/tests/test_sophos_webappliance.py index 0f6c650648..6599537c8b 100644 --- a/tests/test_sophos_webappliance.py +++ b/tests/test_sophos_webappliance.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <27>Mar 24 21:45:28 10.1.1.1 h=10.99.115.13 u="DOMAIN\\johnsmith" s=200 X=- t=1336666489 T=284453 Ts=0 act=1 cat="0x220000002a" app="-" rsn=- threat="-" type="text/html" ctype="text/html" sav-ev=4.77 sav-dv=2012.5.10.4770003 uri-dv=- cache=- in=1255 out=26198 meth=GET ref="-" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0" req="GET http://www.google.ca/ HTTP/1.1" dom="google.ca" filetype="-" rule="0" filesize=25815 axtime=0.048193 fttime=0.049360 scantime=0.011 src_cat="0x2f0000002a" labs_cat="0x2f0000002a" dcat_prox="-" target_ip="74.125.127.94" labs_rule_id="0" reqtime=0.027 adtime=0.001625 ftbypass=- os=Windows authn=53 auth_by=portal_cache dnstime=0.000197 quotatime=- sandbox=- def test_sophos_webappliance(record_property, setup_splunk, setup_sc4s): - host = f"test-sophos-webapp-host-{uuid.uuid4().hex}" + host = f"test-sophos-webapp-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_splunk.py b/tests/test_splunk.py index 715e0b8f9c..8a6e7b8f3a 100644 --- a/tests/test_splunk.py +++ b/tests/test_splunk.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -16,7 +16,7 @@ # <1>1 - - SPLUNK - COOKED [fields@274489 t="1627772621.099" h="so1" i="_internal" st="splunkd" s="/opt/splunk/var/log/splunk/metrics.log"] ~~~SM~~~timestartpos::0 timeendpos::29 _subsecond::.099 date_second::41 date_hour::23 date_minute::3 date_year::2021 date_month::july date_mday::31 date_wday::saturday date_zone::0 group::mpool max_used_interval::0 max_used::0 avg_rsv::0 capacity::134217728 used::0 rep_used::0 metric_name::spl.mlog.mpool~~~EM~~~07-31-2021 23:03:41.099 +0000 INFO Metrics - group=mpool, max_used_interval=0, max_used=0, avg_rsv=0, capacity=134217728, used=0, rep_used=0 def test_splunk_diode_event(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -51,7 +51,7 @@ def test_splunk_diode_event(record_property, setup_splunk, setup_sc4s): # <1>1 - - SPLUNK - COOKED [fields@274489 t="1627772621.099" h="so1" i="_metrics" st="splunk_metrics_log" s="/opt/splunk/var/log/splunk/metrics.log"] ~~~SM~~~timestartpos::0 timeendpos::29 _subsecond::.099 date_second::41 date_hour::23 date_minute::3 date_year::2021 date_month::july date_mday::31 date_wday::saturday date_zone::0 group::mpool max_used_interval::0 max_used::0 avg_rsv::0 capacity::134217728 used::0 rep_used::0 metric_name::spl.mlog.mpool~~~EM~~~07-31-2021 23:03:41.099 +0000 INFO Metrics - group=mpool, max_used_interval=0, max_used=0, avg_rsv=0, capacity=134217728, used=0, rep_used=0 def test_splunk_diode_metric(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -87,7 +87,7 @@ def test_splunk_diode_metric(record_property, setup_splunk, setup_sc4s): def test_splunk_diode_winevent( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_symantec_brightmail.py b/tests/test_symantec_brightmail.py index 0a4c6b3590..28d192cf13 100644 --- a/tests/test_symantec_brightmail.py +++ b/tests/test_symantec_brightmail.py @@ -3,8 +3,8 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid -import uuid +import shortuuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -17,7 +17,7 @@ # <141>Oct 24 21:05:43 smg-1 conduit: [Brightmail] (NOTICE:7500.3119331456): [12066] 'BrightSig3 Newsletter Rules' were updated successfully. def test_symantec_brightmail(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -48,8 +48,8 @@ def test_symantec_brightmail(record_property, setup_splunk, setup_sc4s): def test_symantec_brightmail_msg( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" - msgid = uuid.uuid4().hex + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" + msgid = shortuuid.ShortUUID().random(length=10) dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_symantec_dlp.py b/tests/test_symantec_dlp.py index 1434d66c3d..0def18eaa8 100644 --- a/tests/test_symantec_dlp.py +++ b/tests/test_symantec_dlp.