Skip to content
/ Phantasm Public

A test automation framework built for Splunk Phantom Playbooks. Allows for programatically testing and validating playbooks.

License

AGPL-3.0 license
11 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0x706972686f/Phantasm

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.ini
config.ini
 
 
demo.py
demo.py
 
 
phantasm.py
phantasm.py
 
 
test_example.py
test_example.py
 
 

Repository files navigation

Phantasm

Phantasm is a library that has been developed for programmatic testing of Splunk Phantom playbooks. In doing so allowing for test-driven development as users develop playbooks.

It relies on the Django based REST API in Splunk Phantom to create containers, artifacts, upload files, run playbooks, run individual app actions, promote/demote a case to a container, delete a container and more. It returns the JSON response from each action, allowing the fields to be used in pytest.

Refer to demo.py to showcase the basic functionality of the library, or test_example.py file for a basic example that uses pytest to validate.

Configuration

Ensure you provide a valid ph-auth-token and phantom-url in the config.ini file.

Supported Functions

Each function is documented for further information:

    # Get information relating to the object, including classes
    print('{}').format(phantasm.__doc__)
    print(help(phantasm))

    # Get information relating to an individual function
    print('{}').format(phantasm.create_container.__doc__)
    print(help(phantasm.create_container))

Container Functions:

  • create_container - Creates a new container
  • update_container_status - Updates the container status
  • update_container_tags - Adds a tag to the container
  • get_container_artifacts - Retrieves the list of artifacts currently in the container
  • promote_container_to_case - Promotes the current container to a case
  • demote_case_to_container - Demotes the current case to a container
  • delete_container - Deletes a container

Artifact Functions:

  • add_artifact - Adds an artifact to a container
  • upload_file_to_phantom - Uploads a file to a container

Playbook Functions:

  • run_playbook - Runs a playbook against a container
  • get_playbook_results - Retrieves the status of the playbook
  • get_playbook_action_results - Retrieves the status of the last run action in the playbook
  • get_application_id - Retrieves an application id
  • run_action - Run an individual apps action (i.e: App: SMTP Action: 'test connectivity')
  • get_action_results - Retrieve the results of an action
  • get_action_run_data - Retrieve the data of the action
  • get_jira_ticket_data - Runs an action to retrieve all JIRA tickets.

Changelog:

  • 2019-09-16: Re-wrote pytest example implementing fixtures, parameters and ordering.
  • 2019-09-04: Minor fix to wait() function
  • 2019-07-21: Initial Git Commit (untested)

About

A test automation framework built for Splunk Phantom Playbooks. Allows for programatically testing and validating playbooks.

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages