deepsecurity 0.0.13hf1

data/lib/deepsecurity/transport_objects/dpi_rule.rb

@@ -0,0 +1,113 @@
+module DeepSecurity
+
+  # Represents a DPI Rule that can be accessed to read, update, or when creating new DPI Rules. Creating and updating
+  # DPI Rules is considered advanced and not a routine or repetitive operation. Changing some configuration options,
+  # such as includePacketData or raiseAlert are reasonable; however, creating a new DPI rule from scratch
+  # programmatically should only be done if full testing of the ruleXML content has been performed prior.
+  #
+  # When creating a new rule, if possible it is recommended that an existing base rule is retrieved first, then
+  # modified to reflect the new rule, and saved as the new rule.
+  #
+  # Once a new rule has been created and saved, the returned transport object from the save rule method should be used
+  # for all subsequent configuration operations for the life of the object. The reason for this is that the Manager will
+  # populate some fields during the save operation, such as rule ID, and these fields will not be present if you do not
+  # use the returned version after saving.
+  class DPIRule < TransportObject
+
+    attr_integer_accessor :id,
+                          "ID"
+    attr_string_accessor :name,
+                         "Name"
+    attr_string_accessor :description,
+                         "Description"
+    attr_string_accessor :tbuid,
+                         "Internal TBUID of a Trend Micro issued DPI Rule"
+    attr_integer_accessor :application_type_id,
+                          "ApplicationTypeTransport ID this rule is assigned to"
+    attr_boolean_accessor :authoritative,
+                          "Whether the rule is an internal read only Trend Micro rule"
+    attr_double_accessor :cvss_score,
+                         "Final calculated CVSS score of the vulnerability information. A rule may resolve multiple vulnerabilities, so this will always be the highest CVSS score."
+    attr_boolean_accessor :detect_only,
+                          "Whether the rule is detect only"
+    attr_boolean_accessor :disable_event,
+                          "Whether the rule is disabled"
+    attr_boolean_accessor :event_on_packet_drop,
+                          "Whether the rule should trigger an event when the connection is dropped"
+    attr_boolean_accessor :event_on_packet_modify,
+                          "Whether the rule should trigger an event when a packet is modified by a rule (uncommon)"
+    attr_string_accessor :identifier,
+                         "Public identifier of the filter used by Trend Micro to track filters"
+    attr_boolean_accessor :ignore_recommendations,
+                          "Whether the Recommendation Engine should ignore this rule"
+    attr_boolean_accessor :include_packet_data,
+                          "Whether this rule events should include packet data"
+    attr_datetime_accessor :issued,
+                           "Date this rule was issued"
+    attr_enum_accessor :pattern_action,
+                       EnumDPIRuleAction,
+                       "Action for START_END_PATTERNS type rule, e.g., DROP_CLOSE, LOG_ONLY"
+    attr_boolean_accessor :pattern_case_sensitive,
+                          "Whether a START_END_PATTERNS type rule should consider case sensitivity"
+    attr_string_accessor :pattern_end,
+                         "End pattern"
+    attr_enum_accessor :pattern_if,
+                       EnumDPIRuleIf,
+                       "Trigger if a START_END_PATTERNS type rule meets the criteria, e.g., ALL_PATTERNS_FOUND, ANY_PATTERNS_FOUND, NO_PATTERNS_FOUND"
+    attr_string_accessor :pattern_patterns,
+                         "A newline separated list of strings which will be used by a START_END_PATTERNS type rule"
+    attr_string_accessor :pattern_start,
+                         "Start pattern"
+    attr_enum_accessor :priority, EnumDPIRulePriority,
+                       "Rule priority, e.g., HIGHEST, NORMAL, LOWEST"
+    attr_boolean_accessor :raise_alert,
+                          "Whether an alert should be raised when the rule triggers"
+    attr_string_accessor :rule_xml,
+                         "Rule XML of a CUSTOM_XML type rule. This may not be available for rules that have thirdBrigade set to TRUE"
+    attr_integer_accessor :schedule_id,
+                          "ScheduleTransport ID assigned to this rule"
+    attr_enum_accessor :severity,
+                       EnumDPIRuleSeverity,
+                       "Severity, e.g., CRITICAL, LOW"
+    attr_enum_accessor :signature_action,
+                       EnumDPIRuleAction,
+                       "Action for SIGNATURE type rule, e.g., DROP_CLOSE, LOG_ONLY"
+    attr_boolean_accessor :signature_case_sensitive,
+                          "Whether a SIGNATURE type rule should consider case sensitivity"
+    attr_string_accessor :signature_signature,
+                         "Signature string which will be used by a SIGNATURE type rule"
+    attr_enum_accessor :template_type,
+                       EnumDPIRuleTemplateType,
+                       "Rule Type, e.g., CUSTOM_XML, SIGNATURE, START_END PATTERNS"
+
+    cache_by_aspect :id, :name
+
+    def application_type
+      @dsm.application_type(@application_type_id)
+    end
+
+  end
+
+  class Manager
+
+    def dpi_rules
+      cache.fetch(DPIRule.cache_key(:all, :all)) do
+        request_array("dpi_rule_retrieve_all", DPIRule)
+      end
+    end
+
+    def dpi_rule(id)
+      cache.fetch(DPIRule.cache_key(:id, id)) do
+        request_object("dpi_rule_retrieve", DPIRule, {:id => id})
+      end
+    end
+
+    def dpi_rule_by_name(name)
+      cache.fetch(DPIRule.cache_key(:name, name)) do
+        request_object("dpi_rule_retrieve_by_name", DPIRule, {:name => name})
+      end
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/host.rb

@@ -0,0 +1,171 @@
+module DeepSecurity
+
+  # The primary computer transport object that represents the computer systems Deep Security is aware of. Physical
+  # computers, virtual machines, ESX servers, and Deep Security Virtual Appliances are all represented as HostTransport
+  # objects.
+  #
+  # To determine a HostTransport status (e.g., Activated, Offline, Installed, etc.) the computer HostStatusTransport
+  # should be retrieved and the assigned ProtectionStatusTransport objects should be inspected. The HostTransportStatus
+  # will reflect the overall protection status of a computer. If protection is applied by both an in-guest Agent and
+  # Virtual Appliance, then two ProtectionStatusTransport objects will be assigned. Agent and Virtual Appliance
+  # protection may have different protection capabilities enabled, so inspection of all assigned
+  # ProtectionStatusTransport objects should considered. Note that this is only necessary where a Virtual Appliance is
+  # deployed. Computers and virtual machines that only use Agent protection may only use the HostTransportStatus.
+  class Host < TransportObject
+
+    attr_integer_accessor :id
+    attr_string_accessor :name
+    attr_string_accessor :description
+
+    attr_string_accessor :display_name,
+                         'Computer display name'
+    attr_boolean_accessor :external,
+                          'Administrative external boolean for integration purposes.'
+    attr_string_accessor :external_id,
+                         'Administrative external ID for integration purposes.'
+    attr_integer_accessor :host_group_id,
+                          'Assigned HostGroupTransport ID'
+    attr_enum_accessor :host_type,
+                       EnumHostType,
+                       'Assigned host type'
+    attr_string_accessor :platform,
+                         'Computer platform'
+    attr_integer_accessor :security_profile_id,
+                          'Assigned SecurityProfileTransport ID'
+
+    cache_by_aspect :id, :name
+
+    # @!group High-Level Screenscraping Wrapper
+
+    def dpi_rules_from_identifiers(rule_identifiers)
+      dpi_rules = Hash.new()
+      Manager.current.dpi_rules.each { |rule| dpi_rules[rule.identifier]=rule }
+      rule_identifiers.map { |rule_identifier| dpi_rules[rule_identifier] }
+    end
+
+    def all_dpi_rule_identifiers
+      Manager.current.dpi_rule_identifiers_for_host(@id, 0)
+    end
+
+    def assigned_dpi_rule_identifiers
+      Manager.current.dpi_rule_identifiers_for_host(@id, 16)
+    end
+
+    def unassigned_dpi_rule_identifiers
+      Manager.current.dpi_rule_identifiers_for_host(@id, 32)
+    end
+
+    def recommended__dpi_rule_identifiers
+      Manager.current.dpi_rule_identifiers_for_host(@id, 33)
+    end
+
+    def unrecommended__dpi_rule_identifiers
+      Manager.current.dpi_rule_identifiers_for_host(@id, 18)
+    end
+
+    def all_dpi_rules
+      dpi_rules_from_identifiers(all_dpi_rule_identifiers())
+    end
+
+    def assigned_dpi_rules
+      dpi_rules_from_identifiers(assigned_dpi_rule_identifiers())
+    end
+
+    #@!endgroup
+
+    # @!group High-Level SOAP Wrapper
+
+    # Retrieves Hosts.
+    # @return [Array<Host>]
+    def self.all
+      dsm.hostRetrieveAll()
+    end
+
+    # Retrieves a Host by ID.
+    # @param [Integer] id Host ID
+    # @return [Host]
+    def self.find_by_id(id)
+      dsm.hostRetrieve(id)
+    end
+
+    # Retrieves a Host by name.
+    # @param [String] hostname hostname
+    # @return [Host]
+    def self.find_by_name(hostname)
+      dsm.hostRetrieveByName(hostname)
+    end
+    #@!endgroup
+  end
+
+  class Manager
+
+    # @!group Low-Level SOAP Wrapper
+
+    # Retrieves Hosts.
+    #
+    # SYNTAX
+    #   HostTransport[] hostRetrieveAll(String sID)
+    #
+    # PARAMETERS
+    #   sID Authentication session identifier ID.
+    #
+    # RETURNS
+    #   HostTransport object array.
+    def hostRetrieveAll(sID = dsm.sID)
+      cache.fetch(Host.cache_key(:all, :all)) do
+        request_array(:host_retrieve_all, Host, nil,
+                      :sID => sID)
+      end
+    end
+
+    # Retrieves a Host by ID.
+    #
+    # SYNTAX
+    #   HostTransport hostRetrieve(int ID, String sID)
+    #
+    # PARAMETERS
+    #   ID Host ID.
+    #   sID Authentication session identifier ID.
+    #
+    # RETURNS
+    #   HostTransport object.
+    def hostRetrieve(id, sID = dsm.sID)
+      cache.fetch(Host.cache_key(:id, id)) do
+        request_object(:host_retrieve, Host, :id => id, :sID => sID)
+      end
+    end
+
+    # Retrieves a Host by name.
+    #
+    # SYNTAX
+    #   HostTransport hostRetrieveByName(String hostname, String sID)
+    #
+    # PARAMETERS
+    #   hostname Host name.
+    #   sID Authentication session identifier ID.
+    #
+    # RETURNS
+    #   HostTransport object.
+    def hostRetrieveByName(hostname, sID = dsm.sID)
+      cache.fetch(Host.cache_key(:name, hostname)) do
+        request_object(:host_retrieve_by_name, Host, :hostname => hostname, :sID => sID)
+      end
+    end
+
+    # @!endgroup
+
+    # @!group Low-Level Screenscraping Wrapper
+
+    def security_profile
+      Manager.current.security_progile(@security_profile_id)
+    end
+
+    def dpi_rule_identifiers_for_host(id, argument)
+      payload_filters2_show_rules(id, argument)
+      payload_filters2(:hostID => id, :arguments => argument).map { |hash| hash[:name].split(' ').first }
+    end
+    # @!endgroup
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/host_detail.rb

@@ -0,0 +1,167 @@
+module DeepSecurity
+
+  # An object that holds detailed information about one computer object. All the "overall" fields are fields created by
+  # merging states of potentially multiple endpoints (i.e., Agent + Appliance).
+  class HostDetail < Host
+
+
+    attr_integer_accessor :id
+    attr_string_accessor :name
+    attr_string_accessor :description
+
+    attr_string_accessor :display_name,
+                         'Computer display name'
+    attr_boolean_accessor :external,
+                          'Administrative external boolean for integration purposes.'
+    attr_string_accessor :external_id,
+                         'Administrative external ID for integration purposes.'
+    attr_integer_accessor :host_group_id,
+                          'Assigned HostGroupTransport ID'
+    attr_enum_accessor :host_type,
+                       EnumHostType,
+                       'Assigned host type'
+    attr_string_accessor :platform,
+                         'Computer platform'
+    attr_integer_accessor :security_profile_id,
+                          'Assigned SecurityProfileTransport ID'
+    # ABOVE is duplicates from Host!