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <8>Dec 2 01:11:53 C3068275967 Application_Name=”N/A” Application_User=”N/A” Attach_File_Name=”[UNKNOWN VARIABLE: ATTACHMENT_FILE_NAME]” Blocked=”Passed” Data_Owner=”N/A” DataOwner_Email=”N/A” Destination_IP=”20.189.173.9 ” Device_Instance_ID=”N/A” Endpoint_Location=”Off the Corporate Network” Endpoint_Machine=”N/A” Endpoint_Username=”N/A” File_Path=”N/A” File_Name=”N/A” File_Parent_Directory_Path=”N/A” Incident_id=”6937” Machine_IP=”10.160.165.240” Incident_Snapshot=”https://C3068275967/ProtectManager/IncidentDetail.do?value(variable_1)=incident.id&value(operator_1)=incident.id_in&value(operand_1)=6937” Match_Count=”1” Occured_On=”December 2, 2021 1:11:41 AM” Policy_Name=”test 2” Policy_Rules=”rule 1” Protocol=”TCP:SSL” Quarantine_Parent_Directory_Path=”N/A” Recipients=”20.189.173.9” Reported_On=”December 2, 2021 1:11:41 AM” Scan_Date=”N/A” Sender=”10.160.165.240” Server=”Detection Server” Severity=”1:High” Status=”New” Subject=”TCP:SSL” Target=”N/A” URL=”N/A” User_Justification=”N/A” def test_symantec_dlp_network_event(record_property, setup_splunk, setup_sc4s): - host = f"test-dlp-host-{uuid.uuid4().hex}" + host = f"test-dlp-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -47,7 +47,7 @@ def test_symantec_dlp_network_event(record_property, setup_splunk, setup_sc4s): # <8>Dec 2 01:11:53 C3068275967 SymantecDLPAlert: Application_Name=”N/A” Application_User=”N/A” Attach_File_Name=”[UNKNOWN VARIABLE: ATTACHMENT_FILE_NAME]” Blocked=”Passed” Data_Owner=”N/A” DataOwner_Email=”N/A” Destination_IP=”20.189.173.9 ” Device_Instance_ID=”N/A” Endpoint_Location=”Off the Corporate Network” Endpoint_Machine=”N/A” Endpoint_Username=”N/A” File_Path=”N/A” File_Name=”N/A” File_Parent_Directory_Path=”N/A” Incident_id=”6937” Machine_IP=”10.160.165.240” Incident_Snapshot=”https://C3068275967/ProtectManager/IncidentDetail.do?value(variable_1)=incident.id&value(operator_1)=incident.id_in&value(operand_1)=6937” Match_Count=”1” Occured_On=”December 2, 2021 1:11:41 AM” Policy_Name=”test 2” Policy_Rules=”rule 1” Protocol=”TCP:SSL” Quarantine_Parent_Directory_Path=”N/A” Recipients=”20.189.173.9” Reported_On=”December 2, 2021 1:11:41 AM” Scan_Date=”N/A” Sender=”10.160.165.240” Server=”Detection Server” Severity=”1:High” Status=”New” Subject=”TCP:SSL” Target=”N/A” URL=”N/A” User_Justification=”N/A” def test_symantec_dlp_network_event_custom(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_symantec_ep.py b/tests/test_symantec_ep.py index c7f98dccb7..5a4aef8aa7 100644 --- a/tests/test_symantec_ep.py +++ b/tests/test_symantec_ep.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import pytest -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -25,7 +25,7 @@ def test_symantec_ep_agent( record_property, setup_splunk, setup_sc4s, event ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -55,7 +55,7 @@ def test_symantec_ep_agent( def test_symantec_ep_agt_system( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -88,7 +88,7 @@ def test_symantec_ep_agt_system( def test_symantec_ep_scm_system( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -119,7 +119,7 @@ def test_symantec_ep_scm_system( # Apr 14 10:03:23 xxxxx-xxxxx SymantecServer: Scan ID: 1581582179,Begin: 2020-04-14 10:01:04,End Time: 2020-04-14 10:02:14,Completed,Duration (seconds): 70,User1: Spiderman,User2: Spiderman,Scan started on selected drives and folders and all extensions.,Scan