deepsecurity 0.0.13hf1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/.gitignore +25 -0
  2. data/.yardopts +4 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +22 -0
  5. data/README.md +29 -0
  6. data/Rakefile +2 -0
  7. data/bin/dsc +186 -0
  8. data/deepsecurity.gemspec +30 -0
  9. data/lib/deepsecurity/ds_object.rb +37 -0
  10. data/lib/deepsecurity/enums.rb +539 -0
  11. data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
  12. data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
  13. data/lib/deepsecurity/manager.rb +223 -0
  14. data/lib/deepsecurity/screenscraping.rb +149 -0
  15. data/lib/deepsecurity/transport_object.rb +21 -0
  16. data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
  17. data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
  18. data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
  19. data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
  20. data/lib/deepsecurity/transport_objects/host.rb +171 -0
  21. data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
  22. data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
  23. data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
  24. data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
  25. data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
  26. data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
  27. data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
  28. data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
  29. data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
  30. data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
  31. data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
  32. data/lib/deepsecurity/version.rb +3 -0
  33. data/lib/deepsecurity.rb +58 -0
  34. data/lib/dsc/anti_malware_event.rb +101 -0
  35. data/lib/dsc/dsc_object.rb +41 -0
  36. data/lib/dsc/helper.rb +48 -0
  37. data/lib/dsc/host_detail.rb +62 -0
  38. data/lib/dsc.rb +6 -0
  39. data/lib/dsc_version.rb +3 -0
  40. data/lib/savon_helper/caching_object.rb +48 -0
  41. data/lib/savon_helper/mapping_object.rb +421 -0
  42. data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
  43. data/lib/savon_helper/soap_exception.rb +7 -0
  44. data/lib/savon_helper/type_mappings.rb +218 -0
  45. data/lib/savon_helper.rb +7 -0
  46. metadata +188 -0
@@ -0,0 +1,113 @@
1
+ module DeepSecurity
2
+
3
+ # Represents a DPI Rule that can be accessed to read, update, or when creating new DPI Rules. Creating and updating
4
+ # DPI Rules is considered advanced and not a routine or repetitive operation. Changing some configuration options,
5
+ # such as includePacketData or raiseAlert are reasonable; however, creating a new DPI rule from scratch
6
+ # programmatically should only be done if full testing of the ruleXML content has been performed prior.
7
+ #
8
+ # When creating a new rule, if possible it is recommended that an existing base rule is retrieved first, then
9
+ # modified to reflect the new rule, and saved as the new rule.
10
+ #
11
+ # Once a new rule has been created and saved, the returned transport object from the save rule method should be used
12
+ # for all subsequent configuration operations for the life of the object. The reason for this is that the Manager will
13
+ # populate some fields during the save operation, such as rule ID, and these fields will not be present if you do not
14
+ # use the returned version after saving.
15
+ class DPIRule < TransportObject
16
+
17
+ attr_integer_accessor :id,
18
+ "ID"
19
+ attr_string_accessor :name,
20
+ "Name"
21
+ attr_string_accessor :description,
22
+ "Description"
23
+ attr_string_accessor :tbuid,
24
+ "Internal TBUID of a Trend Micro issued DPI Rule"
25
+ attr_integer_accessor :application_type_id,
26
+ "ApplicationTypeTransport ID this rule is assigned to"
27
+ attr_boolean_accessor :authoritative,
28
+ "Whether the rule is an internal read only Trend Micro rule"
29
+ attr_double_accessor :cvss_score,
30
+ "Final calculated CVSS score of the vulnerability information. A rule may resolve multiple vulnerabilities, so this will always be the highest CVSS score."
