deepsecurity 0.0.13hf1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. data/.gitignore +25 -0
  2. data/.yardopts +4 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +22 -0
  5. data/README.md +29 -0
  6. data/Rakefile +2 -0
  7. data/bin/dsc +186 -0
  8. data/deepsecurity.gemspec +30 -0
  9. data/lib/deepsecurity/ds_object.rb +37 -0
  10. data/lib/deepsecurity/enums.rb +539 -0
  11. data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
  12. data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
  13. data/lib/deepsecurity/manager.rb +223 -0
  14. data/lib/deepsecurity/screenscraping.rb +149 -0
  15. data/lib/deepsecurity/transport_object.rb +21 -0
  16. data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
  17. data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
  18. data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
  19. data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
  20. data/lib/deepsecurity/transport_objects/host.rb +171 -0
  21. data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
  22. data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
  23. data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
  24. data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
  25. data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
  26. data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
  27. data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
  28. data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
  29. data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
  30. data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
  31. data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
  32. data/lib/deepsecurity/version.rb +3 -0
  33. data/lib/deepsecurity.rb +58 -0
  34. data/lib/dsc/anti_malware_event.rb +101 -0
  35. data/lib/dsc/dsc_object.rb +41 -0
  36. data/lib/dsc/helper.rb +48 -0
  37. data/lib/dsc/host_detail.rb +62 -0
  38. data/lib/dsc.rb +6 -0
  39. data/lib/dsc_version.rb +3 -0
  40. data/lib/savon_helper/caching_object.rb +48 -0
  41. data/lib/savon_helper/mapping_object.rb +421 -0
  42. data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
  43. data/lib/savon_helper/soap_exception.rb +7 -0
  44. data/lib/savon_helper/type_mappings.rb +218 -0
  45. data/lib/savon_helper.rb +7 -0
  46. metadata +188 -0
@@ -0,0 +1,13 @@
1
+ module DeepSecurity
2
+
3
+ class ProtocolICMP < TransportObject
4
+
5
+ attr_enum_accessor :type, EnumProtocolIcmpType
6
+
7
+ def cache_seperatly?
8
+ false
9
+ end
10
+
11
+ end
12
+
13
+ end
@@ -0,0 +1,11 @@
1
+ module DeepSecurity
2
+
3
+ class ProtocolPortBased < TransportObject
4
+
5
+ attr_integer_accessor :port_list_id
6
+ attr_enum_accessor :port_type, EnumPortType
7
+ attr_string_accessor :ports
8
+
9
+ end
10
+
11
+ end
@@ -0,0 +1,90 @@
1
+ module DeepSecurity
2
+
3
+ # Represents a Security Profile container that can be assigned to other Computers by ID using their HostTransport object.