Complete: Risks: 0 Scanned: 1062 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 698,Command: Not a command scan (),Threats: 0,Infected: 0,Total files: 1062,Omitted: 0,Computer: yyyyyyy,IP Address: 1.1.1.1,Domain Name: Default,Group Name: My Company\Preprod Tuesday,Server Name: xxxxx-xxxxx def test_symantec_ep_scan(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -152,7 +152,7 @@ def test_symantec_ep_scan(record_property, setup_splunk, setup_sc4s): def test_symantec_ep_behavior( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -183,7 +183,7 @@ def test_symantec_ep_behavior( # Apr 14 10:10:10 dummyhost SymantecServer: Site: Site_B,Server Name: Example Server B,Domain Name: Domain_B,Admin: Admin_B,Event Description: Administrator log on failed def test_symantec_ep_admin(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -214,7 +214,7 @@ def test_symantec_ep_admin(record_property, setup_splunk, setup_sc4s): # Apr 14 10:10:10 dummyhost SymantecServer: ccccc,Local Host IP: 10.0.8.1,Local Port: 50221,Remote Host IP: 10.0.1.2,Remote Host Name: qqqqq,Remote Port: 20362,Outbound,Application: C:/Windows/System32/example_y.exe,Action: Allowed def test_symantec_ep_packet(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -245,7 +245,7 @@ def test_symantec_ep_packet(record_property, setup_splunk, setup_sc4s): # Apr 14 10:10:10 dummyhost SymantecServer: Site: Site_B,Server Name: Example Server B,Domain Name: Domain_B,Admin: Admin_B,"Event Description: Policy has been edited: Changed Console mode at [Default]",Client Policy def test_symantec_ep_policy(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -278,7 +278,7 @@ def test_symantec_ep_policy(record_property, setup_splunk, setup_sc4s): def test_symantec_ep_proactive( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -311,7 +311,7 @@ def test_symantec_ep_proactive( def test_symantec_ep_security( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -342,7 +342,7 @@ def test_symantec_ep_security( # Apr 14 10:10:10 dummyhost SymantecServer: Security risk found,IP Address: 10.0.3.1,Computer name: qqqqq,Source: Definition downloader,Risk name: Backdoor.Joggver,Occurrences: 7,e:\resharper 9.1 + keygen\resharper.8.x.keygen.exe,"Still contains, 2 infected items",Actual action: Quarantined,Requested action: Process terminate pending restartLeft alone,Secondary action: Quarantined,Event time: 2020-05-06 08:29:27,Inserted: 2020-05-06 08:29:27,End: 2020-05-06 08:29:27,Last update time: 2020-05-06 08:29:27,Domain: SomeComp,Group: My Company\\Default Group,Server: Example Server C,User: user_h,Source computer: hhhhh,Source IP: 10.0.4.1,Disposition: Reputation was not used in this detection.,Download site: http://bbbb.example.com/,Web domain: gqtavlakkdkcryl.xn--pgbs0dh,Downloaded by: c:/program files (x86)/ggggg/cccc/application/cccc.exe,Prevalence: This file has been seen by fewer than 100 Symantec users.,Confidence: There is growing evidence that this file is trustworthy.,URL Tracking Status: off,First Seen: Reputation was not used in this detection.,Sensitivity: low,MDS,Application hash: 44d7fb7e-8c40-4a17-9aff-9c4aa0b96696,Hash type: SHA1,Company name: "Sample Inc. a wholly owned subsidiary of Dummy, Inc.",Application name: Setup Factory 7.0 Runtime,Application version: ,Application type: 127,File size (bytes): 1318,Category set: Security risk,Category type: UNKNOWN,Location: AZ - Office,Intensive Protection Level: 0,Certificate issuer: "Realtime deferred scanning",Certificate signer: Comodo,Certificate thumbprint: e5:xx:74:3c:xx:01:c4:9b:xx:43:xx:bb:zz:e8:6a:81:10:9f:e4:xx,Signing timestamp: 0,Certificate serial number: 903804111 def test_symantec_ep_risk(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -373,7 +373,7 @@ def test_symantec_ep_risk(record_property, setup_splunk, setup_sc4s): # Apr 14 10:10:10 dummyhost SymantecServer: nnnnn,Local Host IP: 10.0.0.2,Local Port: 10456,Local Host MAC: B9e90F5c3aC4,Remote Host IP: 10.0.9.2,Remote Host Name: lllll,Remote Port: 58999,Remote Host MAC: 7b6A329f7c1e,others,Inbound,Begin: 2020-05-06 09:18:32,End: 2020-05-06 09:18:32,Occurrences: 8,Application: C:/Windows/System32/example_y.EXE,Rule: Block all other IP traffic and log,Location: Public Network,User: user_f,Domain: XXXXDOMAIN,Action: Blocked,SHA-256: d1616b874a96df2515da372a90bddc00792cbff027f5e097cafa31d3aea8b310,MD-5: 82136b4240d6ce4ea7d03e51469a393b def test_symantec_ep_traffic(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_symantec_proxy.py b/tests/test_symantec_proxy.py index 48573ee89f..cea45a009d 100644 --- a/tests/test_symantec_proxy.py +++ b/tests/test_symantec_proxy.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -16,7 +16,7 @@ # <134>1 2019-08-21T17:42:08.000z "sample_logs bluecoat[0]:SPLV5.1 c-ip=192.0.0.6 cs-bytes=6269 cs-categories="unavailable" cs-host=gg.hhh.iii.com cs-ip=192.0.0.6 cs-method=GET cs-uri-path=/Sample/abc-xyz-01.pqr_sample_Internal.crt/MFAwTqADAgEAMEcwRTBDMAkGBSsOAwIaBQAEFOoaVMtyzC9gObESY9g1eXf1VM8VBBTl1mBq2WFf4cYqBI6c08kr4S302gIKUCIZdgAAAAAnQA%3D%3D cs-uri-port=8000 cs-uri-scheme=http cs-User-Agent="ocspd/1.0.3" cs-username=user4 clientduration=0 rs-status=0 s-action=TCP_HIT s-ip=10.0.0.6 serveripservice.name="Explicit HTTP" service.group="Standard" s-supplier-ip=10.0.0.6 s-supplier-name=gg.hhh.iii.com sc-bytes=9469 sc-filter-result=OBSERVED sc-status=200 time-taken=20 x-bluecoat-appliance-name="10.0.0.6-sample_logs" x-bluecoat-appliance-primary-address=10.0.0.6 x-bluecoat-proxy-primary-address=10.0.0.6 x-bluecoat-transaction-uuid=35d24c931c0erecta-0003000012161a77e70-00042100041002145cc859ed c-url="http://randomserver:8000/en-US/app/examples/" def test_bluecoatproxySG_kv(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -51,7 +51,7 @@ def test_bluecoatproxySG_kv(record_property, setup_splunk, setup_sc4s): def test_bluecoatproxySG_kv_5424( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -85,7 +85,7 @@ def test_bluecoatproxySG_kv_5424( def test_bluecoatproxySG_syslog( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_tanium.py b/tests/test_tanium.py index df2bd673e2..24be64c729 100644 --- a/tests/test_tanium.py +++ b/tests/test_tanium.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from pytest import mark @@ -17,7 +17,7 @@ def test_tanium_question(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_trend_deep_security.py b/tests/test_trend_deep_security.py index 4b256e0fbc..b69e3432fc 100644 --- a/tests/test_trend_deep_security.py +++ b/tests/test_trend_deep_security.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -18,7 +18,7 @@ def test_trend_deep_security_system( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -52,7 +52,7 @@ def test_trend_deep_security_system( def test_trend_deep_security_agent_antimalware( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -86,7 +86,7 @@ def test_trend_deep_security_agent_antimalware( def test_trend_deep_security_agent_appcontrol( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -120,7 +120,7 @@ def test_trend_deep_security_agent_appcontrol( def test_trend_deep_security_firewall( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -154,7 +154,7 @@ def test_trend_deep_security_firewall( def test_trend_deep_security_integrity_monitoring( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -187,7 +187,7 @@ def test_trend_deep_security_integrity_monitoring( def test_trend_deep_security_ips( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -221,7 +221,7 @@ def test_trend_deep_security_ips( def test_trend_deep_security_log_inspection( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -255,7 +255,7 @@ def test_trend_deep_security_log_inspection( def test_trend_deep_security_web_reputation( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_ubiquiti_unifi.py b/tests/test_ubiquiti_unifi.py index d704e025f2..753fb63e97 100644 --- a/tests/test_ubiquiti_unifi.py +++ b/tests/test_ubiquiti_unifi.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -20,7 +20,7 @@ def test_ubiquiti_unifi_us8p60( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -52,7 +52,7 @@ def test_ubiquiti_unifi_us8p60( def test_ubiquiti_unifi_switch_us24p250( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -84,7 +84,7 @@ def test_ubiquiti_unifi_switch_us24p250( def test_ubiquiti_unifi_ap_u7pg2( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -116,7 +116,7 @@ def test_ubiquiti_unifi_ap_u7pg2( def test_ubiquiti_unifi_ap_u7pg2_alt( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -146,7 +146,7 @@ def test_ubiquiti_unifi_ap_u7pg2_alt( # <4>Nov 10 23:04:06 USG kernel: [LAN_LOCAL-default-A]IN=eth0.2004 OUT= MAC= SRC=10.254.3.1 DST=224.0.0.251 LEN=348 TOS=0x00 PREC=0x00 TTL=255 ID=32463 DF PROTO=UDP SPT=5353 DPT=5353 LEN=328 def test_ubiquiti_unifi_usg(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_varonis.py b/tests/test_varonis.py index 2cafdb86a0..3e43ed52ad 100644 --- a/tests/test_varonis.py +++ b/tests/test_varonis.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -18,7 +18,7 @@ def test_varonis(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_vectra_ai.py b/tests/test_vectra_ai.py index 838422fb65..7e0ea31571 100644 --- a/tests/test_vectra_ai.py +++ b/tests/test_vectra_ai.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape @@ -18,7 +18,7 @@ def test_vectra_ai_hsc(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -48,7 +48,7 @@ def test_vectra_ai_hsc(record_property, setup_splunk, setup_sc4s): def test_vectra_ai_asc(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -81,7 +81,7 @@ def test_vectra_ai_asc(record_property, setup_splunk, setup_sc4s): def test_vectra_ai_host_detect( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -113,7 +113,7 @@ def test_vectra_ai_host_detect( def test_vectra_ai_accountdetect( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -143,7 +143,7 @@ def test_vectra_ai_accountdetect( def test_vectra_ai_lockdown(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -173,7 +173,7 @@ def test_vectra_ai_lockdown(record_property, setup_splunk, setup_sc4s): def test_vectra_ai_campaign(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -203,7 +203,7 @@ def test_vectra_ai_campaign(record_property, setup_splunk, setup_sc4s): def test_vectra_ai_audit(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -233,7 +233,7 @@ def test_vectra_ai_audit(record_property, setup_splunk, setup_sc4s): def test_vectra_ai_health(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_vmware.py b/tests/test_vmware.py index fdf1dc6978..f4e51a972b 100644 --- a/tests/test_vmware.py +++ b/tests/test_vmware.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause import datetime -import uuid +import shortuuid import random import pytz from time import sleep @@ -20,7 +20,7 @@ # vpxd 123 - - Event [3481177] [1-1] [2019-05-23T09:03:36.213922Z] [vim.event.UserLoginSessionEvent] [info] [VSPHERE.LOCAL\svc-vcenter-user] [] [3481177] [User VSPHERE.LOCAL\svc-vcenter-user@192.168.10.10 logged in as pyvmomi Python/2.7.13 (Linux; 4.9.0-7-amd64; x86_64)] def test_linux_vmware(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -56,7 +56,7 @@ def