31
+ attr_boolean_accessor :detect_only,
32
+ "Whether the rule is detect only"
33
+ attr_boolean_accessor :disable_event,
34
+ "Whether the rule is disabled"
35
+ attr_boolean_accessor :event_on_packet_drop,
36
+ "Whether the rule should trigger an event when the connection is dropped"
37
+ attr_boolean_accessor :event_on_packet_modify,
38
+ "Whether the rule should trigger an event when a packet is modified by a rule (uncommon)"
39
+ attr_string_accessor :identifier,
40
+ "Public identifier of the filter used by Trend Micro to track filters"
41
+ attr_boolean_accessor :ignore_recommendations,
42
+ "Whether the Recommendation Engine should ignore this rule"
43
+ attr_boolean_accessor :include_packet_data,
44
+ "Whether this rule events should include packet data"
45
+ attr_datetime_accessor :issued,
46
+ "Date this rule was issued"
47
+ attr_enum_accessor :pattern_action,
48
+ EnumDPIRuleAction,
49
+ "Action for START_END_PATTERNS type rule, e.g., DROP_CLOSE, LOG_ONLY"
50
+ attr_boolean_accessor :pattern_case_sensitive,
51
+ "Whether a START_END_PATTERNS type rule should consider case sensitivity"
52
+ attr_string_accessor :pattern_end,
53
+ "End pattern"
54
+ attr_enum_accessor :pattern_if,
55
+ EnumDPIRuleIf,
56
+ "Trigger if a START_END_PATTERNS type rule meets the criteria, e.g., ALL_PATTERNS_FOUND, ANY_PATTERNS_FOUND, NO_PATTERNS_FOUND"
57
+ attr_string_accessor :pattern_patterns,
58
+ "A newline separated list of strings which will be used by a START_END_PATTERNS type rule"
59
+ attr_string_accessor :pattern_start,
60
+ "Start pattern"
61
+ attr_enum_accessor :priority, EnumDPIRulePriority,
62
+ "Rule priority, e.g., HIGHEST, NORMAL, LOWEST"
63
+ attr_boolean_accessor :raise_alert,
64
+ "Whether an alert should be raised when the rule triggers"
65
+ attr_string_accessor :rule_xml,
66
+ "Rule XML of a CUSTOM_XML type rule. This may not be available for rules that have thirdBrigade set to TRUE"
67
+ attr_integer_accessor :schedule_id,
68
+ "ScheduleTransport ID assigned to this rule"
69
+ attr_enum_accessor :severity,
70
+ EnumDPIRuleSeverity,
71
+ "Severity, e.g., CRITICAL, LOW"
72
+ attr_enum_accessor :signature_action,
73
+ EnumDPIRuleAction,
74
+ "Action for SIGNATURE type rule, e.g., DROP_CLOSE, LOG_ONLY"
75
+ attr_boolean_accessor :signature_case_sensitive,
76
+ "Whether a SIGNATURE type rule should consider case sensitivity"
77
+ attr_string_accessor :signature_signature,
78
+ "Signature string which will be used by a SIGNATURE type rule"
79
+ attr_enum_accessor :template_type,
80
+ EnumDPIRuleTemplateType,
81
+ "Rule Type, e.g., CUSTOM_XML, SIGNATURE, START_END PATTERNS"
82
+
83
+ cache_by_aspect :id, :name
84
+
85
+ def application_type
86
+ @dsm.application_type(@application_type_id)
87
+ end
88
+
89
+ end
90
+
91
+ class Manager
92
+
93
+ def dpi_rules
94
+ cache.fetch(DPIRule.cache_key(:all, :all)) do
95
+ request_array("dpi_rule_retrieve_all", DPIRule)
96
+ end
97
+ end
98
+
99
+ def dpi_rule(id)
100
+ cache.fetch(DPIRule.cache_key(:id, id)) do
101
+ request_object("dpi_rule_retrieve", DPIRule, {:id => id})
102
+ end
103
+ end
104
+
105
+ def dpi_rule_by_name(name)
106
+ cache.fetch(DPIRule.cache_key(:name, name)) do
107
+ request_object("dpi_rule_retrieve_by_name", DPIRule, {:name => name})
108
+ end
109
+ end
110
+
111
+ end
112
+
113
+ end
@@ -0,0 +1,171 @@
1
+ module DeepSecurity
2
+
3
+ # The primary computer transport object that represents the computer systems Deep Security is aware of. Physical
4
+ # computers, virtual machines, ESX servers, and Deep Security Virtual Appliances are all represented as HostTransport
5
+ # objects.
