deepsecurity 0.0.13hf1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +25 -0
- data/.yardopts +4 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +29 -0
- data/Rakefile +2 -0
- data/bin/dsc +186 -0
- data/deepsecurity.gemspec +30 -0
- data/lib/deepsecurity/ds_object.rb +37 -0
- data/lib/deepsecurity/enums.rb +539 -0
- data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
- data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
- data/lib/deepsecurity/manager.rb +223 -0
- data/lib/deepsecurity/screenscraping.rb +149 -0
- data/lib/deepsecurity/transport_object.rb +21 -0
- data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
- data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
- data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
- data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
- data/lib/deepsecurity/transport_objects/host.rb +171 -0
- data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
- data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
- data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
- data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
- data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
- data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
- data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
- data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
- data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
- data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
- data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
- data/lib/deepsecurity/version.rb +3 -0
- data/lib/deepsecurity.rb +58 -0
- data/lib/dsc/anti_malware_event.rb +101 -0
- data/lib/dsc/dsc_object.rb +41 -0
- data/lib/dsc/helper.rb +48 -0
- data/lib/dsc/host_detail.rb +62 -0
- data/lib/dsc.rb +6 -0
- data/lib/dsc_version.rb +3 -0
- data/lib/savon_helper/caching_object.rb +48 -0
- data/lib/savon_helper/mapping_object.rb +421 -0
- data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
- data/lib/savon_helper/soap_exception.rb +7 -0
- data/lib/savon_helper/type_mappings.rb +218 -0
- data/lib/savon_helper.rb +7 -0
- metadata +188 -0
@@ -0,0 +1,113 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Represents a DPI Rule that can be accessed to read, update, or when creating new DPI Rules. Creating and updating
|
4
|
+
# DPI Rules is considered advanced and not a routine or repetitive operation. Changing some configuration options,
|
5
|
+
# such as includePacketData or raiseAlert are reasonable; however, creating a new DPI rule from scratch
|
6
|
+
# programmatically should only be done if full testing of the ruleXML content has been performed prior.
|
7
|
+
#
|
8
|
+
# When creating a new rule, if possible it is recommended that an existing base rule is retrieved first, then
|
9
|
+
# modified to reflect the new rule, and saved as the new rule.
|
10
|
+
#
|
11
|
+
# Once a new rule has been created and saved, the returned transport object from the save rule method should be used
|
12
|
+
# for all subsequent configuration operations for the life of the object. The reason for this is that the Manager will
|
13
|
+
# populate some fields during the save operation, such as rule ID, and these fields will not be present if you do not
|
14
|
+
# use the returned version after saving.
|
15
|
+
class DPIRule < TransportObject
|
16
|
+
|
17
|
+
attr_integer_accessor :id,
|
18
|
+
"ID"
|
19
|
+
attr_string_accessor :name,
|
20
|
+
"Name"
|
21
|
+
attr_string_accessor :description,
|
22
|
+
"Description"
|
23
|
+
attr_string_accessor :tbuid,
|
24
|
+
"Internal TBUID of a Trend Micro issued DPI Rule"
|
25
|
+
attr_integer_accessor :application_type_id,
|
26
|
+
"ApplicationTypeTransport ID this rule is assigned to"
|
27
|
+
attr_boolean_accessor :authoritative,
|
28
|
+
"Whether the rule is an internal read only Trend Micro rule"
|
29
|
+
attr_double_accessor :cvss_score,
|
30
|
+
"Final calculated CVSS score of the vulnerability information. A rule may resolve multiple vulnerabilities, so this will always be the highest CVSS score."