+
+    attr_string_accessor :anti_malware_classic_pattern_version,
+                         "Current version of the classic Anti-Malware pattern"
+    attr_string_accessor :anti_malware_engine_version,
+                         "Current version of the Anti-Malware engine"
+    attr_string_accessor :anti_malware_intelli_trap_exception_version,
+                         "Current version of the IntelliTrap exception pattern"
+    attr_string_accessor :anti_malware_intelli_trap_version,
+                         "Current version of the IntelliTrap pattern"
+    attr_string_accessor :anti_malware_smart_scan_pattern_version,
+                         "Current version of the Smart Scan pattern"
+    attr_string_accessor :anti_malware_spyware_pattern_version,
+                         "Current version of the Spyware pattern"
+    attr_string_accessor :host_group_name,
+                         "Name of Group this computer belongs to"
+    attr_string_accessor :cloud_object_image_id,
+                         "Cloud Object Image Id"
+    attr_string_accessor :cloud_object_instance_id,
+                         "Cloud Object Instance Id"
+    attr_string_accessor :cloud_object_internal_unique_id,
+                         "Cloud Object Internal Unique Id"
+    attr_string_accessor :cloud_object_security_group_ids,
+                         "Cloud Object Security Group Ids"
+    attr_enum_accessor :cloud_object_type,
+                       EnumCloudObjectType,
+                       "Cloud Object Type"
+    attr_enum_accessor :host_light,
+                       EnumHostLight,
+                       "Current color that represents the computers status"
+    attr_datetime_accessor :last_anit_malware_scheduled_scan,
+                           "Last time an Anti-Malware scheduled scan was performed"
+    attr_datetime_accessor :last_anti_malware_event,
+                           "The time of the most recent Anti-Malware event for this computer"
+    attr_datetime_accessor :last_anti_malware_manual_scan,
+                           "Last time an Anti-Malware manual scan was performed"
+    attr_datetime_accessor :last_dpi_event,
+                           "The time of the most recent DPI Event for this computer"
+    attr_datetime_accessor :last_firewall_event,
+                           "The time of the most recent Firewall Event for this computer"
+
+    attr_ip_address_accessor :last_ip_used,
+                             "The last IP that was used for this computer during communication with the manager"
+    attr_datetime_accessor :last_integrity_monitoring_event,
+                           "The time of the most recent Integrity Monitoring Event for this computer"
+    attr_datetime_accessor :last_log_inspection_event,
+                           "The time of the most recent Log Inspection Event for this computer"
+    attr_integer_accessor :light,
+                          "An integer representing the computers status light"
+    attr_boolean_accessor :locked,
+                          "The locked state of the computer"
+    attr_string_accessor :overall_anti_malware_status,
+                         "Overall Anti-Malware status of the computer"
+    attr_string_accessor :overall_dpi_status,
+                         "Overall DPI status of the computer"
+    attr_string_accessor :overall_firewall_status,
+                         "Overall Firewall status of the computer"
+    attr_string_accessor :overall_integrity_monitoring_status,
+                         "Overall Integrity Monitoring status of the computer"
+    attr_datetime_accessor :overall_last_recommendation_scan,
+                           "The time of the last recommendation scan"
+    attr_datetime_accessor :overall_last_successful_communication,
+                           "The time of the last communication with the Manager"
+    attr_datetime_accessor :overall_last_successful_update,
+                           "The time of the last successful Configuration Update"
+    attr_datetime_accessor :overall_last_update_required,
+                           "The time the last configuration update was required at the manager"
+    attr_string_accessor :overall_log_inspection_status,
+                         "Overall Log Inspection status of the computer"
+    attr_string_accessor :overall_status,
+                         "Overall status of the computer"
+    attr_string_accessor :overall_version,
+                         "Overall version of the computer"
+    attr_string_accessor :security_profile_name,
+                         "Name of the security profile assigned to the computer"
+    attr_string_accessor :virtual_name,
+                         "Internal virtual name (only populated if this is a computer provisioned through vCenter)"
+    attr_string_accessor :virtual_uuid,
+                         "Internal virtual UUID (only populated if this is a computer provisioned through vCenter)"
+    array_integer_accessor :component_klasses,
+                           "Array of class ids for components"
+    array_string_accessor :component_names,
+                          "Array of component names"
+    array_integer_accessor :component_types,
+                           "Array of component types"
+    array_string_accessor :component_versions,
+                          "Array of component versions"
+    attr_string_accessor :overall_web_reputation_status,
+                         "Overall Web Reputation status of the computer"
+    attr_datetime_accessor :last_web_reputation_event,
+                           "The time of the most recent Web Reputation event for this computer"
+
+    array_object_accessor :host_interfaces,
+                          HostInterface
+
+    # cache_by_aspect :id, :name
+
+    # @!group High-Level SOAP Wrapper
+
+    # Return all HostDetails matching the hosts filter with the given detail level
+    # @param [HostFilter] host_filter
+    # @param [EnumHostDetailLevel] detail_level
+    # @return [Array<HostDetail>]
+    def self.find_all(host_filter, detail_level)
+      dsm.hostDetailRetrieve(host_filter, detail_level)
+    end
+
+    # @!endgroup
+
+  end
+
+  class Manager
+
+    # @!group Low-Level SOAP Wrapper
+
+    # Retrieves the detail information of hosts.
