deepsecurity 0.0.13hf1

data/lib/deepsecurity/transport_objects/protocol_icmp.rb

@@ -0,0 +1,13 @@
+module DeepSecurity
+
+  class ProtocolICMP < TransportObject
+
+    attr_enum_accessor :type, EnumProtocolIcmpType
+
+    def cache_seperatly?
+      false
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/protocol_port_based.rb

@@ -0,0 +1,11 @@
+module DeepSecurity
+
+  class ProtocolPortBased < TransportObject
+
+    attr_integer_accessor :port_list_id
+    attr_enum_accessor :port_type, EnumPortType
+    attr_string_accessor :ports
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/security_profile.rb

@@ -0,0 +1,90 @@
+module DeepSecurity
+
+  # Represents a Security Profile container that can be assigned to other Computers by ID using their HostTransport object.
+  class SecurityProfile < TransportObject
+
+    attr_integer_accessor :id,
+                          "SecurityProfileTransport ID"
+    attr_string_accessor :description,
+                         "SecurityProfileTransport description"
+    attr_string_accessor :name,
+                         "SecurityProfileTransport name"
+    array_integer_accessor :dpi_rule_i_ds,
+                           "Array of assigned DPIRuleTransport IDs",
+                           :dpi_rule_ids
+    attr_enum_accessor :dpi_state,
+                       EnumSecurityProfileDPIState,
+                       "Assigned EnumSecurityProfileDPIState, e.g., :on, :off, :passiv, :inherited"
+    attr_integer_accessor :anti_malware_manual_id,
+                          "Anti Malware Manual ID"
+    attr_boolean_accessor :anti_malware_manual_inherit,
+                          "Anti Malware Manual Inherit"
+    attr_integer_accessor :anti_malware_real_time_id,
+                          "Anti Malware Real Time ID"
+    attr_boolean_accessor :anti_malware_real_time_inherit,
+                          "Anti Malware Real Time Inherit"
+    attr_integer_accessor :anti_malware_real_time_schedule_id,
+                          "Anti Malware Real Time Schedule ID"
+    attr_integer_accessor :anti_malware_scheduled_id,
+                          "Anti Malware Scheduled ID"
+    attr_boolean_accessor :anti_malware_scheduled_inherit,
+                          "Anti Malware Scheduled Inherit"
+    attr_enum_accessor :anti_malware_state,
+                       EnumSecurityProfileAntiMalwareState,
+                       "Assigned EnumSecurityProfileAntiMalwareState, e.g., :on, :off, :inherited"
+    array_integer_accessor :application_type_i_ds,
+                           "Array of assigned ApplicationTypeTransport IDs",
+                           :application_type_ids
+    array_integer_accessor :firewall_rule_i_ds,
+                           "Array of assigned FirewallRuleTransport IDs",
+                           :firewall_rule_ids
+    attr_enum_accessor :firewall_state,
+                       EnumSecurityProfileFirewallState,
+                       "Assigned EnumSecurityProfileFirewallState, e.g., :on, :off, :inherited"
+    array_integer_accessor :integrity_rule_i_ds,
+                           "Array of assigned IntegrityMonitoringRuleTransport IDs",
+                           :integrity_rule_ids
+    attr_enum_accessor :integrity_state,
+                       EnumSecurityProfileIntegrityState,
+                       "Assigned EnumSecurityProfileIntegrityState, e.g., :on, :off, :inherited"
+    array_integer_accessor :log_inspection_rule_i_ds,
+                           "Array of assigned LogInspectionRuleTransport IDs",
+                           :log_inspection_rule_ids
+    attr_enum_accessor :log_inspection_state,
+                       EnumSecurityProfileLogInspectionState,
+                       "Assigned EnumSecurityProfileLogInspectionState, e.g., :on, :off, :inherited"
+    attr_enum_accessor :recommendation_state,
+                       EnumSecurityProfileRecommendationState,
+                       "Assigned EnumSecurityProfileRecommendationState, e.g., :on, :off, :inherited"
+    attr_integer_accessor :schedule_id,
+                          "Assigned ScheduleTransport ID"
+    attr_integer_accessor :stateful_configuration_id,
+                          "Assigned StatefulConfigurationTransport ID"
+
+    cache_by_aspect :id, :name
+
+  end
+
+  class Manager
+
+    def security_profiles
+      cache.fetch(SecurityProfile.cache_key(:all, :all)) do
+        request_array("security_profile_retrieve_all", SecurityProfile)
+      end
+    end
+
+    def security_profile(id)
+      cache.fetch(SecurityProfile.cache_key(:id, id)) do
+        request_object("security_profile_retrieve", SecurityProfile, {:id => id})
+      end
+    end
+
+    def security_profile_by_name(name)
+      cache.fetch(SecurityProfile.cache_key(:name, name)) do
+        request_object("security_profile_retrieve_by_name", SecurityProfile, {:name => name})
+      end
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/system_event.rb