|
31
|
+
attr_boolean_accessor :detect_only,
|
32
|
+
"Whether the rule is detect only"
|
33
|
+
attr_boolean_accessor :disable_event,
|
34
|
+
"Whether the rule is disabled"
|
35
|
+
attr_boolean_accessor :event_on_packet_drop,
|
36
|
+
"Whether the rule should trigger an event when the connection is dropped"
|
37
|
+
attr_boolean_accessor :event_on_packet_modify,
|
38
|
+
"Whether the rule should trigger an event when a packet is modified by a rule (uncommon)"
|
39
|
+
attr_string_accessor :identifier,
|
40
|
+
"Public identifier of the filter used by Trend Micro to track filters"
|
41
|
+
attr_boolean_accessor :ignore_recommendations,
|
42
|
+
"Whether the Recommendation Engine should ignore this rule"
|
43
|
+
attr_boolean_accessor :include_packet_data,
|
44
|
+
"Whether this rule events should include packet data"
|
45
|
+
attr_datetime_accessor :issued,
|
46
|
+
"Date this rule was issued"
|
47
|
+
attr_enum_accessor :pattern_action,
|
48
|
+
EnumDPIRuleAction,
|
49
|
+
"Action for START_END_PATTERNS type rule, e.g., DROP_CLOSE, LOG_ONLY"
|
50
|
+
attr_boolean_accessor :pattern_case_sensitive,
|
51
|
+
"Whether a START_END_PATTERNS type rule should consider case sensitivity"
|
52
|
+
attr_string_accessor :pattern_end,
|
53
|
+
"End pattern"
|
54
|
+
attr_enum_accessor :pattern_if,
|
55
|
+
EnumDPIRuleIf,
|
56
|
+
"Trigger if a START_END_PATTERNS type rule meets the criteria, e.g., ALL_PATTERNS_FOUND, ANY_PATTERNS_FOUND, NO_PATTERNS_FOUND"
|
57
|
+
attr_string_accessor :pattern_patterns,
|
58
|
+
"A newline separated list of strings which will be used by a START_END_PATTERNS type rule"
|
59
|
+
attr_string_accessor :pattern_start,
|
60
|
+
"Start pattern"
|
61
|
+
attr_enum_accessor :priority, EnumDPIRulePriority,
|
62
|
+
"Rule priority, e.g., HIGHEST, NORMAL, LOWEST"
|
63
|
+
attr_boolean_accessor :raise_alert,
|
64
|
+
"Whether an alert should be raised when the rule triggers"
|
65
|
+
attr_string_accessor :rule_xml,
|
66
|
+
"Rule XML of a CUSTOM_XML type rule. This may not be available for rules that have thirdBrigade set to TRUE"
|
67
|
+
attr_integer_accessor :schedule_id,
|
68
|
+
"ScheduleTransport ID assigned to this rule"
|
69
|
+
attr_enum_accessor :severity,
|
70
|
+
EnumDPIRuleSeverity,
|
71
|
+
"Severity, e.g., CRITICAL, LOW"
|
72
|
+
attr_enum_accessor :signature_action,
|
73
|
+
EnumDPIRuleAction,
|
74
|
+
"Action for SIGNATURE type rule, e.g., DROP_CLOSE, LOG_ONLY"
|
75
|
+
attr_boolean_accessor :signature_case_sensitive,
|
76
|
+
"Whether a SIGNATURE type rule should consider case sensitivity"
|
77
|
+
attr_string_accessor :signature_signature,
|
78
|
+
"Signature string which will be used by a SIGNATURE type rule"
|
79
|
+
attr_enum_accessor :template_type,
|
80
|
+
EnumDPIRuleTemplateType,
|
81
|
+
"Rule Type, e.g., CUSTOM_XML, SIGNATURE, START_END PATTERNS"
|
82
|
+
|
83
|
+
cache_by_aspect :id, :name
|
84
|
+
|
85
|
+
def application_type
|
86
|
+
@dsm.application_type(@application_type_id)
|
87
|
+
end
|
88
|
+
|
89
|
+
end
|
90
|
+
|
91
|
+
class Manager
|
92
|
+
|
93
|
+
def dpi_rules
|
94
|
+
cache.fetch(DPIRule.cache_key(:all, :all)) do
|
95
|
+
request_array("dpi_rule_retrieve_all", DPIRule)
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
def dpi_rule(id)
|
100
|
+
cache.fetch(DPIRule.cache_key(:id, id)) do
|
101
|
+
request_object("dpi_rule_retrieve", DPIRule, {:id => id})
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
def dpi_rule_by_name(name)
|
106
|
+
cache.fetch(DPIRule.cache_key(:name, name)) do
|
107
|
+
request_object("dpi_rule_retrieve_by_name", DPIRule, {:name => name})
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
end
|
112
|
+
|
113
|
+
end
|
@@ -0,0 +1,171 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# The primary computer transport object that represents the computer systems Deep Security is aware of. Physical
|
4
|
+
# computers, virtual machines, ESX servers, and Deep Security Virtual Appliances are all represented as HostTransport
|
5
|
+
# objects.
|
6
|
+
#
|
7
|
+
# To determine a HostTransport status (e.g., Activated, Offline, Installed, etc.) the computer HostStatusTransport
|
8
|
+
# should be retrieved and the assigned ProtectionStatusTransport objects should be inspected. The HostTransportStatus
|
9
|
+
# will reflect the overall protection status of a computer. If protection is applied by both an in-guest Agent and
|
10
|
+
# Virtual Appliance, then two ProtectionStatusTransport objects will be assigned. Agent and Virtual Appliance
|
11
|
+
# protection may have different protection capabilities enabled, so inspection of all assigned
|
12
|
+
# ProtectionStatusTransport objects should considered. Note that this is only necessary where a Virtual Appliance is
|
13
|
+
# deployed. Computers and virtual machines that only use Agent protection may only use the HostTransportStatus.
|
14
|
+
class Host < TransportObject
|
15
|
+
|
16
|
+
attr_integer_accessor :id
|
17
|
+
attr_string_accessor :name
|
18
|
+
attr_string_accessor :description
|
19
|
+
|
20
|
+
attr_string_accessor :display_name,
|
21
|
+
'Computer display name'
|
22
|
+
attr_boolean_accessor :external,
|
23
|
+
'Administrative external boolean for integration purposes.'
|
24
|
+
attr_string_accessor :external_id,
|
25
|
+
'Administrative external ID for integration purposes.'
|
26
|
+
attr_integer_accessor :host_group_id,
|
27
|
+
'Assigned HostGroupTransport ID'
|
28
|
+
attr_enum_accessor :host_type,
|
29
|
+
EnumHostType,
|
30
|
+
'Assigned host type'
|
31
|
+
attr_string_accessor :platform,
|
32
|
+
'Computer platform'
|
33
|
+
attr_integer_accessor :security_profile_id,
|
34
|
+
'Assigned SecurityProfileTransport ID'
|
35
|
+
|
36
|
+
cache_by_aspect :id, :name
|
37
|
+
|
38
|
+
# @!group High-Level Screenscraping Wrapper
|
39
|
+
|
40
|
+
def dpi_rules_from_identifiers(rule_identifiers)
|
41
|
+
dpi_rules = Hash.new()
|
42
|
+
Manager.current.dpi_rules.each { |rule| dpi_rules[rule.identifier]=rule }
|
43
|
+
rule_identifiers.map { |rule_identifier| dpi_rules[rule_identifier] }
|
44
|
+
end
|
45
|
+
|
46
|
+
def all_dpi_rule_identifiers
|
47
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 0)
|
48
|
+
end
|
49
|
+
|
50
|
+
def assigned_dpi_rule_identifiers
|
51
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 16)
|
52
|
+
end
|
53
|
+
|
54
|
+
def unassigned_dpi_rule_identifiers
|
55
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 32)
|
56
|
+
end
|
57
|
+
|
58
|
+
def recommended__dpi_rule_identifiers
|
59
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 33)
|
60
|
+
end
|
61
|
+
|
62
|
+
def unrecommended__dpi_rule_identifiers
|
63
|
+
Manager.current.dpi_rule_identifiers_for_host(@id, 18)
|
64
|
+
end
|
65
|
+
|
66
|
+
def all_dpi_rules
|
67
|
+
dpi_rules_from_identifiers(all_dpi_rule_identifiers())
|
68
|
+
end
|
69
|
+
|
70
|
+
def assigned_dpi_rules
|
71
|
+
dpi_rules_from_identifiers(assigned_dpi_rule_identifiers())
|
72
|
+
end
|
73
|
+
|
74
|
+
#@!endgroup
|
75
|
+
|
76
|
+
# @!group High-Level SOAP Wrapper
|
77
|
+
|
78
|
+
# Retrieves Hosts.
|
79
|
+
# @return [Array<Host>]
|
80
|
+
def self.all
|
81
|
+
dsm.hostRetrieveAll()
|
82
|
+
end
|
83
|
+
|
84
|
+
# Retrieves a Host by ID.
|
85
|
+
# @param [Integer] id Host ID
|
86
|
+
# @return [Host]
|
87
|
+
def self.find_by_id(id)
|
88
|
+
dsm.hostRetrieve(id)
|
89
|
+
end
|
90
|
+
|
91
|
+
# Retrieves a Host by name.
|
92
|
+
# @param [String] hostname hostname
|
93
|
+
# @return [Host]
|
94
|
+
def self.find_by_name(hostname)
|
95
|
+
dsm.hostRetrieveByName(hostname)
|
96
|
+
end
|
97
|
+
#@!endgroup
|
98
|
+
end
|
99
|
+
|
100
|
+
class Manager
|
101
|
+
|
102
|
+
# @!group Low-Level SOAP Wrapper
|
103
|
+
|
104
|
+
# Retrieves Hosts.
|
105
|
+
#
|
106
|
+
# SYNTAX
|
107
|
+
# HostTransport[] hostRetrieveAll(String sID)
|
108
|
+
#
|
109
|
+
# PARAMETERS
|
110
|
+
# sID Authentication session identifier ID.
|
111
|
+
#
|
112
|
+
# RETURNS
|
113
|
+
# HostTransport object array.
|
114
|
+
def hostRetrieveAll(sID = dsm.sID)
|
115
|
+
cache.fetch(Host.cache_key(:all, :all)) do
|
116
|
+
request_array(:host_retrieve_all, Host, nil,
|
117
|
+
:sID => sID)
|
118
|
+
end
|
119
|
+
end
|
120
|
+
|
121
|
+
# Retrieves a Host by ID.
|
122
|
+
#
|
123
|
+
# SYNTAX
|
124
|
+
# HostTransport hostRetrieve(int ID, String sID)
|
125
|
+
#
|
126
|
+
# PARAMETERS
|
127
|
+
# ID Host ID.
|
128
|
+
# sID Authentication session identifier ID.
|
129
|
+
#
|
130
|
+
# RETURNS
|
131
|
+
# HostTransport object.
|
132
|
+
def hostRetrieve(id, sID = dsm.sID)
|
133
|
+
cache.fetch(Host.cache_key(:id, id)) do
|
134
|
+
request_object(:host_retrieve, Host, :id => id, :sID => sID)
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
# Retrieves a Host by name.
|
139
|
+
#
|
140
|
+
# SYNTAX
|
141
|
+
# HostTransport hostRetrieveByName(String hostname, String sID)
|
142
|
+
#
|
143
|
+
# PARAMETERS
|
144
|
+
# hostname Host name.
|
145
|
+
# sID Authentication session identifier ID.
|
146
|
+
#
|
147
|
+
# RETURNS
|
148
|
+
# HostTransport object.
|
149
|
+
def hostRetrieveByName(hostname, sID = dsm.sID)
|
150
|
+
cache.fetch(Host.cache_key(:name, hostname)) do
|
151
|
+
request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
# @!endgroup
|
156
|
+
|
157
|
+
# @!group Low-Level Screenscraping Wrapper
|
158
|
+
|
159
|
+
def security_profile
|
160
|
+
Manager.current.security_progile(@security_profile_id)
|
161
|
+
end
|
162
|
+
|
163
|
+
def dpi_rule_identifiers_for_host(id, argument)
|
164
|
+
payload_filters2_show_rules(id, argument)
|
165
|
+
payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
|
166
|
+
end
|
167
|
+
# @!endgroup
|
168
|
+
|
169
|
+
end
|
170
|
+
|
171
|
+
end
|
@@ -0,0 +1,167 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# An object that holds detailed information about one computer object. All the "overall" fields are fields created by
|
4
|
+
# merging states of potentially multiple endpoints (i.e., Agent + Appliance).
|
5
|
+
class HostDetail < Host
|
6
|
+
|
7
|
+
|
8
|
+
attr_integer_accessor :id
|
9
|
+
attr_string_accessor :name
|
10
|
+
attr_string_accessor :description
|
11
|
+
|
12
|
+
attr_string_accessor :display_name,
|
13
|
+
'Computer display name'
|
14
|
+
attr_boolean_accessor :external,
|
15
|
+
'Administrative external boolean for integration purposes.'
|
16
|
+
attr_string_accessor :external_id,
|
17
|
+
'Administrative external ID for integration purposes.'
