deepsecurity 0.0.13hf1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. data/.gitignore +25 -0
  2. data/.yardopts +4 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +22 -0
  5. data/README.md +29 -0
  6. data/Rakefile +2 -0
  7. data/bin/dsc +186 -0
  8. data/deepsecurity.gemspec +30 -0
  9. data/lib/deepsecurity/ds_object.rb +37 -0
  10. data/lib/deepsecurity/enums.rb +539 -0
  11. data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
  12. data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
  13. data/lib/deepsecurity/manager.rb +223 -0
  14. data/lib/deepsecurity/screenscraping.rb +149 -0
  15. data/lib/deepsecurity/transport_object.rb +21 -0
  16. data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
  17. data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
  18. data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
  19. data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
  20. data/lib/deepsecurity/transport_objects/host.rb +171 -0
  21. data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
  22. data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
  23. data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
  24. data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
  25. data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
  26. data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
  27. data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
  28. data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
  29. data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
  30. data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
  31. data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
  32. data/lib/deepsecurity/version.rb +3 -0
  33. data/lib/deepsecurity.rb +58 -0
  34. data/lib/dsc/anti_malware_event.rb +101 -0
  35. data/lib/dsc/dsc_object.rb +41 -0
  36. data/lib/dsc/helper.rb +48 -0
  37. data/lib/dsc/host_detail.rb +62 -0
  38. data/lib/dsc.rb +6 -0
  39. data/lib/dsc_version.rb +3 -0
  40. data/lib/savon_helper/caching_object.rb +48 -0
  41. data/lib/savon_helper/mapping_object.rb +421 -0
  42. data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
  43. data/lib/savon_helper/soap_exception.rb +7 -0
  44. data/lib/savon_helper/type_mappings.rb +218 -0
  45. data/lib/savon_helper.rb +7 -0
  46. metadata +188 -0
@@ -0,0 +1,223 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ require "savon"
4
+ require "cache"
5
+ # require "httpi"
6
+ require "logger"
7
+ # require "yaml"
8
+
9
+ module DeepSecurity
10
+
11
+ LOG_MAPPING = {
12
+ :debug => Logger::DEBUG,
13
+ :info => Logger::INFO,
14
+ :warn => Logger::WARN,
15
+ :error => Logger::ERROR,
16
+ :fatal => Logger::FATAL
17
+ }
18
+
19
+ # This class represents the DeepSecurity Manager. It's the entry point for all further actions
20
+ class Manager <DSObject
21
+
22
+ @@current = nil
23
+
24
+ def self.current
25
+ @@current
26
+ end
27
+
28
+ def reset
29
+ @@current = nil
30
+ end
31
+
32
+ # Obtain a new wrapper around the DeepSecurity Manager SOAP API.
33
+ def initialize(hostname, port=4119, log_level)
34
+ @hostname = hostname
35
+ @port = port
36
+ super()
37
+ @client = Savon.client(:wsdl => "https://#{hostname}:#{port}/webservice/Manager?WSDL",
38
+ :convert_request_keys_to => :none, # or one of [:lower_camelcase, :upcase, :none]
39
+ :ssl_verify_mode => :none,
40
+ :logger => logger,
41
+ :log_level => log_level,
42
+ :log => (!log_level.nil?))
43
+ end
44
+
45
+ # @!group Request Helper
46
+
47
+ # Send an authenticated WebUI Request to the Server for URL +url and return the response body
48
+ def send_authenticated_http_get(path)
49
+ logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
50
+ url = "https://#{@hostname}:#{@port}#{path}"
51
+ request = HTTPI::Request.new(url)
52
+ request.auth.ssl.verify_mode = :none
53
+ request.headers = {
54
+ "Cookie" => "sID=#{@sID}"
55
+ }
56
+ request.gzip
57
+ response = HTTPI.get request
58
+ response.body
59
+ end
60
+
61
+ # Send an authenticated WebUI Request to the Server for URL +url and return the response body
62
+ def send_authenticated_http_post(path, body)
63
+ logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
64
+ url = "https://#{@hostname}:#{@port}#{path}"
65
+ request = HTTPI::Request.new(url)
66
+ request.auth.ssl.verify_mode = :none
67
+ request.headers = {
68
+ "Cookie" => "sID=#{@sID}",
69
+ "Content-Type" => "application/x-www-form-urlencoded"
70
+ }
71
+ request.gzip
72
+ request.body = body
73
+ response = HTTPI.post request
74
+ response.body
75
+ end
76
+
77
+ # @!endgroup
78
+
79
+ # @!group Caching
80
+
81
+ def cache
82
+ @cache ||= Cache.new(nil, nil, 10000, 5*60)
83
+ end
84
+
85
+ # @!endgroup
86
+
87
+ public
88
+
89
+ # @!group High-Level SOAP Wrapper
90
+
91
+ # Retrieves the Manager Web Service API version. Not the same as the Manager version.