test_linux_vmware(record_property, setup_splunk, setup_sc4s): def test_linux_vmware_nix(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -95,7 +95,7 @@ def test_linux_vmware_nix(record_property, setup_splunk, setup_sc4s): def test_linux_vmware_nsx_ietf( record_property, setup_splunk, setup_sc4s ): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -129,7 +129,7 @@ def test_linux_vmware_nsx_ietf( # def test_linux_vmware_nsx_fw(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now() @@ -162,7 +162,7 @@ def test_linux_vmware_nsx_fw(record_property, setup_splunk, setup_sc4s): def test_linux_vmware_vcenter_ietf( record_property, setup_splunk, setup_sc4s ): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -198,7 +198,7 @@ def test_linux_vmware_vcenter_ietf( def test_linux_vmware_horizon_ietf( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -300,7 +300,7 @@ def test_vmware_bsd_nix_crond( def test_linux_vmware_bsd_tmd( record_property, setup_splunk, setup_sc4s ): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -377,7 +377,7 @@ def test_vmware_bsd_vpscache( assert result_count == 1 def test_linux_vmware_badsdata(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-host-{uuid.uuid4().hex}" + host = f"testvmw-host-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -412,7 +412,7 @@ def test_linux_vmware_badsdata(record_property, setup_splunk, setup_sc4s): assert result_count == 1 def test_linux_vmware_vobd(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-{uuid.uuid4().hex}-{uuid.uuid4().hex}" + host = f"testvmw-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -447,7 +447,7 @@ def test_linux_vmware_vobd(record_property, setup_splunk, setup_sc4s): assert result_count == 1 def test_linux_vmware_usc(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-{uuid.uuid4().hex}-{uuid.uuid4().hex}" + host = f"testvmw-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) @@ -482,7 +482,7 @@ def test_linux_vmware_usc(record_property, setup_splunk, setup_sc4s): assert result_count == 1 def test_linux_vmware_usbarb(record_property, setup_splunk, setup_sc4s): - host = f"testvmw-{uuid.uuid4().hex}-{uuid.uuid4().hex}" + host = f"testvmw-{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" pid = random.randint(1000, 32000) dt = datetime.datetime.now(datetime.timezone.utc) diff --git a/tests/test_vmware_carbonblack.py b/tests/test_vmware_carbonblack.py index 0de021817a..3a55510c13 100644 --- a/tests/test_vmware_carbonblack.py +++ b/tests/test_vmware_carbonblack.py @@ -4,7 +4,7 @@ # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid from jinja2 import Environment, select_autoescape from .sendmessage import sendsingle @@ -17,7 +17,7 @@ def test_vmware_carbonblack_protect( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now() iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_zscaler_proxy.py b/tests/test_zscaler_proxy.py index 9940d26f0a..be440c7fd5 100644 --- a/tests/test_zscaler_proxy.py +++ b/tests/test_zscaler_proxy.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import pytest from jinja2 import Environment, select_autoescape @@ -17,7 +17,7 @@ # Note the long white space is a \t # 2019-10-16 15:44:36 reason=Allowed event_id=6748427317914894361 protocol=HTTPS action=Allowed transactionsize=663 responsesize=65 requestsize=598 urlcategory=UK_ALLOW_Pharmacies serverip=192.168.168.168 clienttranstime=0 requestmethod=CONNECT refererURL=None useragent=Windows Windows 10 Enterprise ZTunnel/1.0 product=NSS location=UK_Wynyard_VPN->other ClientIP=192.168.0.0 status=200 user=first.last@example.com url=random@example.com:443 vendor=Zscaler hostname=example@random.com clientpublicIP=192.168.0.1 threatcategory=None threatname=None filetype=None appname=RANDOM