|
18
|
+
attr_integer_accessor :host_group_id,
|
19
|
+
'Assigned HostGroupTransport ID'
|
20
|
+
attr_enum_accessor :host_type,
|
21
|
+
EnumHostType,
|
22
|
+
'Assigned host type'
|
23
|
+
attr_string_accessor :platform,
|
24
|
+
'Computer platform'
|
25
|
+
attr_integer_accessor :security_profile_id,
|
26
|
+
'Assigned SecurityProfileTransport ID'
|
27
|
+
# ABOVE is duplicates from Host!
|
28
|
+
|
29
|
+
attr_string_accessor :anti_malware_classic_pattern_version,
|
30
|
+
"Current version of the classic Anti-Malware pattern"
|
31
|
+
attr_string_accessor :anti_malware_engine_version,
|
32
|
+
"Current version of the Anti-Malware engine"
|
33
|
+
attr_string_accessor :anti_malware_intelli_trap_exception_version,
|
34
|
+
"Current version of the IntelliTrap exception pattern"
|
35
|
+
attr_string_accessor :anti_malware_intelli_trap_version,
|
36
|
+
"Current version of the IntelliTrap pattern"
|
37
|
+
attr_string_accessor :anti_malware_smart_scan_pattern_version,
|
38
|
+
"Current version of the Smart Scan pattern"
|
39
|
+
attr_string_accessor :anti_malware_spyware_pattern_version,
|
40
|
+
"Current version of the Spyware pattern"
|
41
|
+
attr_string_accessor :host_group_name,
|
42
|
+
"Name of Group this computer belongs to"
|
43
|
+
attr_string_accessor :cloud_object_image_id,
|
44
|
+
"Cloud Object Image Id"
|
45
|
+
attr_string_accessor :cloud_object_instance_id,
|
46
|
+
"Cloud Object Instance Id"
|
47
|
+
attr_string_accessor :cloud_object_internal_unique_id,
|
48
|
+
"Cloud Object Internal Unique Id"
|
49
|
+
attr_string_accessor :cloud_object_security_group_ids,
|
50
|
+
"Cloud Object Security Group Ids"
|
51
|
+
attr_enum_accessor :cloud_object_type,
|
52
|
+
EnumCloudObjectType,
|
53
|
+
"Cloud Object Type"
|
54
|
+
attr_enum_accessor :host_light,
|
55
|
+
EnumHostLight,
|
56
|
+
"Current color that represents the computers status"
|
57
|
+
attr_datetime_accessor :last_anit_malware_scheduled_scan,
|
58
|
+
"Last time an Anti-Malware scheduled scan was performed"
|
59
|
+
attr_datetime_accessor :last_anti_malware_event,
|
60
|
+
"The time of the most recent Anti-Malware event for this computer"
|
61
|
+
attr_datetime_accessor :last_anti_malware_manual_scan,
|
62
|
+
"Last time an Anti-Malware manual scan was performed"
|
63
|
+
attr_datetime_accessor :last_dpi_event,
|
64
|
+
"The time of the most recent DPI Event for this computer"
|
65
|
+
attr_datetime_accessor :last_firewall_event,
|
66
|
+
"The time of the most recent Firewall Event for this computer"
|
67
|
+
|
68
|
+
attr_ip_address_accessor :last_ip_used,
|
69
|
+
"The last IP that was used for this computer during communication with the manager"
|
70
|
+
attr_datetime_accessor :last_integrity_monitoring_event,
|
71
|
+
"The time of the most recent Integrity Monitoring Event for this computer"
|
72
|
+
attr_datetime_accessor :last_log_inspection_event,
|
73
|
+
"The time of the most recent Log Inspection Event for this computer"
|
74
|
+
attr_integer_accessor :light,
|
75
|
+
"An integer representing the computers status light"
|
76
|
+
attr_boolean_accessor :locked,
|
77
|
+
"The locked state of the computer"
|
78
|
+
attr_string_accessor :overall_anti_malware_status,
|
79
|
+
"Overall Anti-Malware status of the computer"
|
80
|
+
attr_string_accessor :overall_dpi_status,
|
81
|
+
"Overall DPI status of the computer"
|
82
|
+
attr_string_accessor :overall_firewall_status,
|
83
|
+
"Overall Firewall status of the computer"
|
84
|
+
attr_string_accessor :overall_integrity_monitoring_status,
|
85
|
+
"Overall Integrity Monitoring status of the computer"
|
86
|
+
attr_datetime_accessor :overall_last_recommendation_scan,
