deepsecurity 0.0.13hf1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +25 -0
- data/.yardopts +4 -0
- data/Gemfile +4 -0
- data/LICENSE +22 -0
- data/README.md +29 -0
- data/Rakefile +2 -0
- data/bin/dsc +186 -0
- data/deepsecurity.gemspec +30 -0
- data/lib/deepsecurity/ds_object.rb +37 -0
- data/lib/deepsecurity/enums.rb +539 -0
- data/lib/deepsecurity/exceptions/authentication_failed_exception.rb +7 -0
- data/lib/deepsecurity/exceptions/authentication_required_exception.rb +6 -0
- data/lib/deepsecurity/manager.rb +223 -0
- data/lib/deepsecurity/screenscraping.rb +149 -0
- data/lib/deepsecurity/transport_object.rb +21 -0
- data/lib/deepsecurity/transport_objects/anti_malware_event.rb +106 -0
- data/lib/deepsecurity/transport_objects/anti_malware_spyware_item.rb +32 -0
- data/lib/deepsecurity/transport_objects/application_type.rb +58 -0
- data/lib/deepsecurity/transport_objects/dpi_rule.rb +113 -0
- data/lib/deepsecurity/transport_objects/host.rb +171 -0
- data/lib/deepsecurity/transport_objects/host_detail.rb +167 -0
- data/lib/deepsecurity/transport_objects/host_filter.rb +62 -0
- data/lib/deepsecurity/transport_objects/host_group.rb +41 -0
- data/lib/deepsecurity/transport_objects/host_interface.rb +42 -0
- data/lib/deepsecurity/transport_objects/id_filter.rb +37 -0
- data/lib/deepsecurity/transport_objects/private/vulnerability.rb +52 -0
- data/lib/deepsecurity/transport_objects/protocol_icmp.rb +13 -0
- data/lib/deepsecurity/transport_objects/protocol_port_based.rb +11 -0
- data/lib/deepsecurity/transport_objects/security_profile.rb +90 -0
- data/lib/deepsecurity/transport_objects/system_event.rb +45 -0
- data/lib/deepsecurity/transport_objects/time_filter.rb +55 -0
- data/lib/deepsecurity/version.rb +3 -0
- data/lib/deepsecurity.rb +58 -0
- data/lib/dsc/anti_malware_event.rb +101 -0
- data/lib/dsc/dsc_object.rb +41 -0
- data/lib/dsc/helper.rb +48 -0
- data/lib/dsc/host_detail.rb +62 -0
- data/lib/dsc.rb +6 -0
- data/lib/dsc_version.rb +3 -0
- data/lib/savon_helper/caching_object.rb +48 -0
- data/lib/savon_helper/mapping_object.rb +421 -0
- data/lib/savon_helper/missing_type_mapping_exception.rb +11 -0
- data/lib/savon_helper/soap_exception.rb +7 -0
- data/lib/savon_helper/type_mappings.rb +218 -0
- data/lib/savon_helper.rb +7 -0
- metadata +188 -0
@@ -0,0 +1,90 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Represents a Security Profile container that can be assigned to other Computers by ID using their HostTransport object.