4
+ class SecurityProfile < TransportObject
5
+
6
+ attr_integer_accessor :id,
7
+ "SecurityProfileTransport ID"
8
+ attr_string_accessor :description,
9
+ "SecurityProfileTransport description"
10
+ attr_string_accessor :name,
11
+ "SecurityProfileTransport name"
12
+ array_integer_accessor :dpi_rule_i_ds,
13
+ "Array of assigned DPIRuleTransport IDs",
14
+ :dpi_rule_ids
15
+ attr_enum_accessor :dpi_state,
16
+ EnumSecurityProfileDPIState,
17
+ "Assigned EnumSecurityProfileDPIState, e.g., :on, :off, :passiv, :inherited"
18
+ attr_integer_accessor :anti_malware_manual_id,
19
+ "Anti Malware Manual ID"
20
+ attr_boolean_accessor :anti_malware_manual_inherit,
21
+ "Anti Malware Manual Inherit"
22
+ attr_integer_accessor :anti_malware_real_time_id,
23
+ "Anti Malware Real Time ID"
24
+ attr_boolean_accessor :anti_malware_real_time_inherit,
25
+ "Anti Malware Real Time Inherit"
26
+ attr_integer_accessor :anti_malware_real_time_schedule_id,
27
+ "Anti Malware Real Time Schedule ID"
28
+ attr_integer_accessor :anti_malware_scheduled_id,
29
+ "Anti Malware Scheduled ID"
30
+ attr_boolean_accessor :anti_malware_scheduled_inherit,
31
+ "Anti Malware Scheduled Inherit"
32
+ attr_enum_accessor :anti_malware_state,
33
+ EnumSecurityProfileAntiMalwareState,
34
+ "Assigned EnumSecurityProfileAntiMalwareState, e.g., :on, :off, :inherited"
35
+ array_integer_accessor :application_type_i_ds,
36
+ "Array of assigned ApplicationTypeTransport IDs",
37
+ :application_type_ids
38
+ array_integer_accessor :firewall_rule_i_ds,
39
+ "Array of assigned FirewallRuleTransport IDs",
40
+ :firewall_rule_ids
41
+ attr_enum_accessor :firewall_state,
42
+ EnumSecurityProfileFirewallState,
43
+ "Assigned EnumSecurityProfileFirewallState, e.g., :on, :off, :inherited"
44
+ array_integer_accessor :integrity_rule_i_ds,
45
+ "Array of assigned IntegrityMonitoringRuleTransport IDs",
46
+ :integrity_rule_ids
47
+ attr_enum_accessor :integrity_state,
48
+ EnumSecurityProfileIntegrityState,
49
+ "Assigned EnumSecurityProfileIntegrityState, e.g., :on, :off, :inherited"
50
+ array_integer_accessor :log_inspection_rule_i_ds,
51
+ "Array of assigned LogInspectionRuleTransport IDs",
52
+ :log_inspection_rule_ids
53
+ attr_enum_accessor :log_inspection_state,
54
+ EnumSecurityProfileLogInspectionState,
55
+ "Assigned EnumSecurityProfileLogInspectionState, e.g., :on, :off, :inherited"
56
+ attr_enum_accessor :recommendation_state,
57
+ EnumSecurityProfileRecommendationState,
58
+ "Assigned EnumSecurityProfileRecommendationState, e.g., :on, :off, :inherited"
59
+ attr_integer_accessor :schedule_id,
60
+ "Assigned ScheduleTransport ID"
61
+ attr_integer_accessor :stateful_configuration_id,
62
+ "Assigned StatefulConfigurationTransport ID"
63
+
64
+ cache_by_aspect :id, :name
65
+
66
+ end
67
+
68
+ class Manager
69
+
70
+ def security_profiles
71
+ cache.fetch(SecurityProfile.cache_key(:all, :all)) do
72
+ request_array("security_profile_retrieve_all", SecurityProfile)
73
+ end
74
+ end
75
+
76
+ def security_profile(id)
77
+ cache.fetch(SecurityProfile.cache_key(:id, id)) do
78
+ request_object("security_profile_retrieve", SecurityProfile, {:id => id})
79
+ end
80
+ end
81
+
82
+ def security_profile_by_name(name)
83
+ cache.fetch(SecurityProfile.cache_key(:name, name)) do
84
+ request_object("security_profile_retrieve_by_name", SecurityProfile, {:name => name})
85
+ end
86
+ end
87
+
88
+ end
89
+
90
+ end
@@ -0,0 +1,45 @@
1
+ module DeepSecurity
2
+
3
+ class SystemEvent < TransportObject
4
+
5
+ # Represents a Deep Security Manager System event. A System event can target many different aspects of Deep
6
+ # Security, such as a configuration change to a Security Profile or Computer setting, or applying a Security Update to a Computer.