92
+ # @return [Integer] The Web Service API version.
93
+ def api_version
94
+ dsm.getApiVersion()
95
+ end
96
+
97
+ # Retrieve the Manager Web Service API version. Not the same as the Manager version.
98
+ # @return [Time] Manager time as a language localized object.
99
+ def manager_time
100
+ dsm.getManagerTime()
101
+ end
102
+
103
+ # Set connection parameters
104
+ # @param [String] hostname host to connect to
105
+ # @param [Integer] port port to connect to
106
+ # @param [LOG_MAPPING] log_level Log Level
107
+ def self.server(hostname, port=4119, log_level=nil)
108
+ dsm = self.new(hostname, port, log_level)
109
+ dsm.logger.level = LOG_MAPPING[log_level] unless log_level.nil?
110
+ @@current = dsm
111
+ end
112
+
113
+ # Authenticates a user within the given tenant, and returns a session ID for use when calling other methods of Manager. When no longer required, the session should be terminated by calling endSession.
114
+ # @param [String] tenant
115
+ # @param [String] username
116
+ # @param [String] password
117
+ # @return [Manager] The current manager
118
+ def connect(tenant, username, password)
119
+ @sID = tenant.blank? ? authenticate(username, password) : authenticate_tenant(tenant, username, password)
120
+ dsm
121
+ rescue Savon::SOAPFault => error
122
+ raise AuthenticationFailedException.new(error.to_hash[:fault][:detail][:exception_name].to_s)
123
+ end
124
+
125
+ # Ends an authenticated user session. The Web Service client should end the authentication session in all exit cases.
126
+ # @return [void]
127
+ def disconnect
128
+ dsm.end_session() if authenticated?
129
+ dsm.reset
130
+ nil
131
+ end
132
+
133
+ # @!endgroup
134
+
135
+ # @!group Low-Level SOAP Wrapper
136
+
137
+ # Retrieves the Manager Web Service API version. Not the same as the Manager version.
138
+ #
139
+ # SYNTAX
140
+ # int getApiVersion()
141
+ #
142
+ # PARAMETERS
143
+ #
144
+ # RETURNS
145
+ # The Web Service API version.
146
+ def getApiVersion
147
+ send_soap(:get_api_version).to_i
148
+ end
149
+
150
+ # Retrieve the Manager Web Service API version. Not the same as the Manager version.
151
+ #
152
+ # SYNTAX
153
+ # getManagerTime()
154
+ #
155
+ # PARAMETERS
156
+ #
157
+ # RETURNS
158
+ # Manager time as a language localized object. For example, a Java client would return a Calendar object, and a C# client would return a DataTime object.
159
+ def getManagerTime
160
+ Time.parse(send_soap(:get_manager_time))
161
+ end
162
+
163
+ # Authenticates a user for and returns a session ID for use when calling other Web Service methods.
164
+ #
165
+ # SYNTAX
166
+ # String authenticate(String username, String password)
167
+ #
168
+ # PARAMETERS
169
+ # username Account username.
170
+ # password Account password.
171
+ #
172
+ # RETURNS
173
+ # Authenticated user session ID.
174
+ def authenticate(username, password)
175
+ send_soap(:authenticate, {:username => username, :password => password}).to_s
176
+ end
177
+
178
+ # Authenticates a user within the given tenant, and returns a session ID for use when calling other methods of Manager. When no longer required, the session should be terminated by calling endSession.
179
+ #
180
+ # SYNTAX
181
+ # String authenticateTenant(String tenantName, String username, String password)
182
+ #
183
+ # PARAMETERS
184
+ # tenantName Tenant Name.
185
+ # username Account username.