@@ -0,0 +1,45 @@
+module DeepSecurity
+
+  class SystemEvent < TransportObject
+
+    # Represents a Deep Security Manager System event. A System event can target many different aspects of Deep
+    # Security, such as a configuration change to a Security Profile or Computer setting, or applying a Security Update to a Computer.
+
+    attr_string_accessor :action_performed_by
+    attr_string_accessor :description
+    attr_string_accessor :event
+    attr_integer_accessor :event_id
+    attr_enum_accessor :event_origin, EnumEventOrigin
+    attr_string_accessor :manager_hostname
+    attr_integer_accessor :system_event_id
+    attr_string_accessor :tags
+    attr_string_accessor :target
+    attr_integer_accessor :target_id
+    attr_string_accessor :target_type
+    attr_datetime_accessor :time
+    attr_string_accessor :type
+
+    # cache_by_aspect :id, :name
+
+
+  end
+
+  class Manager
+
+    # Retrieves the system events specified by the time, host and event ID filters. System events that do not pertain
+    # to hosts can be included or excluded.
+    def system_events(timeFilter, hostFilter, eventIdFilter, includeNonHostEvents)
+      events = send_authenticated_soap("system_event_retrieve", {
+          :timeFilter => timeFilter.to_savon_data,
+          :hostFilter => hostFilter.to_savon_data,
+          :eventIdFilter => eventIdFilter.to_savon_data,
+          :includeNonHostEvents => includeNonHostEvents ? "true" : "false"})[:system_events]
+      return [] if events.nil?
+      events[:item].map do |each|
+        SystemEvent.from_savon_data(each)
+      end
+    end
+
+  end
+
+end

data/lib/deepsecurity/transport_objects/time_filter.rb

@@ -0,0 +1,55 @@
+module DeepSecurity
+
+  # Used as search criteria limit the scope of objects returned by time related attributes, such as from, to, or a
+  # specific time. If the type is set to EnumTimeFilterType CUSTOM_RANGE, then the rangeFrom and rangeTo property will
+  # be required. If the EnumTimeFilterType SPECIFIC_TIME type is set, then the specifiicTime property will be required.
+  class TimeFilter < TransportObject
+
+    attr_datetime_accessor :rangeFrom
+    attr_datetime_accessor :rangeTo
+    attr_datetime_accessor :specificTime
+    # attr_integer_accessor :host_group_id
+    # attr_integer_accessor :host_id
+    # attr_integer_accessor :security_profile_id
+    attr_enum_accessor :type, EnumTimeFilterType
+
+    def self.last_hour
+      instance = self.new()
+      instance.type = :last_hour
+      instance
+    end
+
+    def self.last_24_hours
+      instance = self.new()
+      instance.type = :last_24_hours
+      instance
+    end
+
+    def self.last_7_days
+      instance = self.new()
+      instance.type = :last_7_days
+      instance
+    end
+
+    def self.custom_range(range)
+      instance = self.new()
+      instance.type = :custom_range
+      instance.rangeFrom = range.first
+      instance.rangeTo = range.last
+      instance
+    end
+
+    def self.specificTime(datetime)
+      instance = self.new()
+      instance.type = :specificTime
+      instance.specificTime = datetime
+      instance
+    end
+
+    def self.last_day
+      self.custom_range(((Date.today-1).to_time)..((Date.today).to_time-1))
+    end
+
+  end
+
+end

data/lib/deepsecurity/version.rb

@@ -0,0 +1,3 @@
+module DeepSecurity
+  VERSION = "0.0.13hf1"
+end

data/lib/deepsecurity.rb

@@ -0,0 +1,58 @@
+# @author Udo Schneider <Udo.Schneider@homeaddress.de>
+
+# require "time"
+# require "cache"
+# require "active_support/core_ext"
+
+require "json"
+
+require "savon_helper"
+
+require "deepsecurity/version"
+
+require "deepsecurity/ds_object"
+require "deepsecurity/enums"
+
+require "deepsecurity/exceptions/authentication_failed_exception"
+require "deepsecurity/exceptions/authentication_required_exception"
+
+require "deepsecurity/manager"
+require "deepsecurity/screenscraping"
+
+require "deepsecurity/transport_object"
+
+require "deepsecurity/transport_objects/host_filter"
+require "deepsecurity/transport_objects/time_filter"
+require "deepsecurity/transport_objects/id_filter"
+
+require "deepsecurity/transport_objects/dpi_rule"
+require "deepsecurity/transport_objects/protocol_icmp"
+require "deepsecurity/transport_objects/protocol_port_based"
+require "deepsecurity/transport_objects/application_type"
+require "deepsecurity/transport_objects/host_group"
+require "deepsecurity/transport_objects/host"
+require "deepsecurity/transport_objects/host_interface"
+require "deepsecurity/transport_objects/host_detail"
+require "deepsecurity/transport_objects/security_profile"
+require "deepsecurity/transport_objects/system_event"
+require "deepsecurity/transport_objects/anti_malware_spyware_item"
+require "deepsecurity/transport_objects/anti_malware_event"
+
+
+require "deepsecurity/transport_objects/private/vulnerability"
+
+module DeepSecurity
+
+  def self.logger
+    if @logger.nil?
+      @logger ||= Logger.new(STDOUT)
+      @logger.level = Logger::INFO
+    end
+    @logger
+  end
+
+  def self.dsm
+    Manager.current
+  end
+
+end