|
87
|
+
"The time of the last recommendation scan"
|
88
|
+
attr_datetime_accessor :overall_last_successful_communication,
|
89
|
+
"The time of the last communication with the Manager"
|
90
|
+
attr_datetime_accessor :overall_last_successful_update,
|
91
|
+
"The time of the last successful Configuration Update"
|
92
|
+
attr_datetime_accessor :overall_last_update_required,
|
93
|
+
"The time the last configuration update was required at the manager"
|
94
|
+
attr_string_accessor :overall_log_inspection_status,
|
95
|
+
"Overall Log Inspection status of the computer"
|
96
|
+
attr_string_accessor :overall_status,
|
97
|
+
"Overall status of the computer"
|
98
|
+
attr_string_accessor :overall_version,
|
99
|
+
"Overall version of the computer"
|
100
|
+
attr_string_accessor :security_profile_name,
|
101
|
+
"Name of the security profile assigned to the computer"
|
102
|
+
attr_string_accessor :virtual_name,
|
103
|
+
"Internal virtual name (only populated if this is a computer provisioned through vCenter)"
|
104
|
+
attr_string_accessor :virtual_uuid,
|
105
|
+
"Internal virtual UUID (only populated if this is a computer provisioned through vCenter)"
|
106
|
+
array_integer_accessor :component_klasses,
|
107
|
+
"Array of class ids for components"
|
108
|
+
array_string_accessor :component_names,
|
109
|
+
"Array of component names"
|
110
|
+
array_integer_accessor :component_types,
|
111
|
+
"Array of component types"
|
112
|
+
array_string_accessor :component_versions,
|
113
|
+
"Array of component versions"
|
114
|
+
attr_string_accessor :overall_web_reputation_status,
|
115
|
+
"Overall Web Reputation status of the computer"
|
116
|
+
attr_datetime_accessor :last_web_reputation_event,
|
117
|
+
"The time of the most recent Web Reputation event for this computer"
|
118
|
+
|
119
|
+
array_object_accessor :host_interfaces,
|
120
|
+
HostInterface
|
121
|
+
|
122
|
+
# cache_by_aspect :id, :name
|
123
|
+
|
124
|
+
# @!group High-Level SOAP Wrapper
|
125
|
+
|
126
|
+
# Return all HostDetails matching the hosts filter with the given detail level
|
127
|
+
# @param [HostFilter] host_filter
|
128
|
+
# @param [EnumHostDetailLevel] detail_level
|
129
|
+
# @return [Array<HostDetail>]
|
130
|
+
def self.find_all(host_filter, detail_level)
|
131
|
+
dsm.hostDetailRetrieve(host_filter, detail_level)
|
132
|
+
end
|
133
|
+
|
134
|
+
# @!endgroup
|
135
|
+
|
136
|
+
end
|
137
|
+
|
138
|
+
class Manager
|
139
|
+
|
140
|
+
# @!group Low-Level SOAP Wrapper
|
141
|
+
|
142
|
+
# Retrieves the detail information of hosts.
|
143
|
+
#
|
144
|
+
# SYNTAX
|
145
|
+
# public HostDetailTransport[] hostDetailRetrieve(HostFilterTransport hostFilter, EnumHostDetailLevel hostDetailLevel, String sID)
|
146
|
+
#
|
147
|
+
# PARAMETERS
|
148
|
+
# hostFilter Restricts the retrieved hosts by host, group, or security profile
|
149
|
+
# hostDetailLevel The detail level
|
150
|
+
# sID Authentication session identifier ID.
|
151
|
+
#
|
152
|
+
# RETURNS
|
153
|
+
# HostDetailTransport object array.
|
154
|
+
def hostDetailRetrieve(hostFilter, hostDetailLevel, sID = dsm.sID)
|
155
|
+
cache.fetch(HostDetail.cache_key(:all, :all)) do
|
156
|
+
request_array(:host_detail_retrieve, HostDetail, nil,
|
157
|
+
:hostFilter => hostFilter.to_savon_data,
|
158
|
+
:hostDetailLevel => EnumHostDetailLevel.key(hostDetailLevel),
|
159
|
+
:sID => sID)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
# @!endgroup
|
164
|
+
|
165
|
+
end
|
166
|
+
|
167
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Used as search criteria to limit the scope of objects returned by computer-related attributes, such as by a Group,