186
+ # password Account password.
187
+ #
188
+ # RETURNS
189
+ # Authenticated user session ID.
190
+ def authenticate_tenant(tenantName, username, password)
191
+ send_soap(:authenticate_tenant, {:tenantName => tenantName, :username => username, :password => password}).to_s
192
+ end
193
+
194
+ # Ends an authenticated user session. The Web Service client should end the authentication session in all exit cases.
195
+ #
196
+ # SYNTAX
197
+ # void endSession(String sID)
198
+ #
199
+ # PARAMETERS
200
+ # sID Authentication session identifier ID.
201
+ # RETURNS
202
+ def end_session(sID = dsm.sID)
203
+ send_soap(:end_session, :sID => sID)
204
+ end
205
+
206
+ # @!endgroup
207
+
208
+ # Check if the session has been authenticated.
209
+ def authenticated?
210
+ !@sID.nil?
211
+ end
212
+
213
+ def sID
214
+ raise DeepSecurity::AuthenticationRequiredException unless authenticated?
215
+ @sID
216
+ end
217
+
218
+ def client
219
+ @client
220
+ end
221
+
222
+ end
223
+ end
@@ -0,0 +1,149 @@
1
+ # require "hpricot"
2
+
3
+ module DeepSecurity
4
+ class Manager
5
+
6
+ private
7
+
8
+ # Helper Method: Clean up any HTML remnants (e.g. &nbsp;)
9
+ def clean_html_string(string)
10
+ string.
11
+ inner_text.
12
+ gsub(/\s+/, " ").
13
+ strip
14
+ end
15
+
16
+ # Helper Method: Convert header string to camel cased symbol
17
+ def symbolize_header(string)
18
+ string.
19
+ gsub(/::/, '/').
20
+ gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2').
21
+ gsub(/([a-z\d])([A-Z])/, '\1_\2').
22
+ gsub(/\s+/, "_").
23
+ tr("-", "_").
24
+ downcase.
25
+ to_sym
26
+ end
27
+
28
+ # Fetch the given +action+ with +parameters+. Post the result with settings changed according to +settings+
29
+ def post_setting(action, parameters, settings)
30
+ parameters_string = URI.escape(parameters.map { |key, value| "#{key}=#{value}" }.join("&"))
31
+ path = "/#{action}?#{parameters_string}"
32
+ body = send_authenticated_http_get(path)
33
+
34
+ doc = Hpricot(body)
35
+ form_values = {}
36
+ doc.search("input").each do |input|
37
+ type = input["type"]
38
+ unless type == "button" || type == "submit"
39
+ form_values[input['name']] = input['value'] unless input['name'].blank?
40
+ end
41
+ end
42
+
43
+ form_values = form_values.merge(settings)
44
+
45
+ action = doc.search("form#mainForm").first["action"]
46
+ parameters_string = URI.encode_www_form(form_values)
47
+ path = "/#{action}"
48
+ send_authenticated_http_post(path, parameters_string)
49
+ end
50
+
51
+ # Enable display of DPI rules "type" for a given host
52
+ def payload_filters2_show_rules(host_id, type)
53
+ post_setting("PayloadFilter2s.screen", {
54
+ "hostID" => host_id,
55
+ "noSearch" => true,
56
+ "hideStandardHeader" => true
57
+ }, {
58
+ "command" => "CHANGEASSIGNFILTER",
59
+ "arguments" => type}
60
+ )
61
+ end
62
+
63
+ # Enable vulnerability columns in DPI rules display
64
+ def payload_filters2_enable_vulnerability_columns
65
+
66
+ action = "AddRemoveColumns.screen"
67
+ parameters = {
68
+ :screenSettingKey => "payloadFilter2s.",
69
+ :columnDisplayNames => %w[ payloadFilter2s.column.cve payloadFilter2s.column.secunia payloadFilter2s.column.bugtraq payloadFilter2s.column.ms ].join(","),
70
+ :columnAdminSettingNames => %w[ summaryCVE summarySECUNIA summaryBUGTRAQ summaryMS ].join(",")
