deepsecurity 0.0.13hf1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +25 -0
- data/.yardopts +4 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +29 -0
- data/Rakefile +2 -0
- data/bin/dsc +186 -0
- data/deepsecurity.gemspec +30 -0
- data/lib/deepsecurity/ds_object.rb +37 -0
- data/lib/deepsecurity/enums.rb +539 -0
- data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
- data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
- data/lib/deepsecurity/manager.rb +223 -0
- data/lib/deepsecurity/screenscraping.rb +149 -0
- data/lib/deepsecurity/transport_object.rb +21 -0
- data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
- data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
- data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
- data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
- data/lib/deepsecurity/transport_objects/host.rb +171 -0
- data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
- data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
- data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
- data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
- data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
- data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
- data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
- data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
- data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
- data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
- data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
- data/lib/deepsecurity/version.rb +3 -0
- data/lib/deepsecurity.rb +58 -0
- data/lib/dsc/anti_malware_event.rb +101 -0
- data/lib/dsc/dsc_object.rb +41 -0
- data/lib/dsc/helper.rb +48 -0
- data/lib/dsc/host_detail.rb +62 -0
- data/lib/dsc.rb +6 -0
- data/lib/dsc_version.rb +3 -0
- data/lib/savon_helper/caching_object.rb +48 -0
- data/lib/savon_helper/mapping_object.rb +421 -0
- data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
- data/lib/savon_helper/soap_exception.rb +7 -0
- data/lib/savon_helper/type_mappings.rb +218 -0
- data/lib/savon_helper.rb +7 -0
- metadata +188 -0
@@ -0,0 +1,113 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Represents a DPI Rule that can be accessed to read, update, or when creating new DPI Rules. Creating and updating
|
4
|
+
# DPI Rules is considered advanced and not a routine or repetitive operation. Changing some configuration options,
|
5
|
+
# such as includePacketData or raiseAlert are reasonable; however, creating a new DPI rule from scratch
|
6
|
+
# programmatically should only be done if full testing of the ruleXML content has been performed prior.
|
7
|
+
#
|
8
|
+
# When creating a new rule, if possible it is recommended that an existing base rule is retrieved first, then
|
9
|
+
# modified to reflect the new rule, and saved as the new rule.
|
10
|
+
#
|
11
|
+
# Once a new rule has been created and saved, the returned transport object from the save rule method should be used
|
12
|
+
# for all subsequent configuration operations for the life of the object. The reason for this is that the Manager will
|
13
|
+
# populate some fields during the save operation, such as rule ID, and these fields will not be present if you do not
|
14
|
+
# use the returned version after saving.
|
15
|
+
class DPIRule < TransportObject
|
16
|
+
|
17
|
+
attr_integer_accessor :id,
|
18
|
+
"ID"
|
19
|
+
attr_string_accessor :name,
|
20
|
+
"Name"
|
21
|
+
attr_string_accessor :description,
|
22
|
+
"Description"
|
23
|
+
attr_string_accessor :tbuid,
|
24
|
+
"Internal TBUID of a Trend Micro issued DPI Rule"
|
25
|
+
attr_integer_accessor :application_type_id,
|
26
|
+
"ApplicationTypeTransport ID this rule is assigned to"
|
27
|
+
attr_boolean_accessor :authoritative,
|
28
|
+
"Whether the rule is an internal read only Trend Micro rule"
|
29
|
+
attr_double_accessor :cvss_score,
|
30
|
+
"Final calculated CVSS score of the vulnerability information. A rule may resolve multiple vulnerabilities, so this will always be the highest CVSS score."