|
4
|
+
class SecurityProfile < TransportObject
|
5
|
+
|
6
|
+
attr_integer_accessor :id,
|
7
|
+
"SecurityProfileTransport ID"
|
8
|
+
attr_string_accessor :description,
|
9
|
+
"SecurityProfileTransport description"
|
10
|
+
attr_string_accessor :name,
|
11
|
+
"SecurityProfileTransport name"
|
12
|
+
array_integer_accessor :dpi_rule_i_ds,
|
13
|
+
"Array of assigned DPIRuleTransport IDs",
|
14
|
+
:dpi_rule_ids
|
15
|
+
attr_enum_accessor :dpi_state,
|
16
|
+
EnumSecurityProfileDPIState,
|
17
|
+
"Assigned EnumSecurityProfileDPIState, e.g., :on, :off, :passiv, :inherited"
|
18
|
+
attr_integer_accessor :anti_malware_manual_id,
|
19
|
+
"Anti Malware Manual ID"
|
20
|
+
attr_boolean_accessor :anti_malware_manual_inherit,
|
21
|
+
"Anti Malware Manual Inherit"
|
22
|
+
attr_integer_accessor :anti_malware_real_time_id,
|
23
|
+
"Anti Malware Real Time ID"
|
24
|
+
attr_boolean_accessor :anti_malware_real_time_inherit,
|
25
|
+
"Anti Malware Real Time Inherit"
|
26
|
+
attr_integer_accessor :anti_malware_real_time_schedule_id,
|
27
|
+
"Anti Malware Real Time Schedule ID"
|
28
|
+
attr_integer_accessor :anti_malware_scheduled_id,
|
29
|
+
"Anti Malware Scheduled ID"
|
30
|
+
attr_boolean_accessor :anti_malware_scheduled_inherit,
|
31
|
+
"Anti Malware Scheduled Inherit"
|
32
|
+
attr_enum_accessor :anti_malware_state,
|
33
|
+
EnumSecurityProfileAntiMalwareState,
|
34
|
+
"Assigned EnumSecurityProfileAntiMalwareState, e.g., :on, :off, :inherited"
|
35
|
+
array_integer_accessor :application_type_i_ds,
|
36
|
+
"Array of assigned ApplicationTypeTransport IDs",
|
37
|
+
:application_type_ids
|
38
|
+
array_integer_accessor :firewall_rule_i_ds,
|
39
|
+
"Array of assigned FirewallRuleTransport IDs",
|
40
|
+
:firewall_rule_ids
|
41
|
+
attr_enum_accessor :firewall_state,
|
42
|
+
EnumSecurityProfileFirewallState,
|
43
|
+
"Assigned EnumSecurityProfileFirewallState, e.g., :on, :off, :inherited"
|
44
|
+
array_integer_accessor :integrity_rule_i_ds,
|
45
|
+
"Array of assigned IntegrityMonitoringRuleTransport IDs",
|
46
|
+
:integrity_rule_ids
|
47
|
+
attr_enum_accessor :integrity_state,
|
48
|
+
EnumSecurityProfileIntegrityState,
|
49
|
+
"Assigned EnumSecurityProfileIntegrityState, e.g., :on, :off, :inherited"
|
50
|
+
array_integer_accessor :log_inspection_rule_i_ds,
|
51
|
+
"Array of assigned LogInspectionRuleTransport IDs",
|
52
|
+
:log_inspection_rule_ids
|
53
|
+
attr_enum_accessor :log_inspection_state,
|
54
|
+
EnumSecurityProfileLogInspectionState,
|
55
|
+
"Assigned EnumSecurityProfileLogInspectionState, e.g., :on, :off, :inherited"
|
56
|
+
attr_enum_accessor :recommendation_state,
|
57
|
+
EnumSecurityProfileRecommendationState,
|
58
|
+
"Assigned EnumSecurityProfileRecommendationState, e.g., :on, :off, :inherited"
|
59
|
+
attr_integer_accessor :schedule_id,
|
60
|
+
"Assigned ScheduleTransport ID"
|
61
|
+
attr_integer_accessor :stateful_configuration_id,
|
62
|
+
"Assigned StatefulConfigurationTransport ID"
|
63
|
+
|
64
|
+
cache_by_aspect :id, :name
|
65
|
+
|
66
|
+
end
|
67
|
+
|
68
|
+
class Manager
|
69
|
+
|
70
|
+
def security_profiles
|
71
|
+
cache.fetch(SecurityProfile.cache_key(:all, :all)) do
|
72
|
+
request_array("security_profile_retrieve_all", SecurityProfile)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def security_profile(id)
|
77
|
+
cache.fetch(SecurityProfile.cache_key(:id, id)) do
|
78
|
+
request_object("security_profile_retrieve", SecurityProfile, {:id => id})
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def security_profile_by_name(name)
|
83
|
+
cache.fetch(SecurityProfile.cache_key(:name, name)) do
|
84
|
+
request_object("security_profile_retrieve_by_name", SecurityProfile, {:name => name})
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
end
|
89
|
+
|
90
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
class SystemEvent < TransportObject
|
4
|
+
|
5
|
+
# Represents a Deep Security Manager System event. A System event can target many different aspects of Deep
|
6
|
+
# Security, such as a configuration change to a Security Profile or Computer setting, or applying a Security Update to a Computer.