6
+ #
7
+ # To determine a HostTransport status (e.g., Activated, Offline, Installed, etc.) the computer HostStatusTransport
8
+ # should be retrieved and the assigned ProtectionStatusTransport objects should be inspected. The HostTransportStatus
9
+ # will reflect the overall protection status of a computer. If protection is applied by both an in-guest Agent and
10
+ # Virtual Appliance, then two ProtectionStatusTransport objects will be assigned. Agent and Virtual Appliance
11
+ # protection may have different protection capabilities enabled, so inspection of all assigned
12
+ # ProtectionStatusTransport objects should considered. Note that this is only necessary where a Virtual Appliance is
13
+ # deployed. Computers and virtual machines that only use Agent protection may only use the HostTransportStatus.
14
+ class Host < TransportObject
15
+
16
+ attr_integer_accessor :id
17
+ attr_string_accessor :name
18
+ attr_string_accessor :description
19
+
20
+ attr_string_accessor :display_name,
21
+ 'Computer display name'
22
+ attr_boolean_accessor :external,
23
+ 'Administrative external boolean for integration purposes.'
24
+ attr_string_accessor :external_id,
25
+ 'Administrative external ID for integration purposes.'
26
+ attr_integer_accessor :host_group_id,
27
+ 'Assigned HostGroupTransport ID'
28
+ attr_enum_accessor :host_type,
29
+ EnumHostType,
30
+ 'Assigned host type'
31
+ attr_string_accessor :platform,
32
+ 'Computer platform'
33
+ attr_integer_accessor :security_profile_id,
34
+ 'Assigned SecurityProfileTransport ID'
35
+
36
+ cache_by_aspect :id, :name
37
+
38
+ # @!group High-Level Screenscraping Wrapper
39
+
40
+ def dpi_rules_from_identifiers(rule_identifiers)
41
+ dpi_rules = Hash.new()
42
+ Manager.current.dpi_rules.each { |rule| dpi_rules[rule.identifier]=rule }
43
+ rule_identifiers.map { |rule_identifier| dpi_rules[rule_identifier] }
44
+ end
45
+
46
+ def all_dpi_rule_identifiers
47
+ Manager.current.dpi_rule_identifiers_for_host(@id, 0)
48
+ end
49
+
50
+ def assigned_dpi_rule_identifiers
51
+ Manager.current.dpi_rule_identifiers_for_host(@id, 16)
52
+ end
53
+
54
+ def unassigned_dpi_rule_identifiers
55
+ Manager.current.dpi_rule_identifiers_for_host(@id, 32)
56
+ end
57
+
58
+ def recommended__dpi_rule_identifiers
59
+ Manager.current.dpi_rule_identifiers_for_host(@id, 33)
60
+ end
61
+
62
+ def unrecommended__dpi_rule_identifiers
63
+ Manager.current.dpi_rule_identifiers_for_host(@id, 18)
64
+ end
65
+
66
+ def all_dpi_rules
67
+ dpi_rules_from_identifiers(all_dpi_rule_identifiers())
68
+ end
69
+
70
+ def assigned_dpi_rules
71
+ dpi_rules_from_identifiers(assigned_dpi_rule_identifiers())
72
+ end
73
+
74
+ #@!endgroup
75
+
76
+ # @!group High-Level SOAP Wrapper
77
+
78
+ # Retrieves Hosts.
79
+ # @return [Array<Host>]
80
+ def self.all
81
+ dsm.hostRetrieveAll()
82
+ end
83
+
84
+ # Retrieves a Host by ID.
85
+ # @param [Integer] id Host ID
86
+ # @return [Host]
87
+ def self.find_by_id(id)
88
+ dsm.hostRetrieve(id)
89
+ end
90
+
91
+ # Retrieves a Host by name.
92
+ # @param [String] hostname hostname
93
+ # @return [Host]
94
+ def self.find_by_name(hostname)
95
+ dsm.hostRetrieveByName(hostname)
96
+ end
97
+ #@!endgroup
98
+ end
99
+
100
+ class Manager
101
+
102
+ # @!group Low-Level SOAP Wrapper
103
+
104
+ # Retrieves Hosts.
105
+ #
106
+ # SYNTAX
107
+ # HostTransport[] hostRetrieveAll(String sID)
108
+ #
109
+ # PARAMETERS
110
+ # sID Authentication session identifier ID.
111
+ #
112
+ # RETURNS
113
+ # HostTransport object array.
114
+ def hostRetrieveAll(sID = dsm.sID)
115
+ cache.fetch(Host.cache_key(:all, :all)) do
116
+ request_array(:host_retrieve_all, Host, nil,
117
+ :sID => sID)
118
+ end
119
+ end
120
+
121
+ # Retrieves a Host by ID.
122
+ #
123
+ # SYNTAX
124
+ # HostTransport hostRetrieve(int ID, String sID)
125
+ #
126
+ # PARAMETERS
127
+ # ID Host ID.
128
+ # sID Authentication session identifier ID.
129
+ #
130
+ # RETURNS
131
+ # HostTransport object.
132
+ def hostRetrieve(id, sID = dsm.sID)
133
+ cache.fetch(Host.cache_key(:id, id)) do
134
+ request_object(:host_retrieve, Host, :id => id, :sID => sID)
135
+ end
136
+ end
137
+
138
+ # Retrieves a Host by name.
139
+ #
140
+ # SYNTAX
141
+ # HostTransport hostRetrieveByName(String hostname, String sID)
142
+ #
143
+ # PARAMETERS
144
+ # hostname Host name.
145
+ # sID Authentication session identifier ID.
146
+ #
147
+ # RETURNS
148
+ # HostTransport object.
149
+ def hostRetrieveByName(hostname, sID = dsm.sID)
150
+ cache.fetch(Host.cache_key(:name, hostname)) do
151
+ request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
152
+ end
153
+ end
154
+
155
+ # @!endgroup
156
+
157
+ # @!group Low-Level Screenscraping Wrapper
158
+
159
+ def security_profile
160
+ Manager.current.security_progile(@security_profile_id)
161
+ end
162
+
163
+ def dpi_rule_identifiers_for_host(id, argument)
164
+ payload_filters2_show_rules(id, argument)
165
+ payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
166
+ end
167
+ # @!endgroup
168
+
169
+ end
170
+
171
+ end
@@ -0,0 +1,167 @@
1
+ module DeepSecurity
2
+
3
+ # An object that holds detailed information about one computer object. All the "overall" fields are fields created by
4
+ # merging states of potentially multiple endpoints (i.e., Agent + Appliance).
5
+ class HostDetail < Host
6
+
7
+
8
+ attr_integer_accessor :id
9
+ attr_string_accessor :name
10
+ attr_string_accessor :description
11
+
12
+ attr_string_accessor :display_name,
13
+ 'Computer display name'
14
+ attr_boolean_accessor :external,
15
+ 'Administrative external boolean for integration purposes.'
16
+ attr_string_accessor :external_id,
17
+ 'Administrative external ID for integration purposes.'
18
+ attr_integer_accessor :host_group_id,
19
+ 'Assigned HostGroupTransport ID'
20
+ attr_enum_accessor :host_type,
21
+ EnumHostType,
22
+ 'Assigned host type'
23
+ attr_string_accessor :platform,
24
+ 'Computer platform'
25
+ attr_integer_accessor :security_profile_id,
26
+ 'Assigned SecurityProfileTransport ID'
27
+ # ABOVE is duplicates from Host!
