deepsecurity 0.0.13hf1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/.gitignore +25 -0
  2. data/.yardopts +4 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +22 -0
  5. data/README.md +29 -0
  6. data/Rakefile +2 -0
  7. data/bin/dsc +186 -0
  8. data/deepsecurity.gemspec +30 -0
  9. data/lib/deepsecurity/ds_object.rb +37 -0
  10. data/lib/deepsecurity/enums.rb +539 -0
  11. data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
  12. data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
  13. data/lib/deepsecurity/manager.rb +223 -0
  14. data/lib/deepsecurity/screenscraping.rb +149 -0
  15. data/lib/deepsecurity/transport_object.rb +21 -0
  16. data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
  17. data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
  18. data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
  19. data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
  20. data/lib/deepsecurity/transport_objects/host.rb +171 -0
  21. data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
  22. data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
  23. data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
  24. data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
  25. data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
  26. data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
  27. data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
  28. data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
  29. data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
  30. data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
  31. data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
  32. data/lib/deepsecurity/version.rb +3 -0
  33. data/lib/deepsecurity.rb +58 -0
  34. data/lib/dsc/anti_malware_event.rb +101 -0
  35. data/lib/dsc/dsc_object.rb +41 -0
  36. data/lib/dsc/helper.rb +48 -0
  37. data/lib/dsc/host_detail.rb +62 -0
  38. data/lib/dsc.rb +6 -0
  39. data/lib/dsc_version.rb +3 -0
  40. data/lib/savon_helper/caching_object.rb +48 -0
  41. data/lib/savon_helper/mapping_object.rb +421 -0
  42. data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
  43. data/lib/savon_helper/soap_exception.rb +7 -0
  44. data/lib/savon_helper/type_mappings.rb +218 -0
  45. data/lib/savon_helper.rb +7 -0
  46. metadata +188 -0
@@ -0,0 +1,223 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ require "savon"
4
+ require "cache"
5
+ # require "httpi"
6
+ require "logger"
7
+ # require "yaml"
8
+
9
+ module DeepSecurity
10
+
11
+ LOG_MAPPING = {
12
+ :debug => Logger::DEBUG,
13
+ :info => Logger::INFO,
14
+ :warn => Logger::WARN,
15
+ :error => Logger::ERROR,
16
+ :fatal => Logger::FATAL
17
+ }
18
+
19
+ # This class represents the DeepSecurity Manager. It's the entry point for all further actions
20
+ class Manager <DSObject
21
+
22
+ @@current = nil
23
+
24
+ def self.current
25
+ @@current
26
+ end
27
+
28
+ def reset
29
+ @@current = nil
30
+ end
31
+
32
+ # Obtain a new wrapper around the DeepSecurity Manager SOAP API.
33
+ def initialize(hostname, port=4119, log_level)
34
+ @hostname = hostname
35
+ @port = port
36
+ super()
37
+ @client = Savon.client(:wsdl => "https://#{hostname}:#{port}/webservice/Manager?WSDL",
38
+ :convert_request_keys_to => :none, # or one of [:lower_camelcase, :upcase, :none]
39
+ :ssl_verify_mode => :none,
40
+ :logger => logger,
41
+ :log_level => log_level,
42
+ :log => (!log_level.nil?))
43
+ end
44
+
45
+ # @!group Request Helper
46
+
47
+ # Send an authenticated WebUI Request to the Server for URL +url and return the response body
48
+ def send_authenticated_http_get(path)
49
+ logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
50
+ url = "https://#{@hostname}:#{@port}#{path}"
51
+ request = HTTPI::Request.new(url)
52
+ request.auth.ssl.verify_mode = :none
53
+ request.headers = {
54
+ "Cookie" => "sID=#{@sID}"
55
+ }
56
+ request.gzip
57
+ response = HTTPI.get request
58
+ response.body
59
+ end
60
+
61
+ # Send an authenticated WebUI Request to the Server for URL +url and return the response body
62
+ def send_authenticated_http_post(path, body)
63
+ logger.debug { "#{self.class}\##{__method__}(#{path.inspect})" }
64
+ url = "https://#{@hostname}:#{@port}#{path}"
65
+ request = HTTPI::Request.new(url)
66
+ request.auth.ssl.verify_mode = :none
67
+ request.headers = {
68
+ "Cookie" => "sID=#{@sID}",
69
+ "Content-Type" => "application/x-www-form-urlencoded"
70
+ }
71
+ request.gzip
72
+ request.body = body
73
+ response = HTTPI.post request
74
+ response.body
75
+ end
76
+
77
+ # @!endgroup
78
+
79
+ # @!group Caching
80
+
81
+ def cache
82
+ @cache ||= Cache.new(nil, nil, 10000, 5*60)
83
+ end
84
+
85
+ # @!endgroup
86
+
87
+ public
88
+
89
+ # @!group High-Level SOAP Wrapper
90
+
91
+ # Retrieves the Manager Web Service API version. Not the same as the Manager version.