|
31
|
+
attr_boolean_accessor :detect_only,
|
32
|
+
"Whether the rule is detect only"
|
33
|
+
attr_boolean_accessor :disable_event,
|
34
|
+
"Whether the rule is disabled"
|
35
|
+
attr_boolean_accessor :event_on_packet_drop,
|
36
|
+
"Whether the rule should trigger an event when the connection is dropped"
|
37
|
+
attr_boolean_accessor :event_on_packet_modify,
|
38
|
+
"Whether the rule should trigger an event when a packet is modified by a rule (uncommon)"
|
39
|
+
attr_string_accessor :identifier,
|
40
|
+
"Public identifier of the filter used by Trend Micro to track filters"
|
41
|
+
attr_boolean_accessor :ignore_recommendations,
|
42
|
+
"Whether the Recommendation Engine should ignore this rule"
|
43
|
+
attr_boolean_accessor :include_packet_data,
|
44
|
+
"Whether this rule events should include packet data"
|
45
|
+
attr_datetime_accessor :issued,
|
46
|
+
"Date this rule was issued"
|
47
|
+
attr_enum_accessor :pattern_action,
|
48
|
+
EnumDPIRuleAction,
|
49
|
+
"Action for START_END_PATTERNS type rule, e.g., DROP_CLOSE, LOG_ONLY"
|
50
|
+
attr_boolean_accessor :pattern_case_sensitive,
|
51
|
+
"Whether a START_END_PATTERNS type rule should consider case sensitivity"
|
52
|
+
attr_string_accessor :pattern_end,
|
53
|
+
"End pattern"
|
54
|
+
attr_enum_accessor :pattern_if,
|
55
|
+
EnumDPIRuleIf,
|
56
|
+
"Trigger if a START_END_PATTERNS type rule meets the criteria, e.g., ALL_PATTERNS_FOUND, ANY_PATTERNS_FOUND, NO_PATTERNS_FOUND"
|
57
|
+
attr_string_accessor :pattern_patterns,
|
58
|
+
"A newline separated list of strings which will be used by a START_END_PATTERNS type rule"
|
59
|
+
attr_string_accessor :pattern_start,
|
60
|
+
"Start pattern"
|
61
|
+
attr_enum_accessor :priority, EnumDPIRulePriority,
|
62
|
+
"Rule priority, e.g., HIGHEST, NORMAL, LOWEST"
|
63
|
+
attr_boolean_accessor :raise_alert,
|
64
|
+
"Whether an alert should be raised when the rule triggers"
|
65
|
+
attr_string_accessor :rule_xml,
|
66
|
+
"Rule XML of a CUSTOM_XML type rule. This may not be available for rules that have thirdBrigade set to TRUE"
|
67
|
+
attr_integer_accessor :schedule_id,
|
68
|
+
"ScheduleTransport ID assigned to this rule"
|
69
|
+
attr_enum_accessor :severity,
|
70
|
+
EnumDPIRuleSeverity,
|
71
|
+
"Severity, e.g., CRITICAL, LOW"
|
72
|
+
attr_enum_accessor :signature_action,
|
73
|
+
EnumDPIRuleAction,
|
74
|
+
"Action for SIGNATURE type rule, e.g., DROP_CLOSE, LOG_ONLY"
|
75
|
+
attr_boolean_accessor :signature_case_sensitive,
|
76
|
+
"Whether a SIGNATURE type rule should consider case sensitivity"
|
77
|
+
attr_string_accessor :signature_signature,
|
78
|
+
"Signature string which will be used by a SIGNATURE type rule"
|
79
|
+
attr_enum_accessor :template_type,
|
80
|
+
EnumDPIRuleTemplateType,
|
81
|
+
"Rule Type, e.g., CUSTOM_XML, SIGNATURE, START_END PATTERNS"
|
82
|
+
|
83
|
+
cache_by_aspect :id, :name
|
84
|
+
|
85
|
+
def application_type
|
86
|
+
@dsm.application_type(@application_type_id)
|
87
|
+
end
|
88
|
+
|
89
|
+
end
|
90
|
+
|
91
|
+
class Manager
|
92
|
+
|
93
|
+
def dpi_rules
|
94
|
+
cache.fetch(DPIRule.cache_key(:all, :all)) do
|
95
|
+
request_array("dpi_rule_retrieve_all", DPIRule)
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
def dpi_rule(id)
|
100
|
+
cache.fetch(DPIRule.cache_key(:id, id)) do
|
101
|
+
request_object("dpi_rule_retrieve", DPIRule, {:id => id})
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
def dpi_rule_by_name(name)
|
106
|
+
cache.fetch(DPIRule.cache_key(:name, name)) do
|
107
|
+
request_object("dpi_rule_retrieve_by_name", DPIRule, {:name => name})
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
end
|
112
|
+
|
113
|
+
end
|
@@ -0,0 +1,171 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# The primary computer transport object that represents the computer systems Deep Security is aware of. Physical