28
+
29
+ attr_string_accessor :anti_malware_classic_pattern_version,
30
+ "Current version of the classic Anti-Malware pattern"
31
+ attr_string_accessor :anti_malware_engine_version,
32
+ "Current version of the Anti-Malware engine"
33
+ attr_string_accessor :anti_malware_intelli_trap_exception_version,
34
+ "Current version of the IntelliTrap exception pattern"
35
+ attr_string_accessor :anti_malware_intelli_trap_version,
36
+ "Current version of the IntelliTrap pattern"
37
+ attr_string_accessor :anti_malware_smart_scan_pattern_version,
38
+ "Current version of the Smart Scan pattern"
39
+ attr_string_accessor :anti_malware_spyware_pattern_version,
40
+ "Current version of the Spyware pattern"
41
+ attr_string_accessor :host_group_name,
42
+ "Name of Group this computer belongs to"
43
+ attr_string_accessor :cloud_object_image_id,
44
+ "Cloud Object Image Id"
45
+ attr_string_accessor :cloud_object_instance_id,
46
+ "Cloud Object Instance Id"
47
+ attr_string_accessor :cloud_object_internal_unique_id,
48
+ "Cloud Object Internal Unique Id"
49
+ attr_string_accessor :cloud_object_security_group_ids,
50
+ "Cloud Object Security Group Ids"
51
+ attr_enum_accessor :cloud_object_type,
52
+ EnumCloudObjectType,
53
+ "Cloud Object Type"
54
+ attr_enum_accessor :host_light,
55
+ EnumHostLight,
56
+ "Current color that represents the computers status"
57
+ attr_datetime_accessor :last_anit_malware_scheduled_scan,
58
+ "Last time an Anti-Malware scheduled scan was performed"
59
+ attr_datetime_accessor :last_anti_malware_event,
60
+ "The time of the most recent Anti-Malware event for this computer"
61
+ attr_datetime_accessor :last_anti_malware_manual_scan,
62
+ "Last time an Anti-Malware manual scan was performed"
63
+ attr_datetime_accessor :last_dpi_event,
64
+ "The time of the most recent DPI Event for this computer"
65
+ attr_datetime_accessor :last_firewall_event,
66
+ "The time of the most recent Firewall Event for this computer"
67
+
68
+ attr_ip_address_accessor :last_ip_used,
69
+ "The last IP that was used for this computer during communication with the manager"
70
+ attr_datetime_accessor :last_integrity_monitoring_event,
71
+ "The time of the most recent Integrity Monitoring Event for this computer"
72
+ attr_datetime_accessor :last_log_inspection_event,
73
+ "The time of the most recent Log Inspection Event for this computer"
74
+ attr_integer_accessor :light,
75
+ "An integer representing the computers status light"
76
+ attr_boolean_accessor :locked,
77
+ "The locked state of the computer"
78
+ attr_string_accessor :overall_anti_malware_status,
79
+ "Overall Anti-Malware status of the computer"
80
+ attr_string_accessor :overall_dpi_status,
81
+ "Overall DPI status of the computer"
82
+ attr_string_accessor :overall_firewall_status,
83
+ "Overall Firewall status of the computer"
84
+ attr_string_accessor :overall_integrity_monitoring_status,
85
+ "Overall Integrity Monitoring status of the computer"
86
+ attr_datetime_accessor :overall_last_recommendation_scan,
87
+ "The time of the last recommendation scan"
88
+ attr_datetime_accessor :overall_last_successful_communication,
89
+ "The time of the last communication with the Manager"
90
+ attr_datetime_accessor :overall_last_successful_update,
91
+ "The time of the last successful Configuration Update"
92
+ attr_datetime_accessor :overall_last_update_required,
93