92
+ # @return [Integer] The Web Service API version.
93
+ def api_version
94
+ dsm.getApiVersion()
95
+ end
96
+
97
+ # Retrieve the Manager Web Service API version. Not the same as the Manager version.
98
+ # @return [Time] Manager time as a language localized object.
99
+ def manager_time
100
+ dsm.getManagerTime()
101
+ end
102
+
103
+ # Set connection parameters
104
+ # @param [String] hostname host to connect to
105
+ # @param [Integer] port port to connect to
106
+ # @param [LOG_MAPPING] log_level Log Level
107
+ def self.server(hostname, port=4119, log_level=nil)
108
+ dsm = self.new(hostname, port, log_level)
109
+ dsm.logger.level = LOG_MAPPING[log_level] unless log_level.nil?
110
+ @@current = dsm
111
+ end
112
+
113
+ # Authenticates a user within the given tenant, and returns a session ID for use when calling other methods of Manager. When no longer required, the session should be terminated by calling endSession.
114
+ # @param [String] tenant
115
+ # @param [String] username
116
+ # @param [String] password
117
+ # @return [Manager] The current manager
118
+ def connect(tenant, username, password)
119
+ @sID = tenant.blank? ? authenticate(username, password) : authenticate_tenant(tenant, username, password)
120
+ dsm
121
+ rescue Savon::SOAPFault => error
122
+ raise AuthenticationFailedException.new(error.to_hash[:fault][:detail][:exception_name].to_s)
123
+ end
124
+
125
+ # Ends an authenticated user session. The Web Service client should end the authentication session in all exit cases.
126
+ # @return [void]
127
+ def disconnect
128
+ dsm.end_session() if authenticated?
129
+ dsm.reset
130
+ nil
131
+ end
132
+
133
+ # @!endgroup
134
+
135
+ # @!group Low-Level SOAP Wrapper
136
+
137
+ # Retrieves the Manager Web Service API version. Not the same as the Manager version.
138
+ #
139
+ # SYNTAX
140
+ # int getApiVersion()
141
+ #
142
+ # PARAMETERS
143
+ #
144
+ # RETURNS
145
+ # The Web Service API version.
146
+ def getApiVersion
147
+ send_soap(:get_api_version).to_i
148
+ end
149
+
150
+ # Retrieve the Manager Web Service API version. Not the same as the Manager version.
151
+ #
152
+ # SYNTAX
153
+ # getManagerTime()
154
+ #
155
+ # PARAMETERS
156
+ #
157
+ # RETURNS
158
+ # Manager time as a language localized object. For example, a Java client would return a Calendar object, and a C# client would return a DataTime object.
159
+ def getManagerTime
160
+ Time.parse(send_soap(:get_manager_time))
161
+ end
162
+
163
+ # Authenticates a user for and returns a session ID for use when calling other Web Service methods.
164
+ #
165
+ # SYNTAX
166
+ # String authenticate(String username, String password)
167
+ #
168
+ # PARAMETERS
169
+ # username Account username.
170
+ # password Account password.
171
+ #
172
+ # RETURNS
173
+ # Authenticated user session ID.
174
+ def authenticate(username, password)
175
+ send_soap(:authenticate, {:username => username, :password => password}).to_s
176
+ end
177
+
178
+ # Authenticates a user within the given tenant, and returns a session ID for use when calling other methods of Manager. When no longer required, the session should be terminated by calling endSession.
179
+ #
180
+ # SYNTAX
181
+ # String authenticateTenant(String tenantName, String username, String password)
182
+ #
183
+ # PARAMETERS
184
+ # tenantName Tenant Name.