|
7
|
+
|
8
|
+
attr_string_accessor :action_performed_by
|
9
|
+
attr_string_accessor :description
|
10
|
+
attr_string_accessor :event
|
11
|
+
attr_integer_accessor :event_id
|
12
|
+
attr_enum_accessor :event_origin, EnumEventOrigin
|
13
|
+
attr_string_accessor :manager_hostname
|
14
|
+
attr_integer_accessor :system_event_id
|
15
|
+
attr_string_accessor :tags
|
16
|
+
attr_string_accessor :target
|
17
|
+
attr_integer_accessor :target_id
|
18
|
+
attr_string_accessor :target_type
|
19
|
+
attr_datetime_accessor :time
|
20
|
+
attr_string_accessor :type
|
21
|
+
|
22
|
+
# cache_by_aspect :id, :name
|
23
|
+
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
class Manager
|
28
|
+
|
29
|
+
# Retrieves the system events specified by the time, host and event ID filters. System events that do not pertain
|
30
|
+
# to hosts can be included or excluded.
|
31
|
+
def system_events(timeFilter, hostFilter, eventIdFilter, includeNonHostEvents)
|
32
|
+
events = send_authenticated_soap("system_event_retrieve", {
|
33
|
+
:timeFilter => timeFilter.to_savon_data,
|
34
|
+
:hostFilter => hostFilter.to_savon_data,
|
35
|
+
:eventIdFilter => eventIdFilter.to_savon_data,
|
36
|
+
:includeNonHostEvents => includeNonHostEvents ? "true" : "false"})[:system_events]
|
37
|
+
return [] if events.nil?
|
38
|
+
events[:item].map do |each|
|
39
|
+
SystemEvent.from_savon_data(each)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
@@ -0,0 +1,55 @@
|
|
1
|
+
module DeepSecurity
|
2
|
+
|
3
|
+
# Used as search criteria limit the scope of objects returned by time related attributes, such as from, to, or a
|
4
|
+
# specific time. If the type is set to EnumTimeFilterType CUSTOM_RANGE, then the rangeFrom and rangeTo property will
|
5
|
+
# be required. If the EnumTimeFilterType SPECIFIC_TIME type is set, then the specifiicTime property will be required.
|
6
|
+
class TimeFilter < TransportObject
|
7
|
+
|
8
|
+
attr_datetime_accessor :rangeFrom
|
9
|
+
attr_datetime_accessor :rangeTo
|
10
|
+
attr_datetime_accessor :specificTime
|
11
|
+
# attr_integer_accessor :host_group_id
|
12
|
+
# attr_integer_accessor :host_id
|
13
|
+
# attr_integer_accessor :security_profile_id
|
14
|
+
attr_enum_accessor :type, EnumTimeFilterType
|
15
|
+
|
16
|
+
def self.last_hour
|
17
|
+
instance = self.new()
|
18
|
+
instance.type = :last_hour
|
19
|
+
instance
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.last_24_hours
|
23
|
+
instance = self.new()
|
24
|
+
instance.type = :last_24_hours
|
25
|
+
instance
|
26
|
+
end
|
27
|
+
|
28
|
+
def self.last_7_days
|
29
|
+
instance = self.new()
|
30
|
+
instance.type = :last_7_days
|
31
|
+
instance
|
32
|
+
end
|
33
|
+
|
34
|
+
def self.custom_range(range)
|
35
|
+
instance = self.new()
|
36
|
+
instance.type = :custom_range
|
37
|
+
instance.rangeFrom = range.first
|
38
|
+
instance.rangeTo = range.last
|
39
|
+
instance
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.specificTime(datetime)
|
43
|
+
instance = self.new()
|
44
|
+
instance.type = :specificTime
|
45
|
+
instance.specificTime = datetime
|
46
|
+
instance
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.last_day
|
50
|
+
self.custom_range(((Date.today-1).to_time)..((Date.today).to_time-1))
|
51
|
+
end
|
52
|
+
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
data/lib/deepsecurity.rb
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
# @author Udo Schneider <Udo.Schneider@homeaddress.de>
|
2
|
+
|
3
|
+
# require "time"
|
4
|
+
# require "cache"
|
5
|
+
# require "active_support/core_ext"
|
6
|
+
|
7
|
+
require "json"
|
8
|
+
|
9
|
+
require "savon_helper"
|
10
|
+
|
11
|
+
require "deepsecurity/version"
|
12
|
+
|
13
|
+
require "deepsecurity/ds_object"
|
14
|
+
require "deepsecurity/enums"
|
15
|
+
|
16
|
+
require "deepsecurity/exceptions/authentication_failed_exception"
|
17
|
+
require "deepsecurity/exceptions/authentication_required_exception"
|
18
|
+
|
19
|
+
require "deepsecurity/manager"
|
20
|
+
require "deepsecurity/screenscraping"
|
21
|
+
|
22