pagerisk=0 department=Procurement, Generics urlsupercategory=User-defined appclass=Sales and Marketing dlpengine=None urlclass=Bandwidth Loss threatclass=None dlpdictionaries=None fileclass=None bwthrottle=NO servertranstime=0 md5=None def test_zscaler_proxy(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -48,7 +48,7 @@ def test_zscaler_proxy(record_property, setup_splunk, setup_sc4s): # 2020-03-02 02:51:56 reason=Allowed event_id=6799437957281873922 protocol=HTTP action=Allowed transactionsize=623 responsesize=512 requestsize=111 urlcategory=Internet Services serverip=192.168.0.1 clienttranstime=3 requestmethod=GET refererURL="None" useragent=Microsoft NCSI product=NSS location=Road Warrior ClientIP=192.168.0.1 status=200 user=random@example.com url="www.msftconnecttest.com/connecttest.txt" vendor=Zscaler hostname=www.msftconnecttest.com clientpublicIP=136.35.16.85 threatcategory=None threatname=None filetype=None appname=generalbrowsing pagerisk=0 department=Default Department urlsupercategory=Internet Communication appclass=General Browsing dlpengine=None urlclass=Business Use threatclass=None dlpdictionaries=None fileclass=None bwthrottle=NO servertranstime=3 md5=None contenttype=text/plain trafficredirectmethod=Z_APP rulelabel=None ruletype=None mobappname=None mobappcat=None mobdevtype=None bwclassname=General Surfing bwrulename=No Bandwidth Control throttlereqsize=0 throttlerespsize=0 deviceappversion=1.5.1.8 devicemodel=20QF000CUS devicemodel=20QF000CUS devicename=mdutta devicename=mdutta deviceostype=Windows OS deviceostype=Windows OS deviceosversion=Windows 10 Enterprise deviceplatform= clientsslcipher=None clientsslsessreuse=UNKNOWN clienttlsversion=None serversslsessreuse=UNKNOWN servertranstime=3 srvcertchainvalpass=UNKNOWN srvcertvalidationtype=None srvcertvalidityperiod=None srvocspresult=None srvsslcipher=None srvtlsversion=None srvwildcardcert=UNKNOWN serversslsessreuse="UNKNOWN" dlpidentifier="0" dlpmd5="None" epochtime="1583117516" filename="None" filesubtype="None" module="General Browsing" productversion="5.7r.78.218665_84" reqdatasize="0" reqhdrsize="111" respdatasize="22" resphdrsize="490" respsize="512" respversion="1.1" tz="GMT" def test_zscaler_proxy_new(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -80,7 +80,7 @@ def test_zscaler_proxy_new(record_property, setup_splunk, setup_sc4s): # def test_zscaler_proxy_pri(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -111,7 +111,7 @@ def test_zscaler_proxy_pri(record_property, setup_splunk, setup_sc4s): # <118>Mar 1 22:05:35 [10.225.64.143] ZscalerNSS: The NSS free memory has decreased to 1.40 GB which is below the recommended 1.55 GB {{host}} def test_zscaler_nss_alerts(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -141,7 +141,7 @@ def test_zscaler_nss_alerts(record_property, setup_splunk, setup_sc4s): # {"LogTimestamp": "Mon Mar 2 02:57:01 2020","Customer": "random, Inc.","SessionID": "qdLxaTYtMbsCQllNaCZ2","ConnectionID": "qdLxaTYtMbsCQllNaCZ2,aZcOpy7yN8iPncqmSuAv","InternalReason": "","ConnectionStatus": "active","IPProtocol": 6,"DoubleEncryption": 0,"Username": "exampler@random.com","ServicePort": 8384,"ClientPublicIP": "192.168.0.1","ClientPrivateIP": "","ClientLatitude": 00.000000,"ClientLongitude": 00.000000,"ClientCountryCode": "US","ClientZEN": "US-OH-8290","Policy": "Any Any Allow","Connector": "DFA Azure-2","ConnectorZEN": "US-OH-8290","ConnectorIP": "10.256.256.256","ConnectorPort": 00000,"Host": "10.256.256.256","Application": "RANDOM APP","AppGroup": "Dynamically Discovered Apps","Server": "0","ServerIP": "10.256.256.256","ServerPort": 0000,"PolicyProcessingTime": 120,"CAProcessingTime": 445,"ConnectorZENSetupTime": 46610,"ConnectionSetupTime": 