7
+
8
+ attr_string_accessor :action_performed_by
9
+ attr_string_accessor :description
10
+ attr_string_accessor :event
11
+ attr_integer_accessor :event_id
12
+ attr_enum_accessor :event_origin, EnumEventOrigin
13
+ attr_string_accessor :manager_hostname
14
+ attr_integer_accessor :system_event_id
15
+ attr_string_accessor :tags
16
+ attr_string_accessor :target
17
+ attr_integer_accessor :target_id
18
+ attr_string_accessor :target_type
19
+ attr_datetime_accessor :time
20
+ attr_string_accessor :type
21
+
22
+ # cache_by_aspect :id, :name
23
+
24
+
25
+ end
26
+
27
+ class Manager
28
+
29
+ # Retrieves the system events specified by the time, host and event ID filters. System events that do not pertain
30
+ # to hosts can be included or excluded.
31
+ def system_events(timeFilter, hostFilter, eventIdFilter, includeNonHostEvents)
32
+ events = send_authenticated_soap("system_event_retrieve", {
33
+ :timeFilter => timeFilter.to_savon_data,
34
+ :hostFilter => hostFilter.to_savon_data,
35
+ :eventIdFilter => eventIdFilter.to_savon_data,
36
+ :includeNonHostEvents => includeNonHostEvents ? "true" : "false"})[:system_events]
37
+ return [] if events.nil?
38
+ events[:item].map do |each|
39
+ SystemEvent.from_savon_data(each)
40
+ end
41
+ end
42
+
43
+ end
44
+
45
+ end
@@ -0,0 +1,55 @@
1
+ module DeepSecurity
2
+
3
+ # Used as search criteria limit the scope of objects returned by time related attributes, such as from, to, or a
4
+ # specific time. If the type is set to EnumTimeFilterType CUSTOM_RANGE, then the rangeFrom and rangeTo property will
5
+ # be required. If the EnumTimeFilterType SPECIFIC_TIME type is set, then the specifiicTime property will be required.
6
+ class TimeFilter < TransportObject
7
+
8
+ attr_datetime_accessor :rangeFrom
9
+ attr_datetime_accessor :rangeTo
10
+ attr_datetime_accessor :specificTime
11
+ # attr_integer_accessor :host_group_id
12
+ # attr_integer_accessor :host_id
13
+ # attr_integer_accessor :security_profile_id
14
+ attr_enum_accessor :type, EnumTimeFilterType
15
+
16
+ def self.last_hour
17
+ instance = self.new()
18
+ instance.type = :last_hour
19
+ instance
20
+ end
21
+
22
+ def self.last_24_hours
23
+ instance = self.new()
24
+ instance.type = :last_24_hours
25
+ instance
26
+ end
27
+
28
+ def self.last_7_days
29
+ instance = self.new()
30
+ instance.type = :last_7_days
31
+ instance
32
+ end
33
+
34
+ def self.custom_range(range)
35
+ instance = self.new()
36
+ instance.type = :custom_range
37
+ instance.rangeFrom = range.first
38
+ instance.rangeTo = range.last
39
+ instance
40
+ end
41
+
42
+ def self.specificTime(datetime)
43
+ instance = self.new()
44
+ instance.type = :specificTime
45
+ instance.specificTime = datetime
46
+ instance
47
+ end
48
+
49
+ def self.last_day
50
+ self.custom_range(((Date.today-1).to_time)..((Date.today).to_time-1))
51
+ end
52
+
53
+ end
54
+
55
+ end
@@ -0,0 +1,3 @@
1
+ module DeepSecurity
2
+ VERSION = "0.0.13hf1"
3
+ end
@@ -0,0 +1,58 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ # require "time"
4
+ # require "cache"
5
+ # require "active_support/core_ext"
6
+
7
+ require "json"
8
+
9
+ require "savon_helper"
10
+
11
+ require "deepsecurity/version"
12
+
13
+ require "deepsecurity/ds_object"
14
+ require "deepsecurity/enums"
15
+
16
+ require "deepsecurity/exceptions/authentication_failed_exception"
17
+ require "deepsecurity/exceptions/authentication_required_exception"
18
+
19
+ require "deepsecurity/manager"
20
+ require "deepsecurity/screenscraping"
21
+
22