185
+ # username Account username.
186
+ # password Account password.
187
+ #
188
+ # RETURNS
189
+ # Authenticated user session ID.
190
+ def authenticate_tenant(tenantName, username, password)
191
+ send_soap(:authenticate_tenant, {:tenantName => tenantName, :username => username, :password => password}).to_s
192
+ end
193
+
194
+ # Ends an authenticated user session. The Web Service client should end the authentication session in all exit cases.
195
+ #
196
+ # SYNTAX
197
+ # void endSession(String sID)
198
+ #
199
+ # PARAMETERS
200
+ # sID Authentication session identifier ID.
201
+ # RETURNS
202
+ def end_session(sID = dsm.sID)
203
+ send_soap(:end_session, :sID => sID)
204
+ end
205
+
206
+ # @!endgroup
207
+
208
+ # Check if the session has been authenticated.
209
+ def authenticated?
210
+ !@sID.nil?
211
+ end
212
+
213
+ def sID
214
+ raise DeepSecurity::AuthenticationRequiredException unless authenticated?
215
+ @sID
216
+ end
217
+
218
+ def client
219
+ @client
220
+ end
221
+
222
+ end
223
+ end
@@ -0,0 +1,149 @@
1
+ # require "hpricot"
2
+
3
+ module DeepSecurity
4
+ class Manager
5
+
6
+ private
7
+
8
+ # Helper Method: Clean up any HTML remnants (e.g. &nbsp;)
9
+ def clean_html_string(string)
10
+ string.
11
+ inner_text.
12
+ gsub(/\s+/, " ").
13
+ strip
14
+ end
15
+
16
+ # Helper Method: Convert header string to camel cased symbol
17
+ def symbolize_header(string)
18
+ string.
19
+ gsub(/::/, '/').
20
+ gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2').
21
+ gsub(/([a-z\d])([A-Z])/, '\1_\2').
22
+ gsub(/\s+/, "_").
23
+ tr("-", "_").
24
+ downcase.
25
+ to_sym
26
+ end
27
+
28
+ # Fetch the given +action+ with +parameters+. Post the result with settings changed according to +settings+
29
+ def post_setting(action, parameters, settings)
30
+ parameters_string = URI.escape(parameters.map { |key, value| "#{key}=#{value}" }.join("&"))
31
+ path = "/#{action}?#{parameters_string}"
32
+ body = send_authenticated_http_get(path)
33
+
34
+ doc = Hpricot(body)
35
+ form_values = {}
36
+ doc.search("input").each do |input|
37
+ type = input["type"]
38
+ unless type == "button" || type == "submit"
39
+ form_values[input['name']] = input['value'] unless input['name'].blank?
40
+ end
41
+ end
42
+
43
+ form_values = form_values.merge(settings)
44
+
45
+ action = doc.search("form#mainForm").first["action"]
46
+ parameters_string = URI.encode_www_form(form_values)
47
+ path = "/#{action}"
48
+ send_authenticated_http_post(path, parameters_string)
49
+ end
50
+
51
+ # Enable display of DPI rules "type" for a given host
52
+ def payload_filters2_show_rules(host_id, type)
53
+ post_setting("PayloadFilter2s.screen", {
54
+ "hostID" => host_id,
55
+ "noSearch" => true,
56
+ "hideStandardHeader" => true
57
+ }, {
58
+ "command" => "CHANGEASSIGNFILTER",
59
+ "arguments" => type}
60
+ )
61
+ end
62
+
63
+ # Enable vulnerability columns in DPI rules display
64
+ def payload_filters2_enable_vulnerability_columns
65
+
66
+ action = "AddRemoveColumns.screen"
67
+ parameters = {
68
+ :screenSettingKey => "payloadFilter2s.",
69
+ :columnDisplayNames => %w[ payloadFilter2s.column.cve payloadFilter2s.column.secunia payloadFilter2s.column.bugtraq payloadFilter2s.column.ms ].join(","),
70