+ "The time the last configuration update was required at the manager"
94
+ attr_string_accessor :overall_log_inspection_status,
95
+ "Overall Log Inspection status of the computer"
96
+ attr_string_accessor :overall_status,
97
+ "Overall status of the computer"
98
+ attr_string_accessor :overall_version,
99
+ "Overall version of the computer"
100
+ attr_string_accessor :security_profile_name,
101
+ "Name of the security profile assigned to the computer"
102
+ attr_string_accessor :virtual_name,
103
+ "Internal virtual name (only populated if this is a computer provisioned through vCenter)"
104
+ attr_string_accessor :virtual_uuid,
105
+ "Internal virtual UUID (only populated if this is a computer provisioned through vCenter)"
106
+ array_integer_accessor :component_klasses,
107
+ "Array of class ids for components"
108
+ array_string_accessor :component_names,
109
+ "Array of component names"
110
+ array_integer_accessor :component_types,
111
+ "Array of component types"
112
+ array_string_accessor :component_versions,
113
+ "Array of component versions"
114
+ attr_string_accessor :overall_web_reputation_status,
115
+ "Overall Web Reputation status of the computer"
116
+ attr_datetime_accessor :last_web_reputation_event,
117
+ "The time of the most recent Web Reputation event for this computer"
118
+
119
+ array_object_accessor :host_interfaces,
120
+ HostInterface
121
+
122
+ # cache_by_aspect :id, :name
123
+
124
+ # @!group High-Level SOAP Wrapper
125
+
126
+ # Return all HostDetails matching the hosts filter with the given detail level
127
+ # @param [HostFilter] host_filter
128
+ # @param [EnumHostDetailLevel] detail_level
129
+ # @return [Array<HostDetail>]
130
+ def self.find_all(host_filter, detail_level)
131
+ dsm.hostDetailRetrieve(host_filter, detail_level)
132
+ end
133
+
134
+ # @!endgroup
135
+
136
+ end
137
+
138
+ class Manager
139
+
140
+ # @!group Low-Level SOAP Wrapper
141
+
142
+ # Retrieves the detail information of hosts.
143
+ #
144
+ # SYNTAX
145
+ # public HostDetailTransport[] hostDetailRetrieve(HostFilterTransport hostFilter, EnumHostDetailLevel hostDetailLevel, String sID)
146
+ #
147
+ # PARAMETERS
148
+ # hostFilter Restricts the retrieved hosts by host, group, or security profile
149
+ # hostDetailLevel The detail level
150
+ # sID Authentication session identifier ID.
151
+ #
152
+ # RETURNS
153
+ # HostDetailTransport object array.
154
+ def hostDetailRetrieve(hostFilter, hostDetailLevel, sID = dsm.sID)
155
+ cache.fetch(HostDetail.cache_key(:all, :all)) do
156
+ request_array(:host_detail_retrieve, HostDetail, nil,
157
+ :hostFilter => hostFilter.to_savon_data,
158
+ :hostDetailLevel => EnumHostDetailLevel.key(hostDetailLevel),
159
+ :sID => sID)
160
+ end
161
+ end
162
+
163
+ # @!endgroup
164
+
165
+ end
166
+
167
+ end
@@ -0,0 +1,62 @@
1
+ module DeepSecurity
2
+
3
+ # Used as search criteria to limit the scope of objects returned by computer-related attributes, such as by a Group,
4
+ # a Security Profile, or a specific computer. The event retrieval- related methods will require a HostFilterTransport
5
+ # that is empty to search for all events, or with specific properties populated to limit the scope of the search. For
6
+ # example, setting the HostFilterTransport securityProfileID property to the ID of a Security Profile will limit any
7
+ # event retrieval method calls to events that pertain to computers with the specific Security Profile assigned.