71
+ }
72
+ settings = {
73
+ "summaryCVE" => true,
74
+ "summarySECUNIA" => true,
75
+ "summaryBUGTRAQ" => true,
76
+ "summaryMS" => true
77
+ }
78
+
79
+ post_setting(action, parameters, settings)
80
+
81
+ end
82
+
83
+ # Retrieve DPI rules
84
+ def payload_filters2(optional_parameters = {})
85
+
86
+ num_rules = nil
87
+ rules = []
88
+ column_mapping = Hash.new()
89
+ while num_rules.nil? || rules.count < num_rules
90
+
91
+ mainTableViewState = ["",
92
+ "controlCheck,after=[NONE]",
93
+ "icon,after=controlCheck",
94
+ "summaryConnectionType,after=icon",
95
+ "fullName,after=summaryConnectionType",
96
+ "summaryPriority,after=fullName",
97
+ "summarySeverityHTML,after=summaryPriority",
98
+ "summaryMode,after=summarySeverityHTML",
99
+ "summaryType,after=summaryMode",
100
+ "summaryCVE,after=summaryType",
101
+ "summarySECUNIA,after=summaryCVE",
102
+ "summaryBUGTRAQ,after=summarySECUNIA",
103
+ "summaryMS,after=summaryBUGTRAQ",
104
+ "summaryCvssScore,after=summaryMS",
105
+ "summaryIssued,after=summaryCvssScore"]
106
+
107
+ parameters = {
108
+ :paging_offset => rules.count
109
+ }
110
+ parameters_string = (parameters.merge(optional_parameters).map { |k, v| "#{k}=#{v}" }).join("&")
111
+
112
+ path = "/PayloadFilter2s.screen?#{parameters_string}"
113
+ body = send_authenticated_http_get(path)
114
+ doc = Hpricot(body)
115
+
116
+ if num_rules.nil?
117
+ num_rules = doc.search("td.paging_text").inner_text.split(/\s+/)[-1]
118
+ if !num_rules.nil?
119
+ num_rules = num_rules.scan(/\d/).join.to_i
120
+ else
121
+ num_rules = 0
122
+ end
123
+ end
124
+
125
+ if column_mapping.empty?
126
+ doc.
127
+ search("#mainTable_header_table td:not(.datatable_resizer)").
128
+ map { |each| clean_html_string(each)[0..-2] }.
129
+ each_with_index { |each, index| column_mapping[each]=index unless each.blank? }
130
+ end
131
+
132
+ doc.search("#mainTable_rows_table tr") do |row|
133
+ column_cells = row.
134
+ search("td").
135
+ map { |each| clean_html_string(each) }
136
+ rule = Hash.new()
137
+ column_mapping.each do |k, v|
138
+ rule[symbolize_header(k)]=column_cells[v]
139
+ end
140
+ rules.push(rule)
141
+ end
142
+ end
143
+ rules
144
+
145
+
146
+ end
147
+
148
+ end
149
+ end
@@ -0,0 +1,21 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ module DeepSecurity
4
+
5
+ # @abstract
6
+ # Transport objects are modeled after Deep Security Manager web interface objects and configuration groups. These
7
+ # transport objects can be constructed as new or retrieved from the Manager by calling the appropriate web method.
8
+ #
9
+ # A Web Service definition may declare object classes that inherit properties from other base object classes, so only
10
+ # the relevant object classes are covered in this section. If during development, you encounter any WSDL-defined
11
+ # object classes that are not documented, they are likely inherited base object classes or response object classes
12
+ # that are not directly used by any Web Methods and do not have any direct value.
13
+ #
14
+ # @note
15
+ # It defines it's own DSL to specify attributes, caching and operation. This allows you to completely hide the
16
+ # type-conversion needed by Savon behind a regular Ruby object.