47200,"ServerSetupTime": 22207,"AppLearnTime": 0,"TimestampConnectionStart": "2020-02-29T20:42:01.228Z","TimestampConnectionEnd": "","TimestampCATx": "2020-02-29T20:42:01.228Z","TimestampCARx": "2020-02-29T20:42:01.228Z","TimestampAppLearnStart": "","TimestampZENFirstRxClient": "","TimestampZENFirstTxClient": "","TimestampZENLastRxClient": "","TimestampZENLastTxClient": "","TimestampConnectorZENSetupComplete": "2020-02-29T20:42:01.275Z","TimestampZENFirstRxConnector": "","TimestampZENFirstTxConnector": "","TimestampZENLastRxConnector": "","TimestampZENLastTxConnector": "","ZENTotalBytesRxClient": 0,"ZENBytesRxClient": 0,"ZENTotalBytesTxClient": 0,"ZENBytesTxClient": 0,"ZENTotalBytesRxConnector": 0,"ZENBytesRxConnector": 0,"ZENTotalBytesTxConnector": 0,"ZENBytesTxConnector": 0,"Idp": "IDP Config"} def test_zscaler_lss_zpa_app(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -175,7 +175,7 @@ def test_zscaler_lss_zpa_app(record_property, setup_splunk, setup_sc4s): def test_zscaler_lss_zpa_app_pri( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -207,7 +207,7 @@ def test_zscaler_lss_zpa_app_pri( # {"LogTimestamp": "Mon Mar 2 02:57:05 2020","Customer": "Random, Inc.","Username": "example@random.com","SessionID": "lCINpOrrZlRANDOMP+E","SessionStatus": "ZPN_STATUS_AUTHENTICATED","Version": "1.5.1.8.191135","ZEN": "US-IL-8706","CertificateCN": "AJIDJDNBJDNkndkncmncPqV/YRQXe17aDzRf6Z0M1n7CU7UaQ=@random.com","PrivateIP": "","PublicIP": "256.256.254.256","Latitude": 00.000000,"Longitude": -00.000000,"CountryCode": "","TimestampAuthentication": "2020-02-27T13:04:55.000Z","TimestampUnAuthentication": "","TotalBytesRx": 46997613,"TotalBytesTx": 2232391,"Idp": "IDP Config","Hostname": "","Platform": "","ClientType": "zpn_client_type_zapp","TrustedNetworks": ,"TrustedNetworksNames": ,"SAMLAttributes": "{\"FirstName\":[\"Random\"],\"LastName\":[\"Example\"],\"Email\":[\"randexam@example.com\"],\"GroupName\":[\"zScaler_ZPA\"]}","PosturesHit": ,"PosturesMiss": ,"ZENLatitude": 00.000000,"ZENLongitude": -00.000000,"ZENCountryCode": "RN"} def test_zscaler_lss_zpa_bba(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -241,7 +241,7 @@ def test_zscaler_lss_zpa_bba(record_property, setup_splunk, setup_sc4s): def test_zscaler_lss_zpa_connector_metrics ( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -272,7 +272,7 @@ def test_zscaler_lss_zpa_connector_metrics ( def test_zscaler_lss_zpa_connector( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) @@ -306,7 +306,7 @@ def test_zscaler_lss_zpa_connector( def test_zscaler_lss_zpa_auth( record_property, setup_splunk, setup_sc4s ): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt) diff --git a/tests/test_zscaler_tunnel.py b/tests/test_zscaler_tunnel.py index 41f8bcb99f..1250b7049c 100644 --- a/tests/test_zscaler_tunnel.py +++ b/tests/test_zscaler_tunnel.py @@ -3,7 +3,7 @@ # Use of this source code is governed by a BSD-2-clause-style # license that can be found in the LICENSE-BSD2 file or at # https://opensource.org/licenses/BSD-2-Clause -import uuid +import shortuuid import pytest from jinja2 import Environment, select_autoescape @@ -17,7 +17,7 @@ # Note the long white space is a \t # Wed May 4 08:42:00 2022 Recordtype=Tunnel Samples tunneltype=IPSec IKEv2 user=some-one-else@nowhere.com location=ABC sourceip=33.22.44.55 destinationip=11.22.33.44 sourceport=0 txbytes=2595428 rxbytes=0 dpdrec=0 vendor=Zscaler product=tunnel_sample def test_zscaler_tunnel(record_property, setup_splunk, setup_sc4s): - host = f"{uuid.uuid4().hex}" + host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}" dt = datetime.datetime.now(datetime.timezone.utc) iso, bsd, time, date, tzoffset, tzname, epoch = time_operations(dt)