+ :columnAdminSettingNames => %w[ summaryCVE summarySECUNIA summaryBUGTRAQ summaryMS ].join(",")
71
+ }
72
+ settings = {
73
+ "summaryCVE" => true,
74
+ "summarySECUNIA" => true,
75
+ "summaryBUGTRAQ" => true,
76
+ "summaryMS" => true
77
+ }
78
+
79
+ post_setting(action, parameters, settings)
80
+
81
+ end
82
+
83
+ # Retrieve DPI rules
84
+ def payload_filters2(optional_parameters = {})
85
+
86
+ num_rules = nil
87
+ rules = []
88
+ column_mapping = Hash.new()
89
+ while num_rules.nil? || rules.count < num_rules
90
+
91
+ mainTableViewState = ["",
92
+ "controlCheck,after=[NONE]",
93
+ "icon,after=controlCheck",
94
+ "summaryConnectionType,after=icon",
95
+ "fullName,after=summaryConnectionType",
96
+ "summaryPriority,after=fullName",
97
+ "summarySeverityHTML,after=summaryPriority",
98
+ "summaryMode,after=summarySeverityHTML",
99
+ "summaryType,after=summaryMode",
100
+ "summaryCVE,after=summaryType",
101
+ "summarySECUNIA,after=summaryCVE",
102
+ "summaryBUGTRAQ,after=summarySECUNIA",
103
+ "summaryMS,after=summaryBUGTRAQ",
104
+ "summaryCvssScore,after=summaryMS",
105
+ "summaryIssued,after=summaryCvssScore"]
106
+
107
+ parameters = {
108
+ :paging_offset => rules.count
109
+ }
110
+ parameters_string = (parameters.merge(optional_parameters).map { |k, v| "#{k}=#{v}" }).join("&")
111
+
112
+ path = "/PayloadFilter2s.screen?#{parameters_string}"
113
+ body = send_authenticated_http_get(path)
114
+ doc = Hpricot(body)
115
+
116
+ if num_rules.nil?
117
+ num_rules = doc.search("td.paging_text").inner_text.split(/\s+/)[-1]
118
+ if !num_rules.nil?
119
+ num_rules = num_rules.scan(/\d/).join.to_i
120
+ else
121
+ num_rules = 0
122
+ end
123
+ end
124
+
125
+ if column_mapping.empty?
126
+ doc.
127
+ search("#mainTable_header_table td:not(.datatable_resizer)").
128
+ map { |each| clean_html_string(each)[0..-2] }.
129
+ each_with_index { |each, index| column_mapping[each]=index unless each.blank? }
130
+ end
131
+
132
+ doc.search("#mainTable_rows_table tr") do |row|
133
+ column_cells = row.
134
+ search("td").
135
+ map { |each| clean_html_string(each) }
136
+ rule = Hash.new()
137
+ column_mapping.each do |k, v|
138
+ rule[symbolize_header(k)]=column_cells[v]
139
+ end
140
+ rules.push(rule)
141
+ end
142
+ end
143
+ rules
144
+
145
+
146
+ end
147
+
148
+ end
149
+ end
@@ -0,0 +1,21 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ module DeepSecurity
4
+
5
+ # @abstract
6
+ # Transport objects are modeled after Deep Security Manager web interface objects and configuration groups. These
7
+ # transport objects can be constructed as new or retrieved from the Manager by calling the appropriate web method.
8
+ #
9
+ # A Web Service definition may declare object classes that inherit properties from other base object classes, so only
10
+ # the relevant object classes are covered in this section. If during development, you encounter any WSDL-defined
11
+ # object classes that are not documented, they are likely inherited base object classes or response object classes
12
+ # that are not directly used by any Web Methods and do not have any direct value.
13
+ #
14
+ # @note
15
+ # It defines it's own DSL to specify attributes, caching and operation. This allows you to completely hide the
16
+ # type-conversion needed by Savon behind a regular Ruby object.