|
4
|
+
# a Security Profile, or a specific computer. The event retrieval- related methods will require a HostFilterTransport
|
5
|
+
# that is empty to search for all events, or with specific properties populated to limit the scope of the search. For
|
6
|
+
# example, setting the HostFilterTransport securityProfileID property to the ID of a Security Profile will limit any
|
7
|
+
# event retrieval method calls to events that pertain to computers with the specific Security Profile assigned.
|
8
|
+
class HostFilter < TransportObject
|
9
|
+
|
10
|
+
attr_integer_accessor :hostGroupID,
|
11
|
+
"HostGroupTransport ID to filter computers by"
|
12
|
+
attr_integer_accessor :hostID,
|
13
|
+
"HostTransport ID to filter computers by"
|
14
|
+
attr_integer_accessor :securityProfileID,
|
15
|
+
"SecurityProfileTransport ID to filter computers by"
|
16
|
+
attr_enum_accessor :type,
|
17
|
+
EnumHostFilterType,
|
18
|
+
"EnumHostFilterType to filter computers by"
|
19
|
+
|
20
|
+
def self.all_hosts
|
21
|
+
instance = self.new()
|
22
|
+
instance.type = :all_hosts
|
23
|
+
instance
|
24
|
+
end
|
25
|
+
|
26
|
+
def self.hosts_in_group(host_group_id)
|
27
|
+
instance = self.new()
|
28
|
+
instance.type = :hosts_in_group
|
29
|
+
instance.hostGroupID = host_group_id
|
30
|
+
instance
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.hosts_using_security_profile(security_profile_id)
|
34
|
+
instance = self.new()
|
35
|
+
instance.type = :hosts_using_security_profile
|
36
|
+
instance.securityProfileID = security_profile_id
|
37
|
+
instance
|
38
|
+
end
|
39
|
+
|
40
|
+
def self.hosts_in_group_and_all_subgroups(host_group_id)
|
41
|
+
instance = self.new()
|
42
|
+
instance.type = :hosts_in_group_and_all_subgroups
|
43
|
+
instance.hostGroupID = host_group_id
|
44
|
+
instance
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.specific_host(host_id)
|
48
|
+
instance = self.new()
|
49
|
+
instance.type = :specific_host
|
50
|
+
instance.hostID = host_id
|
51
|
+
instance
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.my_hosts
|
55
|
+
instance = self.new()
|
56
|
+
instance.type = :my_hosts
|
57
|
+
instance
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
class HostGroup < TransportObject
|
4
|
+
|
5
|
+
attr_integer_accessor :id
|
6
|
+
attr_string_accessor :name
|
7
|
+
attr_string_accessor :description
|
8
|
+
attr_boolean_accessor :external
|
9
|
+
attr_string_accessor :external_id
|
10
|
+
attr_integer_accessor :parent_group_id
|
11
|
+
|
12
|
+
def parent_group
|
13
|
+
return nil if @parent_group_id.nil?
|
14
|
+
@dsm.host_group(@parent_group_id)
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
class Manager
|
20
|
+
|
21
|
+
def host_groups
|
22
|
+
cache.fetch(HostGroup.cache_key(:all, :all)) do
|
23
|
+
request_array("host_group_retrieve_all", HostGroup)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def host_group(id)
|
28
|
+
cache.fetch(HostGroup.cache_key(:id, id)) do
|
29
|
+
request_object("host_group_retrieve", HostGroup, {:id => id})
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def host_group_by_name(name)
|
34
|
+
cache.fetch(HostGroup.cache_key(:name, name)) do
|
35
|
+
request_object("host_group_retrieve_by_name", HostGroup, {:name => name})
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# The Host's Interface Transport Object.
|
4
|
+
class HostInterface < TransportObject
|
5
|
+
|
6
|
+
attr_integer_accessor :id
|
7
|
+
attr_string_accessor :name
|
8
|
+
attr_string_accessor :description
|
9
|
+
|
10
|
+
attr_string_accessor :display_name,
|
11
|
+
'Computer display name'
|
12
|
+
attr_boolean_accessor :external,
|
13
|
+
'Administrative external boolean for integration purposes.'
|
14
|
+
attr_string_accessor :external_id,
|
15
|
+
'Administrative external ID for integration purposes.'