data/lib/dsc/anti_malware_event.rb

@@ -0,0 +1,101 @@
+require "progressbar"
+require "csv"
+
+module Dsc
+
+  class AntiMalwareEvent < DscObject
+
+
+    def self.transport_class
+      DeepSecurity::AntiMalwareEvent
+    end
+
+    def self.default_fields
+      [
+          # DNS name of system
+          :"host.name",
+
+
+          # fully qualified system node
+          :"host.display_name",
+
+          # signature / pattern version used in detection
+          # MISSING
+
+          # datetime the event was generated and/or received OS version
+          :log_date,
+          :start_time,
+          :end_time,
+
+          # system domain or system group
+          # MISSING
+
+          # account logged on during detection
+          # MISSING
+
+          # action taken
+          :scan_action1,
+          :scan_action2,
+          :summary_scan_result,
+
+          # result of action taken
+          :scan_result_action1,
+          :scan_result_action2,
+          # :spyware_items,
+          # :"spyware_items.to_json",
+
+          # name of malware/detection
+          :malware_name,
+          :malware_type,
+
+          # source/path/filename/object of detection
+          :infected_file_path,
+          :infection_source
+
+      ]
+    end
+
+    def self.list(hostname, port, tenat, username, password, host_filter, time_filter, fields, output, progress_bar, debug)
+      Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
+
+        progressBar = ProgressBar.new("anti_malware_event", 100) if progress_bar
+
+        DeepSecurity::Host.all # Make sure that hosts are cached
+        progressBar.set(10) if progress_bar
+
+        hostFilter = DeepSecurity::HostFilter.all_hosts
+        eventIdFilter = DeepSecurity::IDFilter.greater_than(0)
+
+
+        anti_malware_events = DeepSecurity::AntiMalwareEvent.find_all(time_filter, hostFilter, eventIdFilter)
+        progressBar.set(25) if progress_bar
+        csv = CSV.new(output)
+        csv << fields
+        anti_malware_events.each do |anti_malware_event|
+          progressBar.inc(75/anti_malware_events.size) if progress_bar
+
+          csv << fields.map { |attribute| anti_malware_event.instance_eval(attribute) }
+        end
+        progressBar.finish if progress_bar
+      end
+
+    end
+
+    def self.parse_time_filter(string)
+      filter = valid_time_filters[string.to_sym]
+      raise "Unknown time filter" if filter.nil?
+      filter
+    end
+
+    def self.valid_time_filters
+      {
+          :last_hour => DeepSecurity::TimeFilter.last_hour,
+          :last_24_hours => DeepSecurity::TimeFilter.last_24_hours,
+          :last_7_days => DeepSecurity::TimeFilter.last_7_days,
+          :last_day => DeepSecurity::TimeFilter.last_day
+      }
+    end
+
+  end
+
+end

data/lib/dsc/dsc_object.rb

@@ -0,0 +1,41 @@
+module Dsc
+
+  class DscObject
+
+
+    def self.transport_class
+      raise "Subclass responsibility!"
+    end
+
+    def self.default_fields
+      []
+    end
+
+    def self.default_fields_string
+      default_fields.join(",")
+    end
+
+    def self.schema
+      result ={}
+      transport_class.mappings.each { |key, value| result[key] = value.description }
+      result
+    end
+
+    def self.print_schema(output)
+      schema = self.schema()
+      schema.keys.sort.each do |key|
+        output.puts "#{key}: #{schema[key]}"
+      end
+    end
+
+    def self.fields_from_string(string)
+      fields = string.split(",").map(&:strip)
+      unknown_fields = fields.reject { |each| transport_class.has_attribute_chain(each) }
+      raise "Unknown field found (#{unknown_fields.join(', ')}) - known fields are: #{transport_class.defined_attributes.sort.join(', ')}" unless unknown_fields.empty?
+      fields
+    end
+
+
+  end
+
+end