17
+ class TransportObject < DSObject
18
+
19
+ end
20
+
21
+ end
@@ -0,0 +1,106 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ module DeepSecurity
4
+
5
+ # Represents an Anti-Malware event
6
+ class AntiMalwareEvent < TransportObject
7
+
8
+ attr_integer_accessor :anti_malware_config_id,
9
+ 'The ID of the Anti-Malware configuration this event corresponds to'
10
+ attr_integer_accessor :anti_malware_event_id,
11
+ 'The ID of the event'
12
+ attr_datetime_accessor :end_time,
13
+ 'Endtime of this event if it was repeated multiple times (not currently used)'
14
+ attr_integer_accessor :error_code,
15
+ 'The VSAPI error code indicates the reason of the actions of failure'
16
+ attr_integer_accessor :host_id,
17
+ 'The host ID this event corresponds to'
18
+ attr_string_accessor :infected_file_path,
19
+ 'The infected file full path'
20
+ attr_string_accessor :infection_source,
21
+ 'The source computer of the infection'
22
+ attr_datetime_accessor :log_date,
23
+ 'The time this event occured'
24
+ attr_string_accessor :malware_name,
25
+ 'The name of the malware'
26
+ attr_enum_accessor :malware_type,
27
+ EnumMalwareType,
28
+ 'The type of the malware'
29
+ attr_integer_accessor :protocol,
30
+ 'The protocols: Local Files(0), Network shared folder(1), etc. However currently the Agent only support local files'
31
+ attr_integer_accessor :quarantine_record_id,
32
+ 'The ID of the quarantined file, if a file was quarantined as a result of this event.'
33
+ attr_integer_accessor :scan_result_action1,
34
+ 'The first action performed'
35
+ attr_integer_accessor :scan_result_action2,
36
+ 'The second action performed'
37
+ attr_enum_accessor :scan_type,
38
+ EnumAntiMalwareScanType,
39
+ 'Type of scan this event was captured under'
40
+ array_object_accessor :spyware_items,
41
+ AntiMalwareSpywareItem,
42
+ 'An array of spyware items associated with this event'
43
+ attr_datetime_accessor :start_time,
44
+ 'Starttime of this event if it was repeated multiple times (not currently used)'
45
+ attr_string_accessor :tags,
46
+ 'Any tags associated with this event'
47
+ attr_integer_accessor :scan_action1
48
+ attr_integer_accessor :scan_action2
49
+ attr_string_accessor :summary_scan_result
50
+
51
+
52
+ hint_object_accessor :host,
53
+ Host,
54
+ 'The host this event corresponds to'
55
+
56
+
57
+ # cache_by_aspect :id, :name
58
+
59
+ # @!group High-Level SOAP Wrapper
60
+
61
+ # Return all AntiMalware events matching the filter
62
+ # @param [TimeFilter] time_filter
63
+ # @param [HostFilter] host_filter
64
+ # @param [IDFilter] event_id_filter
65
+ # @return [Array<AntiMalwareEvent>]
66
+ def self.find_all(time_filter, host_filter, event_id_filter)
67
+ dsm.antiMalwareEventRetrieve(time_filter, host_filter, event_id_filter)
68
+ end
69
+
70
+ def host
71
+ Host.find_by_id(host_id)
72
+ end
73
+ # @!endgroup
74
+
75
+ end
76
+
77
+ class Manager
78
+
79
+ # @!group Low-Level SOAP Wrapper
80
+
81
+ # Retrieves the AntiMalware events specified by the time and host filter.
82
+ #
83
+ # SYNTAX
84
+ # public AntiMalwareEventListTransport antiMalwareEventRetrieve(TimeFilterTransport timeFilter HostFilterTransport hostFilter, IDFilterTransport eventIdFilter, String sID)
85
+ #
86
+ # PARAMETERS
87
+ # timeFilter Restricts the retrieved events by time.
88
+ # hostFilter Restricts the retrieved events by host, group, or security profile.
89
+ # eventIdFilter Restricts the retrieved events by event id.
90
+ # sID Authentication session identifier ID.
91
+ #
92
+ # RETURNS
93
+ # AntiMalwareEventListTransport object.
94
+ def antiMalwareEventRetrieve(timeFilter, hostFilter, eventIdFilter, sID = dsm.sID)
95
+ request_array(:anti_malware_event_retrieve, AntiMalwareEvent, :anti_malware_events,
96
+ :timeFilter => timeFilter.to_savon_data,
97
+ :hostFilter => hostFilter.to_savon_data,
98
+ :eventIdFilter => eventIdFilter.to_savon_data,
99
+ :sID => sID)
100
+ end
101
+
102
+ # @!endgroup
103
+
104
+ end
105
+
106
+ end
@@ -0,0 +1,32 @@
1
+ module DeepSecurity
2
+
3
+ class AntiMalwareSpywareItem < TransportObject
4
+
5
+ # Represents an Anti-Malware spyware event and contains all properties that belong to the event.