|
4
|
+
# computers, virtual machines, ESX servers, and Deep Security Virtual Appliances are all represented as HostTransport
|
5
|
+
# objects.
|
6
|
+
#
|
7
|
+
# To determine a HostTransport status (e.g., Activated, Offline, Installed, etc.) the computer HostStatusTransport
|
8
|
+
# should be retrieved and the assigned ProtectionStatusTransport objects should be inspected. The HostTransportStatus
|
9
|
+
# will reflect the overall protection status of a computer. If protection is applied by both an in-guest Agent and
|
10
|
+
# Virtual Appliance, then two ProtectionStatusTransport objects will be assigned. Agent and Virtual Appliance
|
11
|
+
# protection may have different protection capabilities enabled, so inspection of all assigned
|
12
|
+
# ProtectionStatusTransport objects should considered. Note that this is only necessary where a Virtual Appliance is
|
13
|
+
# deployed. Computers and virtual machines that only use Agent protection may only use the HostTransportStatus.
|
14
|
+
class Host < TransportObject
|
15
|
+
|
16
|
+
attr_integer_accessor :id
|
17
|
+
attr_string_accessor :name
|
18
|
+
attr_string_accessor :description
|
19
|
+
|
20
|
+
attr_string_accessor :display_name,
|
21
|
+
'Computer display name'
|
22
|
+
attr_boolean_accessor :external,
|
23
|
+
'Administrative external boolean for integration purposes.'
|
24
|
+
attr_string_accessor :external_id,
|
25
|
+
'Administrative external ID for integration purposes.'
|
26
|
+
attr_integer_accessor :host_group_id,
|
27
|
+
'Assigned HostGroupTransport ID'
|
28
|
+
attr_enum_accessor :host_type,
|
29
|
+
EnumHostType,
|
30
|
+
'Assigned host type'
|
31
|
+
attr_string_accessor :platform,
|
32
|
+
'Computer platform'
|
33
|
+
attr_integer_accessor :security_profile_id,
|
34
|
+
'Assigned SecurityProfileTransport ID'
|
35
|
+
|
36
|
+
cache_by_aspect :id, :name
|
37
|
+
|
38
|
+
# @!group High-Level Screenscraping Wrapper
|
39
|
+
|
40
|
+
def dpi_rules_from_identifiers(rule_identifiers)
|
41
|
+
dpi_rules = Hash.new()
|
42
|
+
Manager.current.dpi_rules.each { |rule| dpi_rules[rule.identifier]=rule }
|
43
|
+
rule_identifiers.map { |rule_identifier| dpi_rules[rule_identifier] }
|
44
|
+
end
|
45
|
+
|
46
|
+
def all_dpi_rule_identifiers
|
47
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 0)
|
48
|
+
end
|
49
|
+
|
50
|
+
def assigned_dpi_rule_identifiers
|
51
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 16)
|
52
|
+
end
|
53
|
+
|
54
|
+
def unassigned_dpi_rule_identifiers
|
55
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 32)
|
56
|
+
end
|
57
|
+
|
58
|
+
def recommended__dpi_rule_identifiers
|
59
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 33)
|
60
|
+
end
|
61
|
+
|
62
|
+
def unrecommended__dpi_rule_identifiers
|
63
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 18)
|
64
|
+
end
|
65
|
+
|
66
|
+
def all_dpi_rules
|
67
|
+
dpi_rules_from_identifiers(all_dpi_rule_identifiers())
|
68
|
+
end
|
69
|
+
|
70
|
+
def assigned_dpi_rules
|
71
|
+
dpi_rules_from_identifiers(assigned_dpi_rule_identifiers())
|
72
|
+
end
|
73
|
+
|
74
|
+
#@!endgroup
|
75
|
+
|
76
|
+
# @!group High-Level SOAP Wrapper
|
77
|
+
|
78
|
+
# Retrieves Hosts.
|
79
|
+
# @return [Array<Host>]
|
80
|
+
def self.all
|
81
|
+
dsm.hostRetrieveAll()
|
82
|
+
end
|
83
|
+
|
84
|
+
# Retrieves a Host by ID.
|
85
|
+
# @param [Integer] id Host ID
|
86
|
+
# @return [Host]
|
87
|
+
def self.find_by_id(id)
|
88
|
+
dsm.hostRetrieve(id)
|
89
|
+
end
|
90
|
+
|
91
|
+
# Retrieves a Host by name.
|
92
|
+
# @param [String] hostname hostname
|
93
|
+
# @return [Host]
|
94
|
+
def self.find_by_name(hostname)
|
95
|
+
dsm.hostRetrieveByName(hostname)
|
96
|
+
end
|
97
|
+
#@!endgroup
|
98
|
+
end
|
99
|
+
|
100
|
+
class Manager
|
101
|
+
|
102
|
+
# @!group Low-Level SOAP Wrapper
|
103
|
+
|
104
|
+
# Retrieves Hosts.
|
105
|
+
#
|
106
|
+
# SYNTAX
|
107
|
+
# HostTransport[] hostRetrieveAll(String sID)
|
108
|
+
#
|
109
|
+
# PARAMETERS
|
110
|
+
# sID Authentication session identifier ID.
|
111
|
+
#
|
112
|
+
# RETURNS
|
113
|
+
# HostTransport object array.
|
114
|
+
def hostRetrieveAll(sID = dsm.sID)
|
115
|
+
cache.fetch(Host.cache_key(:all, :all)) do
|
116
|
+
request_array(:host_retrieve_all, Host, nil,
|
117
|
+
:sID => sID)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
# Retrieves a Host by ID.
|
122
|
+
#
|
123
|
+
# SYNTAX
|
124
|
+
# HostTransport hostRetrieve(int ID, String sID)
|
125
|
+
#
|
126
|
+
# PARAMETERS
|
127
|
+
# ID Host ID.
|
128
|
+
# sID Authentication session identifier ID.
|
129
|
+
#
|
130
|
+
# RETURNS
|
131
|
+
# HostTransport object.
|
132
|
+
def hostRetrieve(id, sID = dsm.sID)
|
133
|
+
cache.fetch(Host.cache_key(:id, id)) do
|
134
|
+
request_object(:host_retrieve, Host, :id => id, :sID => sID)
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
# Retrieves a Host by name.
|
139
|
+
#
|
140
|
+
# SYNTAX
|
141
|
+
# HostTransport hostRetrieveByName(String hostname, String sID)
|
142
|
+
#
|
143
|
+
# PARAMETERS
|
144
|
+
# hostname Host name.
|
145
|
+
# sID Authentication session identifier ID.
|
146
|
+
#
|
147
|
+
# RETURNS
|
148
|
+
# HostTransport object.
|
149
|
+
def hostRetrieveByName(hostname, sID = dsm.sID)
|
150
|
+
cache.fetch(Host.cache_key(:name, hostname)) do
|
151
|
+
request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
# @!endgroup
|
156
|
+
|
157
|
+
# @!group Low-Level Screenscraping Wrapper
|
158
|
+
|
159
|
+
def security_profile
|
160
|
+
Manager.current.security_progile(@security_profile_id)
|
161
|
+
end
|
162
|
+
|
163
|
+
def dpi_rule_identifiers_for_host(id, argument)
|
164
|
+
payload_filters2_show_rules(id, argument)
|
165
|
+
payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
|
166
|
+
end
|
167
|
+
# @!endgroup
|
168
|
+
|
169
|
+
end
|
170
|
+
|
171
|
+
end
|
@@ -0,0 +1,167 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# An object that holds detailed information about one computer object. All the "overall" fields are fields created by
|
4
|
+
# merging states of potentially multiple endpoints (i.e., Agent + Appliance).
|
5
|
+
class HostDetail < Host
|
6
|
+
|
7
|
+
|
8
|
+
attr_integer_accessor :id
|
9
|
+
attr_string_accessor :name
|
10
|
+
attr_string_accessor :description
|
11
|
+
|
12
|
+
attr_string_accessor :display_name,
|
13
|
+
'Computer display name'
|
14
|
+
attr_boolean_accessor :external,
|
15
|
+
'Administrative external boolean for integration purposes.'
|
16
|
+
attr_string_accessor :external_id,
|
17
|
+
'Administrative external ID for integration purposes.'
|
18
|
+
attr_integer_accessor :host_group_id,
|
19
|
+
'Assigned HostGroupTransport ID'
|
20
|
+
attr_enum_accessor :host_type,
|
21
|
+
EnumHostType,
|
22
|
+
'Assigned host type'
|
23
|
+
attr_string_accessor :platform,
|
24
|
+
'Computer platform'
|
25
|
+
attr_integer_accessor :security_profile_id,
|
26
|
+
'Assigned SecurityProfileTransport ID'
|
27
|
+
# ABOVE is duplicates from Host!
|
28
|
+
|
29
|
+
attr_string_accessor :anti_malware_classic_pattern_version,
|
30
|
+
"Current version of the classic Anti-Malware pattern"
|
31
|
+
attr_string_accessor :anti_malware_engine_version,
|
32
|
+
"Current version of the Anti-Malware engine"
|
33
|
+
attr_string_accessor :anti_malware_intelli_trap_exception_version,
|
34
|
+
"Current version of the IntelliTrap exception pattern"
|
35
|
+
attr_string_accessor :anti_malware_intelli_trap_version,
|
36
|
+
"Current version of the IntelliTrap pattern"
|
37
|
+
attr_string_accessor :anti_malware_smart_scan_pattern_version,
|
38
|
+
"Current version of the Smart Scan pattern"
|
39
|
+
attr_string_accessor :anti_malware_spyware_pattern_version,
|
40
|
+
"Current version of the Spyware pattern"
|
41
|
+
attr_string_accessor :host_group_name,
|
42
|
+
"Name of Group this computer belongs to"
|
43
|
+
attr_string_accessor :cloud_object_image_id,
|
44
|
+
"Cloud Object Image Id"
|
45
|
+
attr_string_accessor :cloud_object_instance_id,
|
46
|
+
"Cloud Object Instance Id"
|
47
|
+
attr_string_accessor :cloud_object_internal_unique_id,
|
48
|
+
"Cloud Object Internal Unique Id"
|
49
|
+
attr_string_accessor :cloud_object_security_group_ids,
|
50
|
+
"Cloud Object Security Group Ids"
|
51
|
+
attr_enum_accessor :cloud_object_type,
|
52
|
+
EnumCloudObjectType,
|
53
|
+
"Cloud Object Type"
|
54
|
+
attr_enum_accessor :host_light,
|
55
|
+
EnumHostLight,
|
56
|
+
"Current color that represents the computers status"
|
57
|
+
attr_datetime_accessor :last_anit_malware_scheduled_scan,
|
58
|
+
"Last time an Anti-Malware scheduled scan was performed"
|
59
|
+
attr_datetime_accessor :last_anti_malware_event,
|
60
|
+
"The time of the most recent Anti-Malware event for this computer"
|
61
|
+
attr_datetime_accessor :last_anti_malware_manual_scan,
|
62
|
+
"Last time an Anti-Malware manual scan was performed"
|
63
|
+
attr_datetime_accessor :last_dpi_event,
|
64
|
+
"The time of the most recent DPI Event for this computer"
|
65
|
+
attr_datetime_accessor :last_firewall_event,
|
66
|
+
"The time of the most recent Firewall Event for this computer"
|
67
|
+
|
68
|
+
attr_ip_address_accessor :last_ip_used,
|
69
|
+
"The last IP that was used for this computer during communication with the manager"
|
70
|
+
attr_datetime_accessor :last_integrity_monitoring_event,
|
71
|
+
"The time of the most recent Integrity Monitoring Event for this computer"
|
72
|
+
attr_datetime_accessor :last_log_inspection_event,
|
73
|
+
"The time of the most recent Log Inspection Event for this computer"
|
74
|
+
attr_integer_accessor :light,
|
75
|
+
"An integer representing the computers status light"
|
76
|
+
attr_boolean_accessor :locked,
|
77
|
+
"The locked state of the computer"
|
78
|
+
attr_string_accessor :overall_anti_malware_status,
|
79
|
+
"Overall Anti-Malware status of the computer"
|
80
|
+
attr_string_accessor :overall_dpi_status,
|
81
|
+
"Overall DPI status of the computer"
|
82
|
+
attr_string_accessor :overall_firewall_status,
|
83
|
+
"Overall Firewall status of the computer"
|
84
|
+
attr_string_accessor :overall_integrity_monitoring_status,
|
85
|
+
"Overall Integrity Monitoring status of the computer"
|
86
|
+
attr_datetime_accessor :overall_last_recommendation_scan,