+    #
+    # SYNTAX
+    #   public HostDetailTransport[] hostDetailRetrieve(HostFilterTransport hostFilter, EnumHostDetailLevel hostDetailLevel, String sID)
+    #
+    # PARAMETERS
+    #   hostFilter Restricts the retrieved hosts by host, group, or security profile
+    #   hostDetailLevel The detail level
+    #   sID Authentication session identifier ID.
+    #
+    # RETURNS
+    #   HostDetailTransport object array.
+    def hostDetailRetrieve(hostFilter, hostDetailLevel, sID = dsm.sID)
+      cache.fetch(HostDetail.cache_key(:all, :all)) do
+        request_array(:host_detail_retrieve, HostDetail, nil,
+                      :hostFilter => hostFilter.to_savon_data,
+                      :hostDetailLevel => EnumHostDetailLevel.key(hostDetailLevel),
+                      :sID => sID)
+      end
+    end
+
+    # @!endgroup
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/host_filter.rb

@@ -0,0 +1,62 @@
+module DeepSecurity
+
+  # Used as search criteria to limit the scope of objects returned by computer-related attributes, such as by a Group,
+  # a Security Profile, or a specific computer. The event retrieval- related methods will require a HostFilterTransport
+  # that is empty to search for all events, or with specific properties populated to limit the scope of the search. For
+  # example, setting the HostFilterTransport securityProfileID property to the ID of a Security Profile will limit any
+  # event retrieval method calls to events that pertain to computers with the specific Security Profile assigned.
+  class HostFilter < TransportObject
+
+    attr_integer_accessor :hostGroupID,
+                          "HostGroupTransport ID to filter computers by"
+    attr_integer_accessor :hostID,
+                          "HostTransport ID to filter computers by"
+    attr_integer_accessor :securityProfileID,
+                          "SecurityProfileTransport ID to filter computers by"
+    attr_enum_accessor :type,
+                       EnumHostFilterType,
+                       "EnumHostFilterType to filter computers by"
+
+    def self.all_hosts
+      instance = self.new()
+      instance.type = :all_hosts
+      instance
+    end
+
+    def self.hosts_in_group(host_group_id)
+      instance = self.new()
+      instance.type = :hosts_in_group
+      instance.hostGroupID = host_group_id
+      instance
+    end
+
+    def self.hosts_using_security_profile(security_profile_id)
+      instance = self.new()
+      instance.type = :hosts_using_security_profile
+      instance.securityProfileID = security_profile_id
+      instance
+    end
+
+    def self.hosts_in_group_and_all_subgroups(host_group_id)
+      instance = self.new()
+      instance.type = :hosts_in_group_and_all_subgroups
+      instance.hostGroupID = host_group_id
+      instance
+    end
+
+    def self.specific_host(host_id)
+      instance = self.new()
+      instance.type = :specific_host
+      instance.hostID = host_id
+      instance
+    end
+
+    def self.my_hosts
+      instance = self.new()
+      instance.type = :my_hosts
+      instance
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/host_group.rb

@@ -0,0 +1,41 @@
+module DeepSecurity
+
+  class HostGroup < TransportObject
+
+    attr_integer_accessor :id
+    attr_string_accessor :name
+    attr_string_accessor :description
+    attr_boolean_accessor :external
+    attr_string_accessor :external_id
+    attr_integer_accessor :parent_group_id
+
+    def parent_group
+      return nil if @parent_group_id.nil?
+      @dsm.host_group(@parent_group_id)
+    end
+
+  end
+
+  class Manager
+
+    def host_groups
+      cache.fetch(HostGroup.cache_key(:all, :all)) do
+        request_array("host_group_retrieve_all", HostGroup)
+      end
+    end
+
+    def host_group(id)
+      cache.fetch(HostGroup.cache_key(:id, id)) do
+        request_object("host_group_retrieve", HostGroup, {:id => id})
+      end
+    end
+
+    def host_group_by_name(name)
+      cache.fetch(HostGroup.cache_key(:name, name)) do
+        request_object("host_group_retrieve_by_name", HostGroup, {:name => name})
+      end
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/host_interface.rb

@@ -0,0 +1,42 @@
+module DeepSecurity
+
+  # The Host's Interface Transport Object.