6
+
7
+ attr_integer_accessor :anti_malware_quarantined_file_id,
8
+ "If a file was quarantined as a result of the event, this will contain the ID of the quarantined file"
9
+ attr_integer_accessor :anti_malware_spyware_item_id,
10
+ "If a this event was the result of spyware, this will point at the ID of the spyware item"
11
+ attr_integer_accessor :host_id,
12
+ "The host ID this event corresponds to"
13
+ attr_string_accessor :object_info,
14
+ "File-path, registry key, process name...etc"
15
+ attr_integer_accessor :object_type,
16
+ "Type identifier for Process, Cookies, File System, System Registry, Shortcut Link, Host File, Other"
17
+ attr_integer_accessor :risk_level,
18
+ "Risk level gauge Very Low (0), Low (25), Medium(50), High(75), Very High(100)"
19
+ attr_integer_accessor :scan_action,
20
+ "Scan Action: The action taken upon each spyware items: Pass (1), Delete (2), Quarantined (3), Clean (4), Deny Access (5)"
21
+ attr_integer_accessor :scan_result_action,
22
+ "Represent whether the action is successful (0) or failed (Error Code)"
23
+ attr_integer_accessor :spyware_type,
24
+ "Type identifier for Adware, Cookie, Dialer, Keylogger, Trojan, Worm, Downloader, et"
25
+
26
+
27
+ # cache_by_aspect :id, :name
28
+
29
+
30
+ end
31
+
32
+ end
@@ -0,0 +1,58 @@
1
+ module DeepSecurity
2
+
3
+ # Represents an Application Type that reflects some network attributes to which DPI rules are assigned. The DPI engine
4
+ # will determine if a DPI rule should apply to a connection based on the assigned Application Type network attributes.
5
+ class ApplicationType < TransportObject
6
+
7
+ attr_integer_accessor :id,
8
+ "ApplicationTypeTransport ID"
9
+ attr_string_accessor :description,
10
+ "ApplicationTypeTransport description"
11
+ attr_string_accessor :name,
12
+ "ApplicationTypeTransport name"
13
+ attr_string_accessor :tbuid,
14
+ "Internal TBUID of a Trend Micro issued Application Type"
15
+ attr_enum_accessor :direction,
16
+ EnumDirection,
17
+ 'The initial direction of the connection which this ApplicationTypeTransport would apply, e.g., INCOMING, OUTGOING. Depending on whether the application type is a server or client, the initial direction of the connection to inspect would either be INCOMING for a server, or OUTGOING for a client. E.g. Inspection of "Web Server Common" Application Type for a connection stream on TCP port 80 would be initially an INCOMING direction because incoming Web Server connections should be inspected'
18
+ attr_boolean_accessor :ignore_recommendations,
19
+ "Whether the Recommendation Engine should ignore this rule"
20
+ attr_object_accessor :protocol_icmp,
21
+ ProtocolICMP,
22
+ "ApplicationTypeTransport protocol ICMP type"
23
+ attr_object_accessor :protocol_port_based,
24
+ ProtocolPortBased,
25
+ 'ApplicationTypeTransport protocol Port type'
26
+ attr_enum_accessor :protocol_type,
27
+ EnumApplicationTypeProtocolType,
28
+ 'ApplicationTypeTransport protocol Application type, e.g., UCMP, TCP, UDP, TCP_UDP'
29
+ attr_boolean_accessor :authoritative,
30
+ 'Whether the rule is an internal read only Trend Micro rule'
31
+
32
+ cache_by_aspect :id, :name
33
+
34
+ end
35
+
36
+ class Manager
37
+
38
+ def application_types
39
+ cache.fetch(ApplicationType.cache_key(:all, :all)) do
40
+ request_array("application_type_retrieve_all", ApplicationType)
41
+ end
42
+ end
43
+
44
+ def application_type(id)
45
+ cache.fetch(ApplicationType.cache_key(:id, id)) do
46
+ request_object("application_type_retrieve", ApplicationType, {:id => id})
47
+ end
48
+ end
49
+
50
+ def application_type_by_name(name)
51
+ cache.fetch(ApplicationType.cache_key(:name, name)) do
52
+ request_object("application_type_retrieve_by_name", ApplicationType, {:name => name})
53
+ end
54
+ end
55
+
56
+ end
57
+
58
+ end