|
87
|
+
"The time of the last recommendation scan"
|
88
|
+
attr_datetime_accessor :overall_last_successful_communication,
|
89
|
+
"The time of the last communication with the Manager"
|
90
|
+
attr_datetime_accessor :overall_last_successful_update,
|
91
|
+
"The time of the last successful Configuration Update"
|
92
|
+
attr_datetime_accessor :overall_last_update_required,
|
93
|
+
"The time the last configuration update was required at the manager"
|
94
|
+
attr_string_accessor :overall_log_inspection_status,
|
95
|
+
"Overall Log Inspection status of the computer"
|
96
|
+
attr_string_accessor :overall_status,
|
97
|
+
"Overall status of the computer"
|
98
|
+
attr_string_accessor :overall_version,
|
99
|
+
"Overall version of the computer"
|
100
|
+
attr_string_accessor :security_profile_name,
|
101
|
+
"Name of the security profile assigned to the computer"
|
102
|
+
attr_string_accessor :virtual_name,
|
103
|
+
"Internal virtual name (only populated if this is a computer provisioned through vCenter)"
|
104
|
+
attr_string_accessor :virtual_uuid,
|
105
|
+
"Internal virtual UUID (only populated if this is a computer provisioned through vCenter)"
|
106
|
+
array_integer_accessor :component_klasses,
|
107
|
+
"Array of class ids for components"
|
108
|
+
array_string_accessor :component_names,
|
109
|
+
"Array of component names"
|
110
|
+
array_integer_accessor :component_types,
|
111
|
+
"Array of component types"
|
112
|
+
array_string_accessor :component_versions,
|
113
|
+
"Array of component versions"
|
114
|
+
attr_string_accessor :overall_web_reputation_status,
|
115
|
+
"Overall Web Reputation status of the computer"
|
116
|
+
attr_datetime_accessor :last_web_reputation_event,
|
117
|
+
"The time of the most recent Web Reputation event for this computer"
|
118
|
+
|
119
|
+
array_object_accessor :host_interfaces,
|
120
|
+
HostInterface
|
121
|
+
|
122
|
+
# cache_by_aspect :id, :name
|
123
|
+
|
124
|
+
# @!group High-Level SOAP Wrapper
|
125
|
+
|
126
|
+
# Return all HostDetails matching the hosts filter with the given detail level
|
127
|
+
# @param [HostFilter] host_filter
|
128
|
+
# @param [EnumHostDetailLevel] detail_level
|
129
|
+
# @return [Array<HostDetail>]
|
130
|
+
def self.find_all(host_filter, detail_level)
|
131
|
+
dsm.hostDetailRetrieve(host_filter, detail_level)
|
132
|
+
end
|
133
|
+
|
134
|
+
# @!endgroup
|
135
|
+
|
136
|
+
end
|
137
|
+
|
138
|
+
class Manager
|
139
|
+
|
140
|
+
# @!group Low-Level SOAP Wrapper
|
141
|
+
|
142
|
+
# Retrieves the detail information of hosts.
|
143
|
+
#
|
144
|
+
# SYNTAX
|
145
|
+
# public HostDetailTransport[] hostDetailRetrieve(HostFilterTransport hostFilter, EnumHostDetailLevel hostDetailLevel, String sID)
|
146
|
+
#
|
147
|
+
# PARAMETERS
|
148
|
+
# hostFilter Restricts the retrieved hosts by host, group, or security profile
|
149
|
+
# hostDetailLevel The detail level
|
150
|
+
# sID Authentication session identifier ID.
|
151
|
+
#
|
152
|
+
# RETURNS
|
153
|
+
# HostDetailTransport object array.
|
154
|
+
def hostDetailRetrieve(hostFilter, hostDetailLevel, sID = dsm.sID)
|
155
|
+
cache.fetch(HostDetail.cache_key(:all, :all)) do
|
156
|
+
request_array(:host_detail_retrieve, HostDetail, nil,
|
157
|
+
:hostFilter => hostFilter.to_savon_data,
|
158
|
+
:hostDetailLevel => EnumHostDetailLevel.key(hostDetailLevel),
|
159
|
+
:sID => sID)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
# @!endgroup
|
164
|
+
|
165
|
+
end
|
166
|
+
|
167
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Used as search criteria to limit the scope of objects returned by computer-related attributes, such as by a Group,