+ require "deepsecurity/transport_object"
23
+
24
+ require "deepsecurity/transport_objects/host_filter"
25
+ require "deepsecurity/transport_objects/time_filter"
26
+ require "deepsecurity/transport_objects/id_filter"
27
+
28
+ require "deepsecurity/transport_objects/dpi_rule"
29
+ require "deepsecurity/transport_objects/protocol_icmp"
30
+ require "deepsecurity/transport_objects/protocol_port_based"
31
+ require "deepsecurity/transport_objects/application_type"
32
+ require "deepsecurity/transport_objects/host_group"
33
+ require "deepsecurity/transport_objects/host"
34
+ require "deepsecurity/transport_objects/host_interface"
35
+ require "deepsecurity/transport_objects/host_detail"
36
+ require "deepsecurity/transport_objects/security_profile"
37
+ require "deepsecurity/transport_objects/system_event"
38
+ require "deepsecurity/transport_objects/anti_malware_spyware_item"
39
+ require "deepsecurity/transport_objects/anti_malware_event"
40
+
41
+
42
+ require "deepsecurity/transport_objects/private/vulnerability"
43
+
44
+ module DeepSecurity
45
+
46
+ def self.logger
47
+ if @logger.nil?
48
+ @logger ||= Logger.new(STDOUT)
49
+ @logger.level = Logger::INFO
50
+ end
51
+ @logger
52
+ end
53
+
54
+ def self.dsm
55
+ Manager.current
56
+ end
57
+
58
+ end
@@ -0,0 +1,101 @@
1
+ require "progressbar"
2
+ require "csv"
3
+
4
+ module Dsc
5
+
6
+ class AntiMalwareEvent < DscObject
7
+
8
+
9
+ def self.transport_class
10
+ DeepSecurity::AntiMalwareEvent
11
+ end
12
+
13
+ def self.default_fields
14
+ [
15
+ # DNS name of system
16
+ :"host.name",
17
+
18
+
19
+ # fully qualified system node
20
+ :"host.display_name",
21
+
22
+ # signature / pattern version used in detection
23
+ # MISSING
24
+
25
+ # datetime the event was generated and/or received OS version
26
+ :log_date,
27
+ :start_time,
28
+ :end_time,
29
+
30
+ # system domain or system group
31
+ # MISSING
32
+
33
+ # account logged on during detection
34
+ # MISSING
35
+
36
+ # action taken
37
+ :scan_action1,
38
+ :scan_action2,
39
+ :summary_scan_result,
40
+
41
+ # result of action taken
42
+ :scan_result_action1,
43
+ :scan_result_action2,
44
+ # :spyware_items,
45
+ # :"spyware_items.to_json",
46
+
47
+ # name of malware/detection
48
+ :malware_name,
49
+ :malware_type,
50
+
51
+ # source/path/filename/object of detection
52
+ :infected_file_path,
53
+ :infection_source
54
+
55
+ ]
56
+ end
57
+
58
+ def self.list(hostname, port, tenat, username, password, host_filter, time_filter, fields, output, progress_bar, debug)
59
+ Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
60
+
61
+ progressBar = ProgressBar.new("anti_malware_event", 100) if progress_bar
62
+
63
+ DeepSecurity::Host.all # Make sure that hosts are cached
64
+ progressBar.set(10) if progress_bar
65
+
66
+ hostFilter = DeepSecurity::HostFilter.all_hosts
67
+ eventIdFilter = DeepSecurity::IDFilter.greater_than(0)
68
+
69
+
70
+ anti_malware_events = DeepSecurity::AntiMalwareEvent.find_all(time_filter, hostFilter, eventIdFilter)
71
+ progressBar.set(25) if progress_bar
72
+ csv = CSV.new(output)
73
+ csv << fields
74
+ anti_malware_events.each do |anti_malware_event|
75
+ progressBar.inc(75/anti_malware_events.size) if progress_bar
76
+
77
+ csv << fields.map { |attribute| anti_malware_event.instance_eval(attribute) }
78
+ end
79
+ progressBar.finish if progress_bar
80
+ end
81
+
82
+ end
83
+
84
+ def self.parse_time_filter(string)
85
+ filter = valid_time_filters[string.to_sym]
86
+ raise "Unknown time filter" if filter.nil?