+  class HostInterface < TransportObject
+
+    attr_integer_accessor :id
+    attr_string_accessor :name
+    attr_string_accessor :description
+
+    attr_string_accessor :display_name,
+                         'Computer display name'
+    attr_boolean_accessor :external,
+                          'Administrative external boolean for integration purposes.'
+    attr_string_accessor :external_id,
+                         'Administrative external ID for integration purposes.'
+    attr_integer_accessor :host_group_id,
+                          'Assigned HostGroupTransport ID'
+    attr_enum_accessor :host_type,
+                       EnumHostType,
+                       'Assigned host type'
+    attr_string_accessor :platform,
+                         'Computer platform'
+    attr_integer_accessor :security_profile_id,
+                          'Assigned SecurityProfileTransport ID'
+
+    # ABOVE COPIED FROM HOST!
+
+    attr_boolean_accessor :dhcp,
+                          "DHCP On or Off"
+    attr_integer_accessor :host_bridge_id,
+                          "The ID of the Host Bridge"
+    attr_integer_accessor :interface_type_id,
+                          "The ID of the Interface Type"
+    attr_string_accessor :mac,
+                         "Mac Address"
+    attr_boolean_accessor :not_available,
+                          "True is the HostInterface isn't available"
+    attr_integer_accessor :virtual_device_key,
+                          "The Virtual Device Key"
+
+  end
+end

data/lib/deepsecurity/transport_objects/id_filter.rb

@@ -0,0 +1,37 @@
+module DeepSecurity
+
+  # Used as a search criteria to limit the scope of objects returned by event transport object ID. Each event transport
+  # object, such as IntegrityEventTransport, includes an ID property that is assigned as the primary key of an event
+  # when it is generated by a computer agent. Using IDFilterTransport, it is possible to filter event retrieval by this
+  # event ID in order to retrieve a specific event by ID, or events that are greater or less than a specified ID. For
+  # example, a utility that is designed to retrieve all new events on an interval can use the event ID property to
+  # uniquely identify which events have already been retrieved. This way retrieval of duplicate events can be avoided.
+  class IDFilter < TransportObject
+
+    attr_integer_accessor :id
+    attr_enum_accessor :operator, EnumOperator
+
+    def self.equals(id)
+      instance = self.new()
+      instance.operator = :equals
+      instance.id =id
+      instance
+    end
+
+    def self.less_than(id)
+      instance = self.new()
+      instance.operator = :less_than
+      instance.id =id
+      instance
+    end
+
+    def self.greater_than(id)
+      instance = self.new()
+      instance.operator = :greater_than
+      instance.id =id
+      instance
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/private/vulnerability.rb

@@ -0,0 +1,52 @@
+module DeepSecurity
+
+  # This class encapsulates a vulnerability
+  # @private
+  class Vulnerability
+
+    attr_accessor :dpi_rule_identifier
+    attr_accessor :cve_identifiers
+    attr_accessor :secunia_identifiers
+    attr_accessor :bugtraq_identifiers
+    attr_accessor :microsoft_identifiers
+
+    def parse_vulnerabilities_string(string)
+      return [] if string.strip == "N/A"
+      string.split(",").map { |each| each.strip }
+    end
+
+    def cve_identifiers_string=(string)
+      @cve_identifiers = parse_vulnerabilities_string(string)
+    end
+
+    def secunia_identifiers_string=(string)
+      @secunia_identifiers = parse_vulnerabilities_string(string)
+    end
+
+    def bugtraq_identifiers_string=(string)
+      @bugtraq_identifiers = parse_vulnerabilities_string(string)
+    end
+
+    def microsoft_identifiers_string=(string)
+      @microsoft_identifiers = parse_vulnerabilities_string(string)
+    end
+
+  end
+
+  class Manager
+
+    def vulnerabilities
+      payload_filters2_enable_vulnerability_columns()
+      payload_filters2().map do |hash|
+        vulnerability = Vulnerability.new
+        vulnerability.dpi_rule_identifier = hash[:name].split(' ').first
+        vulnerability.cve_identifiers_string = hash[:cve]
+        vulnerability.secunia_identifiers_string = hash[:secunia]
+        vulnerability.bugtraq_identifiers_string = hash[:bugtraq]
+        vulnerability.microsoft_identifiers_string = hash[:microsoft]
+        vulnerability
+      end
+    end
+
+  end
+end