17
+ class TransportObject < DSObject
18
+
19
+ end
20
+
21
+ end
@@ -0,0 +1,106 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ module DeepSecurity
4
+
5
+ # Represents an Anti-Malware event
6
+ class AntiMalwareEvent < TransportObject
7
+
8
+ attr_integer_accessor :anti_malware_config_id,
9
+ 'The ID of the Anti-Malware configuration this event corresponds to'
10
+ attr_integer_accessor :anti_malware_event_id,
11
+ 'The ID of the event'
12
+ attr_datetime_accessor :end_time,
13
+ 'Endtime of this event if it was repeated multiple times (not currently used)'
14
+ attr_integer_accessor :error_code,
15
+ 'The VSAPI error code indicates the reason of the actions of failure'
16
+ attr_integer_accessor :host_id,
17
+ 'The host ID this event corresponds to'
18
+ attr_string_accessor :infected_file_path,
19
+ 'The infected file full path'
20
+ attr_string_accessor :infection_source,
21
+ 'The source computer of the infection'
22
+ attr_datetime_accessor :log_date,
23
+ 'The time this event occured'
24
+ attr_string_accessor :malware_name,
25
+ 'The name of the malware'
26
+ attr_enum_accessor :malware_type,
27
+ EnumMalwareType,
28
+ 'The type of the malware'
29
+ attr_integer_accessor :protocol,
30
+ 'The protocols: Local Files(0), Network shared folder(1), etc. However currently the Agent only support local files'
31
+ attr_integer_accessor :quarantine_record_id,
32
+ 'The ID of the quarantined file, if a file was quarantined as a result of this event.'
33
+ attr_integer_accessor :scan_result_action1,
34
+ 'The first action performed'
35
+ attr_integer_accessor :scan_result_action2,
36
+ 'The second action performed'
37
+ attr_enum_accessor :scan_type,
38
+ EnumAntiMalwareScanType,
39
+ 'Type of scan this event was captured under'
40
+ array_object_accessor :spyware_items,
41
+ AntiMalwareSpywareItem,
42
+ 'An array of spyware items associated with this event'
43
+ attr_datetime_accessor :start_time,
44
+ 'Starttime of this event if it was repeated multiple times (not currently used)'
45
+ attr_string_accessor :tags,
46
+ 'Any tags associated with this event'
47
+ attr_integer_accessor :scan_action1
48
+ attr_integer_accessor :scan_action2
49
+ attr_string_accessor :summary_scan_result
50
+
51
+
52
+ hint_object_accessor :host,
53
+ Host,
54
+ 'The host this event corresponds to'
55
+
56
+
57
+ # cache_by_aspect :id, :name
58
+
59
+ # @!group High-Level SOAP Wrapper
60
+
61
+ # Return all AntiMalware events matching the filter
62
+ # @param [TimeFilter] time_filter
63
+ # @param [HostFilter] host_filter
64
+ # @param [IDFilter] event_id_filter
65
+ # @return [Array<AntiMalwareEvent>]
66
+ def self.find_all(time_filter, host_filter, event_id_filter)
67
+ dsm.antiMalwareEventRetrieve(time_filter, host_filter, event_id_filter)
68
+ end
69
+
70
+ def host
71
+ Host.find_by_id(host_id)
72
+ end
73
+ # @!endgroup
74
+
75
+ end
76
+
77
+ class Manager
78
+
79
+ # @!group Low-Level SOAP Wrapper
80
+
81
+ # Retrieves the AntiMalware events specified by the time and host filter.
82
+ #
83
+ # SYNTAX
84
+ # public AntiMalwareEventListTransport antiMalwareEventRetrieve(TimeFilterTransport timeFilter HostFilterTransport hostFilter, IDFilterTransport eventIdFilter, String sID)
85
+ #
86
+ # PARAMETERS
87
+ # timeFilter Restricts the retrieved events by time.
88
+ # hostFilter Restricts the retrieved events by host, group, or security profile.
89
+ # eventIdFilter Restricts the retrieved events by event id.
90
+ # sID Authentication session identifier ID.
91
+ #
92
+ # RETURNS
93
+ # AntiMalwareEventListTransport object.
94
+ def antiMalwareEventRetrieve(timeFilter, hostFilter, eventIdFilter, sID = dsm.sID)
95
+ request_array(:anti_malware_event_retrieve, AntiMalwareEvent, :anti_malware_events,
96
+ :timeFilter => timeFilter.to_savon_data,
97
+ :hostFilter => hostFilter.to_savon_data,
98
+ :eventIdFilter => eventIdFilter.to_savon_data,
99
+ :sID => sID)
100
+ end
101
+
102
+ # @!endgroup
103
+
104
+ end
105
+
106
+ end
@@ -0,0 +1,32 @@
1
+ module DeepSecurity
2
+
3
+ class AntiMalwareSpywareItem < TransportObject
4
+
5
+ # Represents an Anti-Malware spyware event and contains all properties that belong to the event.