|
+
require "deepsecurity/transport_object"
|
23
|
+
|
24
|
+
require "deepsecurity/transport_objects/host_filter"
|
25
|
+
require "deepsecurity/transport_objects/time_filter"
|
26
|
+
require "deepsecurity/transport_objects/id_filter"
|
27
|
+
|
28
|
+
require "deepsecurity/transport_objects/dpi_rule"
|
29
|
+
require "deepsecurity/transport_objects/protocol_icmp"
|
30
|
+
require "deepsecurity/transport_objects/protocol_port_based"
|
31
|
+
require "deepsecurity/transport_objects/application_type"
|
32
|
+
require "deepsecurity/transport_objects/host_group"
|
33
|
+
require "deepsecurity/transport_objects/host"
|
34
|
+
require "deepsecurity/transport_objects/host_interface"
|
35
|
+
require "deepsecurity/transport_objects/host_detail"
|
36
|
+
require "deepsecurity/transport_objects/security_profile"
|
37
|
+
require "deepsecurity/transport_objects/system_event"
|
38
|
+
require "deepsecurity/transport_objects/anti_malware_spyware_item"
|
39
|
+
require "deepsecurity/transport_objects/anti_malware_event"
|
40
|
+
|
41
|
+
|
42
|
+
require "deepsecurity/transport_objects/private/vulnerability"
|
43
|
+
|
44
|
+
module DeepSecurity
|
45
|
+
|
46
|
+
def self.logger
|
47
|
+
if @logger.nil?
|
48
|
+
@logger ||= Logger.new(STDOUT)
|
49
|
+
@logger.level = Logger::INFO
|
50
|
+
end
|
51
|
+
@logger
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.dsm
|
55
|
+
Manager.current
|
56
|
+
end
|
57
|
+
|
58
|
+
end
|
@@ -0,0 +1,101 @@
|
|
1
|
+
require "progressbar"
|
2
|
+
require "csv"
|
3
|
+
|
4
|
+
module Dsc
|
5
|
+
|
6
|
+
class AntiMalwareEvent < DscObject
|
7
|
+
|
8
|
+
|
9
|
+
def self.transport_class
|
10
|
+
DeepSecurity::AntiMalwareEvent
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.default_fields
|
14
|
+
[
|
15
|
+
# DNS name of system
|
16
|
+
:"host.name",
|
17
|
+
|
18
|
+
|
19
|
+
# fully qualified system node
|
20
|
+
:"host.display_name",
|
21
|
+
|
22
|
+
# signature / pattern version used in detection
|
23
|
+
# MISSING
|
24
|
+
|
25
|
+
# datetime the event was generated and/or received OS version
|
26
|
+
:log_date,
|
27
|
+
:start_time,
|
28
|
+
:end_time,
|
29
|
+
|
30
|
+
# system domain or system group
|
31
|
+
# MISSING
|
32
|
+
|
33
|
+
# account logged on during detection
|
34
|
+
# MISSING
|
35
|
+
|
36
|
+
# action taken
|
37
|
+
:scan_action1,
|
38
|
+
:scan_action2,
|
39
|
+
:summary_scan_result,
|
40
|
+
|
41
|
+
# result of action taken
|
42
|
+
:scan_result_action1,
|
43
|
+
:scan_result_action2,
|
44
|
+
# :spyware_items,
|
45
|
+
# :"spyware_items.to_json",
|
46
|
+
|
47
|
+
# name of malware/detection
|
48
|
+
:malware_name,
|
49
|
+
:malware_type,
|
50
|
+
|
51
|
+
# source/path/filename/object of detection
|
52
|
+
:infected_file_path,
|
53
|
+
:infection_source
|
54
|
+
|
55
|
+
]
|
56
|
+
end
|
57
|
+
|
58
|
+
def self.list(hostname, port, tenat, username, password, host_filter, time_filter, fields, output, progress_bar, debug)
|
59
|
+
Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
60
|
+
|
61
|
+
progressBar = ProgressBar.new("anti_malware_event", 100) if progress_bar
|
62
|
+
|
63
|
+
DeepSecurity::Host.all # Make sure that hosts are cached
|
64
|
+
progressBar.set(10) if progress_bar
|
65
|
+
|
66
|
+
hostFilter = DeepSecurity::HostFilter.all_hosts
|
67
|
+
eventIdFilter = DeepSecurity::IDFilter.greater_than(0)
|
68
|
+
|
69
|
+
|
70
|
+
anti_malware_events = DeepSecurity::AntiMalwareEvent.find_all(time_filter, hostFilter, eventIdFilter)
|
71
|
+
progressBar.set(25) if progress_bar
|
72
|
+
csv = CSV.new(output)
|
73
|
+
csv << fields
|
74
|
+
anti_malware_events.each do |anti_malware_event|
|
75
|
+
progressBar.inc(75/anti_malware_events.size) if progress_bar
|
76
|
+
|
77
|
+
csv << fields.map { |attribute| anti_malware_event.instance_eval(attribute) }
|
78
|
+
end
|
79
|
+
progressBar.finish if progress_bar
|
80
|
+
end
|
81
|
+
|
82
|
+
end
|
83
|
+
|
84
|
+
def self.parse_time_filter(string)
|
85
|
+
filter = valid_time_filters[string.to_sym]
|
86
|
+
raise "Unknown time filter" if filter.nil?