data/lib/dsc/helper.rb

@@ -0,0 +1,48 @@
+module Dsc
+
+
+  def self.output_from_option(option)
+    unless option == '--'
+      output = File.open(option, 'w')
+    else
+      output = STDOUT
+    end
+
+    yield output
+
+    output.close() unless option == '--'
+  end
+
+  def self.debug_level_from_option(option)
+    return nil if option.blank?
+    return option.to_sym if (DeepSecurity::LOG_MAPPING.keys.include?(option.to_sym))
+    :debug
+  end
+
+  def self.dsm_connect(hostname, port, tenat, username, password, debug)
+
+    begin
+      dsm = DeepSecurity::Manager.server(hostname, port, debug)
+      dsm.connect(tenat, username, password)
+      yield dsm
+    rescue DeepSecurity::AuthenticationFailedException => e
+      puts "Authentication failed! #{e.message}"
+    ensure
+      dsm.disconnect()
+    end
+
+  end
+
+  def self.print_api_version(hostname, port, tenat, username, password, output, debug)
+    dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
+      output.puts dsm.api_version()
+    end
+  end
+
+  def self.print_manager_time(hostname, port, tenat, username, password, output, debug)
+    dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
+      output.puts dsm.manager_time()
+    end
+  end
+
+end

data/lib/dsc/host_detail.rb

@@ -0,0 +1,62 @@
+require "progressbar"
+require "csv"
+
+module Dsc
+
+  class HostDetail < DscObject
+
+
+    def self.transport_class
+      DeepSecurity::HostDetail
+    end
+
+    def self.default_fields
+      [
+          # DNS name of system
+          :name,
+
+          # fully qualified of system
+          :display_name,
+
+          # signature / pattern version currently in use
+          :anti_malware_classic_pattern_version,
+          :anti_malware_engine_version,
+          :anti_malware_intelli_trap_exception_version,
+          :anti_malware_intelli_trap_version,
+          :anti_malware_smart_scan_pattern_version,
+          :anti_malware_spyware_pattern_version,
+
+          # Last datetime the system was active/online
+          :overall_last_successful_communication,
+
+          #  OS version
+          :platform,
+          :host_type,
+          # system domain or system group
+          :host_group_id
+
+      # last/currently logged on account
+      ]
+
+
+    end
+
+    def self.list(hostname, port, tenat, username, password, host_filter, fields, output, progress_bar, debug)
+      Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
+        hostFilter = DeepSecurity::HostFilter.all_hosts
+        progressBar = ProgressBar.new("host_status", 100) if progress_bar
+        hostDetails = DeepSecurity::HostDetail.find_all(hostFilter, :low)
+        progressBar.set(25) if progress_bar
+        csv = CSV.new(output)
+        csv << fields
+        hostDetails.each do |hostDetail|
+          progressBar.inc(75/hostDetails.size) if progress_bar
+          csv << fields.map { |attribute| hostDetail.instance_eval(attribute) }
+        end
+        progressBar.finish if progress_bar
+      end
+    end
+
+  end
+
+end

data/lib/dsc.rb

@@ -0,0 +1,6 @@
+require 'dsc_version'
+require 'dsc/helper'
+
+require "dsc/dsc_object"
+require "dsc/host_detail"
+require "dsc/anti_malware_event"

data/lib/dsc_version.rb

@@ -0,0 +1,3 @@
+module Dsc
+  VERSION = DeepSecurity::VERSION
+end

data/lib/savon_helper/caching_object.rb

@@ -0,0 +1,48 @@
+# @author Udo Schneider <Udo.Schneider@homeaddress.de>
+
+module SavonHelper
+
+  class CachingObject < MappingObject
+
+    @@cache_aspects = Hash.new()
+
+    # @group Caching
+
+    def self.cache_aspects
+      aspect = @@cache_aspects[self]
+      return aspect if !aspect.nil?
+      @@cache_aspects[self] = Set.new()
+      @@cache_aspects[self]
+    end
+
+    def self.cache_by_aspect(*symbols)
+      symbols.each { |each| cache_aspects.add(each) }
+    end
+
+    def self.cache_key(aspect, value)
+      "#{self}-#{aspect}-#{value}"
+    end
+
+    def cache_aspects
+      self.class.cache_aspects
+    end
+
+    def cache_key(aspect)
+      self.class.cache_key(aspect, self.send(aspect))
+    end
+
+    def cachable?
+      !cache_aspects.empty?
+    end
+
+    def cache
+      DeepSecurity::Manager.current.cache
+    end
+
+    def store_in_cache
+      cache_aspects.each { |aspect| cache.store(self.cache_key(aspect), self) }
+    end
+
+  end
+
+end