6
+
7
+ attr_integer_accessor :anti_malware_quarantined_file_id,
8
+ "If a file was quarantined as a result of the event, this will contain the ID of the quarantined file"
9
+ attr_integer_accessor :anti_malware_spyware_item_id,
10
+ "If a this event was the result of spyware, this will point at the ID of the spyware item"
11
+ attr_integer_accessor :host_id,
12
+ "The host ID this event corresponds to"
13
+ attr_string_accessor :object_info,
14
+ "File-path, registry key, process name...etc"
15
+ attr_integer_accessor :object_type,
16
+ "Type identifier for Process, Cookies, File System, System Registry, Shortcut Link, Host File, Other"
17
+ attr_integer_accessor :risk_level,
18
+ "Risk level gauge Very Low (0), Low (25), Medium(50), High(75), Very High(100)"
19
+ attr_integer_accessor :scan_action,
20
+ "Scan Action: The action taken upon each spyware items: Pass (1), Delete (2), Quarantined (3), Clean (4), Deny Access (5)"
21
+ attr_integer_accessor :scan_result_action,
22
+ "Represent whether the action is successful (0) or failed (Error Code)"
23
+ attr_integer_accessor :spyware_type,
24
+ "Type identifier for Adware, Cookie, Dialer, Keylogger, Trojan, Worm, Downloader, et"
25
+
26
+
27
+ # cache_by_aspect :id, :name
28
+
29
+
30
+ end
31
+
32
+ end
@@ -0,0 +1,58 @@
1
+ module DeepSecurity
2
+
3
+ # Represents an Application Type that reflects some network attributes to which DPI rules are assigned. The DPI engine
4
+ # will determine if a DPI rule should apply to a connection based on the assigned Application Type network attributes.
5
+ class ApplicationType < TransportObject
6
+
7
+ attr_integer_accessor :id,
8
+ "ApplicationTypeTransport ID"
9
+ attr_string_accessor :description,
10
+ "ApplicationTypeTransport description"
11
+ attr_string_accessor :name,
12
+ "ApplicationTypeTransport name"
13
+ attr_string_accessor :tbuid,
14
+ "Internal TBUID of a Trend Micro issued Application Type"
15
+ attr_enum_accessor :direction,
16
+ EnumDirection,
17
+ 'The initial direction of the connection which this ApplicationTypeTransport would apply, e.g., INCOMING, OUTGOING. Depending on whether the application type is a server or client, the initial direction of the connection to inspect would either be INCOMING for a server, or OUTGOING for a client. E.g. Inspection of "Web Server Common" Application Type for a connection stream on TCP port 80 would be initially an INCOMING direction because incoming Web Server connections should be inspected'
18
+ attr_boolean_accessor :ignore_recommendations,
19
+ "Whether the Recommendation Engine should ignore this rule"
20
+ attr_object_accessor :protocol_icmp,
21
+ ProtocolICMP,
22
+ "ApplicationTypeTransport protocol ICMP type"
23
+ attr_object_accessor :protocol_port_based,
24
+ ProtocolPortBased,
25
+ 'ApplicationTypeTransport protocol Port type'
26
+ attr_enum_accessor :protocol_type,
27
+ EnumApplicationTypeProtocolType,
28
+ 'ApplicationTypeTransport protocol Application type, e.g., UCMP, TCP, UDP, TCP_UDP'
29
+ attr_boolean_accessor :authoritative,
30
+ 'Whether the rule is an internal read only Trend Micro rule'
31
+
32
+ cache_by_aspect :id, :name
33
+
34
+ end
35
+
36
+ class Manager
37
+
38
+ def application_types
39
+ cache.fetch(ApplicationType.cache_key(:all, :all)) do
40
+ request_array("application_type_retrieve_all", ApplicationType)
41
+ end
42
+ end
43
+
44
+ def application_type(id)
45
+ cache.fetch(ApplicationType.cache_key(:id, id)) do
46
+ request_object("application_type_retrieve", ApplicationType, {:id => id})
47
+ end
48
+ end
49
+
50
+ def application_type_by_name(name)
51
+ cache.fetch(ApplicationType.cache_key(:name, name)) do
52
+ request_object("application_type_retrieve_by_name", ApplicationType, {:name => name})
53
+ end
54
+ end
55
+
56
+ end
57
+
58
+ end