|
4
|
+
# a Security Profile, or a specific computer. The event retrieval- related methods will require a HostFilterTransport
|
5
|
+
# that is empty to search for all events, or with specific properties populated to limit the scope of the search. For
|
6
|
+
# example, setting the HostFilterTransport securityProfileID property to the ID of a Security Profile will limit any
|
7
|
+
# event retrieval method calls to events that pertain to computers with the specific Security Profile assigned.
|
8
|
+
class HostFilter < TransportObject
|
9
|
+
|
10
|
+
attr_integer_accessor :hostGroupID,
|
11
|
+
"HostGroupTransport ID to filter computers by"
|
12
|
+
attr_integer_accessor :hostID,
|
13
|
+
"HostTransport ID to filter computers by"
|
14
|
+
attr_integer_accessor :securityProfileID,
|
15
|
+
"SecurityProfileTransport ID to filter computers by"
|
16
|
+
attr_enum_accessor :type,
|
17
|
+
EnumHostFilterType,
|
18
|
+
"EnumHostFilterType to filter computers by"
|
19
|
+
|
20
|
+
def self.all_hosts
|
21
|
+
instance = self.new()
|
22
|
+
instance.type = :all_hosts
|
23
|
+
instance
|
24
|
+
end
|
25
|
+
|
26
|
+
def self.hosts_in_group(host_group_id)
|
27
|
+
instance = self.new()
|
28
|
+
instance.type = :hosts_in_group
|
29
|
+
instance.hostGroupID = host_group_id
|
30
|
+
instance
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.hosts_using_security_profile(security_profile_id)
|
34
|
+
instance = self.new()
|
35
|
+
instance.type = :hosts_using_security_profile
|
36
|
+
instance.securityProfileID = security_profile_id
|
37
|
+
instance
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.hosts_in_group_and_all_subgroups(host_group_id)
|
41
|
+
instance = self.new()
|
42
|
+
instance.type = :hosts_in_group_and_all_subgroups
|
43
|
+
instance.hostGroupID = host_group_id
|
44
|
+
instance
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.specific_host(host_id)
|
48
|
+
instance = self.new()
|
49
|
+
instance.type = :specific_host
|
50
|
+
instance.hostID = host_id
|
51
|
+
instance
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.my_hosts
|
55
|
+
instance = self.new()
|
56
|
+
instance.type = :my_hosts
|
57
|
+
instance
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
class HostGroup < TransportObject
|
4
|
+
|
5
|
+
attr_integer_accessor :id
|
6
|
+
attr_string_accessor :name
|
7
|
+
attr_string_accessor :description
|
8
|
+
attr_boolean_accessor :external
|
9
|
+
attr_string_accessor :external_id
|
10
|
+
attr_integer_accessor :parent_group_id
|
11
|
+
|
12
|
+
def parent_group
|
13
|
+
return nil if @parent_group_id.nil?
|
14
|
+
@dsm.host_group(@parent_group_id)
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
class Manager
|
20
|
+
|
21
|
+
def host_groups
|
22
|
+
cache.fetch(HostGroup.cache_key(:all, :all)) do
|
23
|
+
request_array("host_group_retrieve_all", HostGroup)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def host_group(id)
|
28
|
+
cache.fetch(HostGroup.cache_key(:id, id)) do
|
29
|
+
request_object("host_group_retrieve", HostGroup, {:id => id})
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def host_group_by_name(name)
|
34
|
+
cache.fetch(HostGroup.cache_key(:name, name)) do
|
35
|
+
request_object("host_group_retrieve_by_name", HostGroup, {:name => name})
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# The Host's Interface Transport Object.
|
4
|
+
class HostInterface < TransportObject
|
5
|
+
|
6
|
+
attr_integer_accessor :id
|
7
|
+
attr_string_accessor :name
|
8
|
+
attr_string_accessor :description
|
9
|
+
|
10
|
+
attr_string_accessor :display_name,
|
11
|
+
'Computer display name'
|
12
|
+
attr_boolean_accessor :external,
|
13
|
+
'Administrative external boolean for integration purposes.'
|
14
|
+
attr_string_accessor :external_id,
|
15
|
+
'Administrative external ID for integration purposes.'