|
16
|
+
attr_integer_accessor :host_group_id,
|
17
|
+
'Assigned HostGroupTransport ID'
|
18
|
+
attr_enum_accessor :host_type,
|
19
|
+
EnumHostType,
|
20
|
+
'Assigned host type'
|
21
|
+
attr_string_accessor :platform,
|
22
|
+
'Computer platform'
|
23
|
+
attr_integer_accessor :security_profile_id,
|
24
|
+
'Assigned SecurityProfileTransport ID'
|
25
|
+
|
26
|
+
# ABOVE COPIED FROM HOST!
|
27
|
+
|
28
|
+
attr_boolean_accessor :dhcp,
|
29
|
+
"DHCP On or Off"
|
30
|
+
attr_integer_accessor :host_bridge_id,
|
31
|
+
"The ID of the Host Bridge"
|
32
|
+
attr_integer_accessor :interface_type_id,
|
33
|
+
"The ID of the Interface Type"
|
34
|
+
attr_string_accessor :mac,
|
35
|
+
"Mac Address"
|
36
|
+
attr_boolean_accessor :not_available,
|
37
|
+
"True is the HostInterface isn't available"
|
38
|
+
attr_integer_accessor :virtual_device_key,
|
39
|
+
"The Virtual Device Key"
|
40
|
+
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Used as a search criteria to limit the scope of objects returned by event transport object ID. Each event transport
|
4
|
+
# object, such as IntegrityEventTransport, includes an ID property that is assigned as the primary key of an event
|
5
|
+
# when it is generated by a computer agent. Using IDFilterTransport, it is possible to filter event retrieval by this
|
6
|
+
# event ID in order to retrieve a specific event by ID, or events that are greater or less than a specified ID. For
|
7
|
+
# example, a utility that is designed to retrieve all new events on an interval can use the event ID property to
|
8
|
+
# uniquely identify which events have already been retrieved. This way retrieval of duplicate events can be avoided.
|
9
|
+
class IDFilter < TransportObject
|
10
|
+
|
11
|
+
attr_integer_accessor :id
|
12
|
+
attr_enum_accessor :operator, EnumOperator
|
13
|
+
|
14
|
+
def self.equals(id)
|
15
|
+
instance = self.new()
|
16
|
+
instance.operator = :equals
|
17
|
+
instance.id =id
|
18
|
+
instance
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.less_than(id)
|
22
|
+
instance = self.new()
|
23
|
+
instance.operator = :less_than
|
24
|
+
instance.id =id
|
25
|
+
instance
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.greater_than(id)
|
29
|
+
instance = self.new()
|
30
|
+
instance.operator = :greater_than
|
31
|
+
instance.id =id
|
32
|
+
instance
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# This class encapsulates a vulnerability
|
4
|
+
# @private
|
5
|
+
class Vulnerability
|
6
|
+
|
7
|
+
attr_accessor :dpi_rule_identifier
|
8
|
+
attr_accessor :cve_identifiers
|
9
|
+
attr_accessor :secunia_identifiers
|
10
|
+
attr_accessor :bugtraq_identifiers
|
11
|
+
attr_accessor :microsoft_identifiers
|
12
|
+
|
13
|
+
def parse_vulnerabilities_string(string)
|
14
|
+
return [] if string.strip == "N/A"
|
15
|
+
string.split(",").map { |each| each.strip }
|
16
|
+
end
|
17
|
+
|
18
|
+
def cve_identifiers_string=(string)
|
19
|
+
@cve_identifiers = parse_vulnerabilities_string(string)
|
20
|
+
end
|
21
|
+
|
22
|
+
def secunia_identifiers_string=(string)
|
23
|
+
@secunia_identifiers = parse_vulnerabilities_string(string)
|
24
|
+
end
|
25
|
+
|
26
|
+
def bugtraq_identifiers_string=(string)
|
27
|
+
@bugtraq_identifiers = parse_vulnerabilities_string(string)
|
28
|
+
end
|
29
|
+
|
30
|
+
def microsoft_identifiers_string=(string)
|
31
|
+
@microsoft_identifiers = parse_vulnerabilities_string(string)
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
class Manager
|
37
|
+
|
38
|
+
def vulnerabilities
|
39
|
+
payload_filters2_enable_vulnerability_columns()
|
40
|
+
payload_filters2().map do |hash|
|
41
|
+
vulnerability = Vulnerability.new
|
42
|
+
vulnerability.dpi_rule_identifier = hash[:name].split(' ').first
|
43
|
+
vulnerability.cve_identifiers_string = hash[:cve]
|
44
|
+
vulnerability.secunia_identifiers_string = hash[:secunia]
|
45
|
+
vulnerability.bugtraq_identifiers_string = hash[:bugtraq]
|
46
|
+
vulnerability.microsoft_identifiers_string = hash[:microsoft]
|
47
|
+
vulnerability
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
52
|
+
end
|