Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0x706972686f/Phantasm
A test automation framework built for Splunk Phantom Playbooks. Allows for programatically testing and validating playbooks.
https://github.com/0x706972686f/Phantasm
Last synced: 9 days ago
JSON representation
A test automation framework built for Splunk Phantom Playbooks. Allows for programatically testing and validating playbooks.
- Host: GitHub
- URL: https://github.com/0x706972686f/Phantasm
- Owner: 0x706972686f
- License: agpl-3.0
- Created: 2019-07-20T16:37:51.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-01-06T10:54:30.000Z (over 4 years ago)
- Last Synced: 2024-03-05T16:45:09.064Z (4 months ago)
- Language: Python
- Size: 62.5 KB
- Stars: 11
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-splunk-phantom - Phantasm - A test automation framework built for Splunk Phantom Playbooks. (Other)
README
# Phantasm
Phantasm is a library that has been developed for programmatic testing of Splunk Phantom playbooks. In doing so allowing for test-driven development as users develop playbooks.It relies on the Django based REST API in Splunk Phantom to create containers, artifacts, upload files, run playbooks, run individual app actions, promote/demote a case to a container, delete a container and more. It returns the JSON response from each action, allowing the fields to be used in pytest.
Refer to _demo.py_ to showcase the basic functionality of the library, or _test_example.py_ file for a basic example that uses pytest to validate.
## Configuration
Ensure you provide a valid `ph-auth-token` and `phantom-url` in the config.ini file.## Supported Functions
Each function is documented for further information:
```python
# Get information relating to the object, including classes
print('{}').format(phantasm.__doc__)
print(help(phantasm))# Get information relating to an individual function
print('{}').format(phantasm.create_container.__doc__)
print(help(phantasm.create_container))
```### Container Functions:
- **create_container** - Creates a new container
- **update_container_status** - Updates the container status
- **update_container_tags** - Adds a tag to the container
- **get_container_artifacts** - Retrieves the list of artifacts currently in the container
- **promote_container_to_case** - Promotes the current container to a case
- **demote_case_to_container** - Demotes the current case to a container
- **delete_container** - Deletes a container### Artifact Functions:
- **add_artifact** - Adds an artifact to a container
- **upload_file_to_phantom** - Uploads a file to a container### Playbook Functions:
- **run_playbook** - Runs a playbook against a container
- **get_playbook_results** - Retrieves the status of the playbook
- **get_playbook_action_results** - Retrieves the status of the last run action in the playbook
- **get_application_id** - Retrieves an application id
- **run_action** - Run an individual apps action (i.e: App: SMTP Action: `'test connectivity'`)
- **get_action_results** - Retrieve the results of an action
- **get_action_run_data** - Retrieve the data of the action
- **get_jira_ticket_data** - Runs an action to retrieve all JIRA tickets.### Changelog:
- **2019-09-16**: Re-wrote pytest example implementing fixtures, parameters and ordering.
- **2019-09-04**: Minor fix to wait() function
- **2019-07-21**: Initial Git Commit (untested)