|
16
|
+
attr_integer_accessor :host_group_id,
|
17
|
+
'Assigned HostGroupTransport ID'
|
18
|
+
attr_enum_accessor :host_type,
|
19
|
+
EnumHostType,
|
20
|
+
'Assigned host type'
|
21
|
+
attr_string_accessor :platform,
|
22
|
+
'Computer platform'
|
23
|
+
attr_integer_accessor :security_profile_id,
|
24
|
+
'Assigned SecurityProfileTransport ID'
|
25
|
+
|
26
|
+
# ABOVE COPIED FROM HOST!
|
27
|
+
|
28
|
+
attr_boolean_accessor :dhcp,
|
29
|
+
"DHCP On or Off"
|
30
|
+
attr_integer_accessor :host_bridge_id,
|
31
|
+
"The ID of the Host Bridge"
|
32
|
+
attr_integer_accessor :interface_type_id,
|
33
|
+
"The ID of the Interface Type"
|
34
|
+
attr_string_accessor :mac,
|
35
|
+
"Mac Address"
|
36
|
+
attr_boolean_accessor :not_available,
|
37
|
+
"True is the HostInterface isn't available"
|
38
|
+
attr_integer_accessor :virtual_device_key,
|
39
|
+
"The Virtual Device Key"
|
40
|
+
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Used as a search criteria to limit the scope of objects returned by event transport object ID. Each event transport
|
4
|
+
# object, such as IntegrityEventTransport, includes an ID property that is assigned as the primary key of an event
|
5
|
+
# when it is generated by a computer agent. Using IDFilterTransport, it is possible to filter event retrieval by this
|
6
|
+
# event ID in order to retrieve a specific event by ID, or events that are greater or less than a specified ID. For
|
7
|
+
# example, a utility that is designed to retrieve all new events on an interval can use the event ID property to
|
8
|
+
# uniquely identify which events have already been retrieved. This way retrieval of duplicate events can be avoided.
|
9
|
+
class IDFilter < TransportObject
|
10
|
+
|
11
|
+
attr_integer_accessor :id
|
12
|
+
attr_enum_accessor :operator, EnumOperator
|
13
|
+
|
14
|
+
def self.equals(id)
|
15
|
+
instance = self.new()
|
16
|
+
instance.operator = :equals
|
17
|
+
instance.id =id
|
18
|
+
instance
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.less_than(id)
|
22
|
+
instance = self.new()
|
23
|
+
instance.operator = :less_than
|
24
|
+
instance.id =id
|
25
|
+
instance
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.greater_than(id)
|
29
|
+
instance = self.new()
|
30
|
+
instance.operator = :greater_than
|
31
|
+
instance.id =id
|
32
|
+
instance
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# This class encapsulates a vulnerability
|
4
|
+
# @private
|
5
|
+
class Vulnerability
|
6
|
+
|
7
|
+
attr_accessor :dpi_rule_identifier
|
8
|
+
attr_accessor :cve_identifiers
|
9
|
+
attr_accessor :secunia_identifiers
|
10
|
+
attr_accessor :bugtraq_identifiers
|
11
|
+
attr_accessor :microsoft_identifiers
|
12
|
+
|
13
|
+
def parse_vulnerabilities_string(string)
|
14
|
+
return [] if string.strip == "N/A"
|
15
|
+
string.split(",").map { |each| each.strip }
|
16
|
+
end
|
17
|
+
|
18
|
+
def cve_identifiers_string=(string)
|
19
|
+
@cve_identifiers = parse_vulnerabilities_string(string)
|
20
|
+
end
|
21
|
+
|
22
|
+
def secunia_identifiers_string=(string)
|
23
|
+
@secunia_identifiers = parse_vulnerabilities_string(string)
|
24
|
+
end
|
25
|
+
|
26
|
+
def bugtraq_identifiers_string=(string)
|
27
|
+
@bugtraq_identifiers = parse_vulnerabilities_string(string)
|
28
|
+
end
|
29
|
+
|
30
|
+
def microsoft_identifiers_string=(string)
|
31
|
+
@microsoft_identifiers = parse_vulnerabilities_string(string)
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
class Manager
|
37
|
+
|
38
|
+
def vulnerabilities
|
39
|
+
payload_filters2_enable_vulnerability_columns()
|
40
|
+
payload_filters2().map do |hash|
|
41
|
+
vulnerability = Vulnerability.new
|
42
|
+
vulnerability.dpi_rule_identifier = hash[:name].split(' ').first
|
43
|
+
vulnerability.cve_identifiers_string = hash[:cve]
|
44
|
+
vulnerability.secunia_identifiers_string = hash[:secunia]
|
45
|
+
vulnerability.bugtraq_identifiers_string = hash[:bugtraq]
|
46
|
+
vulnerability.microsoft_identifiers_string = hash[:microsoft]
|
47
|
+
vulnerability
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
end
|