|
87
|
+
filter
|
88
|
+
end
|
89
|
+
|
90
|
+
def self.valid_time_filters
|
91
|
+
{
|
92
|
+
:last_hour => DeepSecurity::TimeFilter.last_hour,
|
93
|
+
:last_24_hours => DeepSecurity::TimeFilter.last_24_hours,
|
94
|
+
:last_7_days => DeepSecurity::TimeFilter.last_7_days,
|
95
|
+
:last_day => DeepSecurity::TimeFilter.last_day
|
96
|
+
}
|
97
|
+
end
|
98
|
+
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
module Dsc
|
2
|
+
|
3
|
+
class DscObject
|
4
|
+
|
5
|
+
|
6
|
+
def self.transport_class
|
7
|
+
raise "Subclass responsibility!"
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.default_fields
|
11
|
+
[]
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.default_fields_string
|
15
|
+
default_fields.join(",")
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.schema
|
19
|
+
result ={}
|
20
|
+
transport_class.mappings.each { |key, value| result[key] = value.description }
|
21
|
+
result
|
22
|
+
end
|
23
|
+
|
24
|
+
def self.print_schema(output)
|
25
|
+
schema = self.schema()
|
26
|
+
schema.keys.sort.each do |key|
|
27
|
+
output.puts "#{key}: #{schema[key]}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
def self.fields_from_string(string)
|
32
|
+
fields = string.split(",").map(&:strip)
|
33
|
+
unknown_fields = fields.reject { |each| transport_class.has_attribute_chain(each) }
|
34
|
+
raise "Unknown field found (#{unknown_fields.join(', ')}) - known fields are: #{transport_class.defined_attributes.sort.join(', ')}" unless unknown_fields.empty?
|
35
|
+
fields
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
data/lib/dsc/helper.rb
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
module Dsc
|
2
|
+
|
3
|
+
|
4
|
+
def self.output_from_option(option)
|
5
|
+
unless option == '--'
|
6
|
+
output = File.open(option, 'w')
|
7
|
+
else
|
8
|
+
output = STDOUT
|
9
|
+
end
|
10
|
+
|
11
|
+
yield output
|
12
|
+
|
13
|
+
output.close() unless option == '--'
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.debug_level_from_option(option)
|
17
|
+
return nil if option.blank?