87
+ filter
88
+ end
89
+
90
+ def self.valid_time_filters
91
+ {
92
+ :last_hour => DeepSecurity::TimeFilter.last_hour,
93
+ :last_24_hours => DeepSecurity::TimeFilter.last_24_hours,
94
+ :last_7_days => DeepSecurity::TimeFilter.last_7_days,
95
+ :last_day => DeepSecurity::TimeFilter.last_day
96
+ }
97
+ end
98
+
99
+ end
100
+
101
+ end
@@ -0,0 +1,41 @@
1
+ module Dsc
2
+
3
+ class DscObject
4
+
5
+
6
+ def self.transport_class
7
+ raise "Subclass responsibility!"
8
+ end
9
+
10
+ def self.default_fields
11
+ []
12
+ end
13
+
14
+ def self.default_fields_string
15
+ default_fields.join(",")
16
+ end
17
+
18
+ def self.schema
19
+ result ={}
20
+ transport_class.mappings.each { |key, value| result[key] = value.description }
21
+ result
22
+ end
23
+
24
+ def self.print_schema(output)
25
+ schema = self.schema()
26
+ schema.keys.sort.each do |key|
27
+ output.puts "#{key}: #{schema[key]}"
28
+ end
29
+ end
30
+
31
+ def self.fields_from_string(string)
32
+ fields = string.split(",").map(&:strip)
33
+ unknown_fields = fields.reject { |each| transport_class.has_attribute_chain(each) }
34
+ raise "Unknown field found (#{unknown_fields.join(', ')}) - known fields are: #{transport_class.defined_attributes.sort.join(', ')}" unless unknown_fields.empty?
35
+ fields
36
+ end
37
+
38
+
39
+ end
40
+
41
+ end
data/lib/dsc/helper.rb ADDED
@@ -0,0 +1,48 @@
1
+ module Dsc
2
+
3
+
4
+ def self.output_from_option(option)
5
+ unless option == '--'
6
+ output = File.open(option, 'w')
7
+ else
8
+ output = STDOUT
9
+ end
10
+
11
+ yield output
12
+
13
+ output.close() unless option == '--'
14
+ end
15
+
16
+ def self.debug_level_from_option(option)
17
+ return nil if option.blank?