8
+ class HostFilter < TransportObject
9
+
10
+ attr_integer_accessor :hostGroupID,
11
+ "HostGroupTransport ID to filter computers by"
12
+ attr_integer_accessor :hostID,
13
+ "HostTransport ID to filter computers by"
14
+ attr_integer_accessor :securityProfileID,
15
+ "SecurityProfileTransport ID to filter computers by"
16
+ attr_enum_accessor :type,
17
+ EnumHostFilterType,
18
+ "EnumHostFilterType to filter computers by"
19
+
20
+ def self.all_hosts
21
+ instance = self.new()
22
+ instance.type = :all_hosts
23
+ instance
24
+ end
25
+
26
+ def self.hosts_in_group(host_group_id)
27
+ instance = self.new()
28
+ instance.type = :hosts_in_group
29
+ instance.hostGroupID = host_group_id
30
+ instance
31
+ end
32
+
33
+ def self.hosts_using_security_profile(security_profile_id)
34
+ instance = self.new()
35
+ instance.type = :hosts_using_security_profile
36
+ instance.securityProfileID = security_profile_id
37
+ instance
38
+ end
39
+
40
+ def self.hosts_in_group_and_all_subgroups(host_group_id)
41
+ instance = self.new()
42
+ instance.type = :hosts_in_group_and_all_subgroups
43
+ instance.hostGroupID = host_group_id
44
+ instance
45
+ end
46
+
47
+ def self.specific_host(host_id)
48
+ instance = self.new()
49
+ instance.type = :specific_host
50
+ instance.hostID = host_id
51
+ instance
52
+ end
53
+
54
+ def self.my_hosts
55
+ instance = self.new()
56
+ instance.type = :my_hosts
57
+ instance
58
+ end
59
+
60
+ end
61
+
62
+ end
@@ -0,0 +1,41 @@
1
+ module DeepSecurity
2
+
3
+ class HostGroup < TransportObject
4
+
5
+ attr_integer_accessor :id
6
+ attr_string_accessor :name
7
+ attr_string_accessor :description
8
+ attr_boolean_accessor :external
9
+ attr_string_accessor :external_id
10
+ attr_integer_accessor :parent_group_id
11
+
12
+ def parent_group
13
+ return nil if @parent_group_id.nil?
14
+ @dsm.host_group(@parent_group_id)
15
+ end
16
+
17
+ end
18
+
19
+ class Manager
20
+
21
+ def host_groups
22
+ cache.fetch(HostGroup.cache_key(:all, :all)) do
23
+ request_array("host_group_retrieve_all", HostGroup)
24
+ end
25
+ end
26
+
27
+ def host_group(id)
28
+ cache.fetch(HostGroup.cache_key(:id, id)) do
29
+ request_object("host_group_retrieve", HostGroup, {:id => id})
30
+ end
31
+ end
32
+
33
+ def host_group_by_name(name)
34
+ cache.fetch(HostGroup.cache_key(:name, name)) do
35
+ request_object("host_group_retrieve_by_name", HostGroup, {:name => name})
36
+ end
37
+ end
38
+
39
+ end
40
+
41
+ end
@@ -0,0 +1,42 @@
1
+ module DeepSecurity
2
+
3
+ # The Host's Interface Transport Object.
4
+ class HostInterface < TransportObject
5
+
6
+ attr_integer_accessor :id
7
+ attr_string_accessor :name
8
+ attr_string_accessor :description
9
+
10
+ attr_string_accessor :display_name,
11
+ 'Computer display name'
12
+ attr_boolean_accessor :external,
13
+ 'Administrative external boolean for integration purposes.'
14
+ attr_string_accessor :external_id,
15
+ 'Administrative external ID for integration purposes.'
16
+ attr_integer_accessor :host_group_id,
17
+ 'Assigned HostGroupTransport ID'
18
+ attr_enum_accessor :host_type,
19
+ EnumHostType,
20
+ 'Assigned host type'
21
+ attr_string_accessor :platform,
22
+ 'Computer platform'
23
+ attr_integer_accessor :security_profile_id,
24
+ 'Assigned SecurityProfileTransport ID'
25
+
26
+ # ABOVE COPIED FROM HOST!