|
18
|
+
return option.to_sym if (DeepSecurity::LOG_MAPPING.keys.include?(option.to_sym))
|
19
|
+
:debug
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.dsm_connect(hostname, port, tenat, username, password, debug)
|
23
|
+
|
24
|
+
begin
|
25
|
+
dsm = DeepSecurity::Manager.server(hostname, port, debug)
|
26
|
+
dsm.connect(tenat, username, password)
|
27
|
+
yield dsm
|
28
|
+
rescue DeepSecurity::AuthenticationFailedException => e
|
29
|
+
puts "Authentication failed! #{e.message}"
|
30
|
+
ensure
|
31
|
+
dsm.disconnect()
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
|
36
|
+
def self.print_api_version(hostname, port, tenat, username, password, output, debug)
|
37
|
+
dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
38
|
+
output.puts dsm.api_version()
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def self.print_manager_time(hostname, port, tenat, username, password, output, debug)
|
43
|
+
dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
44
|
+
output.puts dsm.manager_time()
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require "progressbar"
|
2
|
+
require "csv"
|
3
|
+
|
4
|
+
module Dsc
|
5
|
+
|
6
|
+
class HostDetail < DscObject
|
7
|
+
|
8
|
+
|
9
|
+
def self.transport_class
|
10
|
+
DeepSecurity::HostDetail
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.default_fields
|
14
|
+
[
|
15
|
+
# DNS name of system
|
16
|
+
:name,
|
17
|
+
|
18
|
+
# fully qualified of system
|
19
|
+
:display_name,
|
20
|
+
|
21
|
+
# signature / pattern version currently in use
|
22
|
+
:anti_malware_classic_pattern_version,
|
23
|
+
:anti_malware_engine_version,
|
24
|
+
:anti_malware_intelli_trap_exception_version,
|
25
|
+
:anti_malware_intelli_trap_version,
|
26
|
+
:anti_malware_smart_scan_pattern_version,
|
27
|
+
:anti_malware_spyware_pattern_version,
|
28
|
+
|
29
|
+
# Last datetime the system was active/online
|
30
|
+
:overall_last_successful_communication,
|
31
|
+
|
32
|
+
# OS version
|
33
|
+
:platform,
|
34
|
+
:host_type,
|
35
|
+
# system domain or system group
|
36
|
+
:host_group_id
|
37
|
+
|
38
|
+
# last/currently logged on account
|
39
|
+
]
|
40
|
+
|
41
|
+
|
42
|
+
end
|
43
|
+
|
44
|
+
def self.list(hostname, port, tenat, username, password, host_filter, fields, output, progress_bar, debug)
|
45
|
+
Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
46
|
+
hostFilter = DeepSecurity::HostFilter.all_hosts
|
47
|
+
progressBar = ProgressBar.new("host_status", 100) if progress_bar
|
48
|
+
hostDetails = DeepSecurity::HostDetail.find_all(hostFilter, :low)
|
49
|
+
progressBar.set(25) if progress_bar
|
50
|
+
csv = CSV.new(output)
|
51
|
+
csv << fields
|
52
|
+
hostDetails.each do |hostDetail|
|
53
|
+
progressBar.inc(75/hostDetails.size) if progress_bar
|
54
|
+
csv << fields.map { |attribute| hostDetail.instance_eval(attribute) }
|
55
|
+
end
|
56
|
+
progressBar.finish if progress_bar
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
|
62
|
+
end
|
data/lib/dsc.rb
ADDED
data/lib/dsc_version.rb
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
# @author Udo Schneider <Udo.Schneider@homeaddress.de>
|
2
|
+
|
3
|
+
module SavonHelper
|
4
|
+
|
5
|
+
class CachingObject < MappingObject
|
6
|
+
|
7
|
+
@@cache_aspects = Hash.new()
|
8
|
+
|
9
|
+
# @group Caching
|
10
|
+
|
11
|
+
def self.cache_aspects
|
12
|
+
aspect = @@cache_aspects[self]
|
13
|
+
return aspect if !aspect.nil?
|
14
|
+
@@cache_aspects[self] = Set.new()
|
15
|
+
@@cache_aspects[self]
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.cache_by_aspect(*symbols)
|
19
|
+
symbols.each { |each| cache_aspects.add(each) }
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.cache_key(aspect, value)
|
23
|
+
"#{self}-#{aspect}-#{value}"
|
24
|
+
end
|
25
|
+
|
26
|
+
def cache_aspects
|
27
|
+
self.class.cache_aspects
|
28
|
+
end
|
29
|
+
|
30
|
+
def cache_key(aspect)
|
31
|
+
self.class.cache_key(aspect, self.send(aspect))
|
32
|
+
end
|
33
|
+
|
34
|
+
def cachable?
|
35
|
+
!cache_aspects.empty?
|
36
|
+
end
|
37
|
+
|
38
|
+
def cache
|
39
|
+
DeepSecurity::Manager.current.cache
|
40
|
+
end
|
41
|
+
|
42
|
+
def store_in_cache
|
43
|
+
cache_aspects.each { |aspect| cache.store(self.cache_key(aspect), self) }
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|