18
+ return option.to_sym if (DeepSecurity::LOG_MAPPING.keys.include?(option.to_sym))
19
+ :debug
20
+ end
21
+
22
+ def self.dsm_connect(hostname, port, tenat, username, password, debug)
23
+
24
+ begin
25
+ dsm = DeepSecurity::Manager.server(hostname, port, debug)
26
+ dsm.connect(tenat, username, password)
27
+ yield dsm
28
+ rescue DeepSecurity::AuthenticationFailedException => e
29
+ puts "Authentication failed! #{e.message}"
30
+ ensure
31
+ dsm.disconnect()
32
+ end
33
+
34
+ end
35
+
36
+ def self.print_api_version(hostname, port, tenat, username, password, output, debug)
37
+ dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
38
+ output.puts dsm.api_version()
39
+ end
40
+ end
41
+
42
+ def self.print_manager_time(hostname, port, tenat, username, password, output, debug)
43
+ dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
44
+ output.puts dsm.manager_time()
45
+ end
46
+ end
47
+
48
+ end
@@ -0,0 +1,62 @@
1
+ require "progressbar"
2
+ require "csv"
3
+
4
+ module Dsc
5
+
6
+ class HostDetail < DscObject
7
+
8
+
9
+ def self.transport_class
10
+ DeepSecurity::HostDetail
11
+ end
12
+
13
+ def self.default_fields
14
+ [
15
+ # DNS name of system
16
+ :name,
17
+
18
+ # fully qualified of system
19
+ :display_name,
20
+
21
+ # signature / pattern version currently in use
22
+ :anti_malware_classic_pattern_version,
23
+ :anti_malware_engine_version,
24
+ :anti_malware_intelli_trap_exception_version,
25
+ :anti_malware_intelli_trap_version,
26
+ :anti_malware_smart_scan_pattern_version,
27
+ :anti_malware_spyware_pattern_version,
28
+
29
+ # Last datetime the system was active/online
30
+ :overall_last_successful_communication,
31
+
32
+ # OS version
33
+ :platform,
34
+ :host_type,
35
+ # system domain or system group
36
+ :host_group_id
37
+
38
+ # last/currently logged on account
39
+ ]
40
+
41
+
42
+ end
43
+
44
+ def self.list(hostname, port, tenat, username, password, host_filter, fields, output, progress_bar, debug)
45
+ Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
46
+ hostFilter = DeepSecurity::HostFilter.all_hosts
47
+ progressBar = ProgressBar.new("host_status", 100) if progress_bar
48
+ hostDetails = DeepSecurity::HostDetail.find_all(hostFilter, :low)
49
+ progressBar.set(25) if progress_bar
50
+ csv = CSV.new(output)
51
+ csv << fields
52
+ hostDetails.each do |hostDetail|
53
+ progressBar.inc(75/hostDetails.size) if progress_bar
54
+ csv << fields.map { |attribute| hostDetail.instance_eval(attribute) }
55
+ end
56
+ progressBar.finish if progress_bar
57
+ end
58
+ end
59
+
60
+ end
61
+
62
+ end
data/lib/dsc.rb ADDED
@@ -0,0 +1,6 @@
1
+ require 'dsc_version'
2
+ require 'dsc/helper'
3
+
4
+ require "dsc/dsc_object"
5
+ require "dsc/host_detail"
6
+ require "dsc/anti_malware_event"
@@ -0,0 +1,3 @@
1
+ module Dsc
2
+ VERSION = DeepSecurity::VERSION
3
+ end
@@ -0,0 +1,48 @@
1
+ # @author Udo Schneider <Udo.Schneider@homeaddress.de>
2
+
3
+ module SavonHelper
4
+
5
+ class CachingObject < MappingObject
6
+
7
+ @@cache_aspects = Hash.new()
8
+
9
+ # @group Caching
10
+
11
+ def self.cache_aspects
12
+ aspect = @@cache_aspects[self]
13
+ return aspect if !aspect.nil?
14
+ @@cache_aspects[self] = Set.new()
15
+ @@cache_aspects[self]
16
+ end
17
+
18
+ def self.cache_by_aspect(*symbols)
19
+ symbols.each { |each| cache_aspects.add(each) }
20
+ end
21
+
22
+ def self.cache_key(aspect, value)
23
+ "#{self}-#{aspect}-#{value}"
24
+ end
25
+
26
+ def cache_aspects
27
+ self.class.cache_aspects
28
+ end
29
+
30
+ def cache_key(aspect)
31
+ self.class.cache_key(aspect, self.send(aspect))
32
+ end
33
+
34
+ def cachable?
35
+ !cache_aspects.empty?
36
+ end
37
+
38
+ def cache
39
+ DeepSecurity::Manager.current.cache
40
+ end
41
+
42
+ def store_in_cache
43
+ cache_aspects.each { |aspect| cache.store(self.cache_key(aspect), self) }
44
+ end
45
+
46
+ end
47
+
48
+ end