27
+
28
+ attr_boolean_accessor :dhcp,
29
+ "DHCP On or Off"
30
+ attr_integer_accessor :host_bridge_id,
31
+ "The ID of the Host Bridge"
32
+ attr_integer_accessor :interface_type_id,
33
+ "The ID of the Interface Type"
34
+ attr_string_accessor :mac,
35
+ "Mac Address"
36
+ attr_boolean_accessor :not_available,
37
+ "True is the HostInterface isn't available"
38
+ attr_integer_accessor :virtual_device_key,
39
+ "The Virtual Device Key"
40
+
41
+ end
42
+ end
@@ -0,0 +1,37 @@
1
+ module DeepSecurity
2
+
3
+ # Used as a search criteria to limit the scope of objects returned by event transport object ID. Each event transport
4
+ # object, such as IntegrityEventTransport, includes an ID property that is assigned as the primary key of an event
5
+ # when it is generated by a computer agent. Using IDFilterTransport, it is possible to filter event retrieval by this
6
+ # event ID in order to retrieve a specific event by ID, or events that are greater or less than a specified ID. For
7
+ # example, a utility that is designed to retrieve all new events on an interval can use the event ID property to
8
+ # uniquely identify which events have already been retrieved. This way retrieval of duplicate events can be avoided.
9
+ class IDFilter < TransportObject
10
+
11
+ attr_integer_accessor :id
12
+ attr_enum_accessor :operator, EnumOperator
13
+
14
+ def self.equals(id)
15
+ instance = self.new()
16
+ instance.operator = :equals
17
+ instance.id =id
18
+ instance
19
+ end
20
+
21
+ def self.less_than(id)
22
+ instance = self.new()
23
+ instance.operator = :less_than
24
+ instance.id =id
25
+ instance
26
+ end
27
+
28
+ def self.greater_than(id)
29
+ instance = self.new()
30
+ instance.operator = :greater_than
31
+ instance.id =id
32
+ instance
33
+ end
34
+
35
+ end
36
+
37
+ end
@@ -0,0 +1,52 @@
1
+ module DeepSecurity
2
+
3
+ # This class encapsulates a vulnerability
4
+ # @private
5
+ class Vulnerability
6
+
7
+ attr_accessor :dpi_rule_identifier
8
+ attr_accessor :cve_identifiers
9
+ attr_accessor :secunia_identifiers
10
+ attr_accessor :bugtraq_identifiers
11
+ attr_accessor :microsoft_identifiers
12
+
13
+ def parse_vulnerabilities_string(string)
14
+ return [] if string.strip == "N/A"
15
+ string.split(",").map { |each| each.strip }
16
+ end
17
+
18
+ def cve_identifiers_string=(string)
19
+ @cve_identifiers = parse_vulnerabilities_string(string)
20
+ end
21
+
22
+ def secunia_identifiers_string=(string)
23
+ @secunia_identifiers = parse_vulnerabilities_string(string)
24
+ end
25
+
26
+ def bugtraq_identifiers_string=(string)
27
+ @bugtraq_identifiers = parse_vulnerabilities_string(string)
28
+ end
29
+
30
+ def microsoft_identifiers_string=(string)
31
+ @microsoft_identifiers = parse_vulnerabilities_string(string)
32
+ end
33
+
34
+ end
35
+
36
+ class Manager
37
+
38
+ def vulnerabilities
39
+ payload_filters2_enable_vulnerability_columns()
40
+ payload_filters2().map do |hash|
41
+ vulnerability = Vulnerability.new
42
+ vulnerability.dpi_rule_identifier = hash[:name].split(' ').first
43
+ vulnerability.cve_identifiers_string = hash[:cve]
44
+ vulnerability.secunia_identifiers_string = hash[:secunia]
45
+ vulnerability.bugtraq_identifiers_string = hash[:bugtraq]
46
+ vulnerability.microsoft_identifiers_string = hash[:microsoft]
47
+ vulnerability
48
+ end
49
+ end
50
+
51
+ end
52
+ end