deepsecurity 0.0.15 → 0.0.16
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +0 -2
- data/bin/dsc +19 -90
- data/deepsecurity.gemspec +5 -5
- data/lib/deepsecurity/version.rb +1 -1
- data/lib/dsc/anti_malware_event_command.rb +86 -0
- data/lib/dsc/command.rb +184 -0
- data/lib/dsc/helper.rb +0 -42
- data/lib/dsc/{host_detail.rb → host_detail_command.rb} +17 -20
- data/lib/dsc.rb +3 -3
- data/lib/savon_helper/type_mappings.rb +48 -1
- metadata +44 -12
- data/lib/dsc/anti_malware_event.rb +0 -101
- data/lib/dsc/dsc_object.rb +0 -41
data/.yardopts
CHANGED
data/bin/dsc
CHANGED
@@ -27,11 +27,11 @@ program_desc 'DeepSecurity command line client'
|
|
27
27
|
|
28
28
|
version Dsc::VERSION
|
29
29
|
|
30
|
-
desc
|
30
|
+
desc "Enable client debug output. (One of #{Dsc::Command.valid_debug_levels_string})"
|
31
31
|
arg_name 'debug'
|
32
32
|
flag [:d, :debug]
|
33
33
|
|
34
|
-
desc 'Deep Security Manager'
|
34
|
+
desc 'Deep Security Manager Host'
|
35
35
|
arg_name 'hostname'
|
36
36
|
flag [:m, :manager]
|
37
37
|
|
@@ -40,7 +40,7 @@ arg_name 'port'
|
|
40
40
|
default_value '4119'
|
41
41
|
flag [:port]
|
42
42
|
|
43
|
-
desc '
|
43
|
+
desc 'Tenat Name'
|
44
44
|
arg_name 'tenat'
|
45
45
|
default_value ''
|
46
46
|
flag [:t, :tenant]
|
@@ -54,111 +54,40 @@ desc 'Password'
|
|
54
54
|
arg_name 'password'
|
55
55
|
flag [:p, :password]
|
56
56
|
|
57
|
-
desc 'Output
|
57
|
+
desc 'Output filename'
|
58
58
|
default_value '--'
|
59
59
|
flag [:o, :outfile]
|
60
60
|
|
61
|
-
desc 'Show
|
61
|
+
desc 'Show progressbar'
|
62
62
|
default_value false
|
63
63
|
switch [:P]
|
64
64
|
|
65
|
-
|
66
|
-
|
67
|
-
command
|
68
|
-
|
69
|
-
c
|
70
|
-
c.command :list do |list|
|
71
|
-
|
72
|
-
list.desc 'fields'
|
73
|
-
list.default_value Dsc::HostDetail.default_fields_string
|
74
|
-
list.flag [:fields]
|
75
|
-
|
76
|
-
list.action do |global_options, options, args|
|
77
|
-
Dsc.output_from_option(global_options[:o]) do |output|
|
78
|
-
Dsc::HostDetail.list(global_options[:m],
|
79
|
-
global_options[:port].to_i,
|
80
|
-
global_options[:t],
|
81
|
-
global_options[:u],
|
82
|
-
global_options[:p],
|
83
|
-
:host_filter,
|
84
|
-
Dsc::HostDetail.fields_from_string(options[:fields]),
|
85
|
-
output, global_options[:P],
|
86
|
-
Dsc.debug_level_from_option(global_options[:d]))
|
87
|
-
end
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
c.desc "schema"
|
92
|
-
c.command :schema do |schema|
|
93
|
-
schema.action do |global_options, options, args|
|
94
|
-
Dsc.output_from_option(global_options[:o]) do |output|
|
95
|
-
Dsc::HostDetail.print_schema(output)
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
65
|
+
command_class = Dsc::HostDetailCommand
|
66
|
+
desc "Access #{command_class.transport_class_string}s"
|
67
|
+
command command_class.command_symbol do |c|
|
68
|
+
command_class.define_list_command(c)
|
69
|
+
command_class.define_schema_command(c)
|
100
70
|
end
|
101
71
|
|
102
|
-
|
103
|
-
|
104
|
-
command
|
105
|
-
|
106
|
-
c
|
107
|
-
c.command :list do |list|
|
108
|
-
|
109
|
-
list.desc 'fields'
|
110
|
-
list.default_value Dsc::AntiMalwareEvent.default_fields_string
|
111
|
-
list.flag [:fields]
|
112
|
-
|
113
|
-
list.desc 'time filter'
|
114
|
-
list.long_desc "One of #{Dsc::AntiMalwareEvent.valid_time_filters.keys.join(', ')}"
|
115
|
-
list.default_value "last_day"
|
116
|
-
list.flag [:time_filter]
|
117
|
-
|
118
|
-
list.action do |global_options, options, args|
|
119
|
-
Dsc.output_from_option(global_options[:o]) do |output|
|
120
|
-
Dsc::AntiMalwareEvent.list(global_options[:m],
|
121
|
-
global_options[:port].to_i,
|
122
|
-
global_options[:t],
|
123
|
-
global_options[:u],
|
124
|
-
global_options[:p],
|
125
|
-
:host_filter,
|
126
|
-
Dsc::AntiMalwareEvent.parse_time_filter(options[:time_filter]),
|
127
|
-
Dsc::AntiMalwareEvent.fields_from_string(options[:fields]),
|
128
|
-
output, global_options[:P],
|
129
|
-
Dsc.debug_level_from_option(global_options[:d]))
|
130
|
-
end
|
131
|
-
end
|
132
|
-
end
|
133
|
-
|
134
|
-
c.desc "schema"
|
135
|
-
c.command :schema do |schema|
|
136
|
-
schema.action do |global_options, options, args|
|
137
|
-
Dsc.output_from_option(global_options[:o]) do |output|
|
138
|
-
Dsc::AntiMalwareEvent.print_schema(output)
|
139
|
-
end
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
72
|
+
command_class = Dsc::AntiMalwareEventCommand
|
73
|
+
desc "Access #{command_class.transport_class_string}s"
|
74
|
+
command command_class.command_symbol do |c|
|
75
|
+
command_class.define_list_command(c)
|
76
|
+
command_class.define_schema_command(c)
|
143
77
|
end
|
144
78
|
|
145
|
-
desc 'API Version'
|
79
|
+
desc 'Display API Version'
|
146
80
|
command :api_version do |c|
|
147
|
-
|
148
81
|
c.action do |global_options, options, args|
|
149
|
-
Dsc.
|
150
|
-
Dsc.print_api_version(global_options[:m], global_options[:port].to_i, global_options[:t], global_options[:u], global_options[:p], output, Dsc.debug_level_from_option(global_options[:d]))
|
151
|
-
end
|
82
|
+
Dsc::Command.new(global_options).print_api_version(options, args)
|
152
83
|
end
|
153
84
|
end
|
154
85
|
|
155
|
-
desc 'Manager time'
|
86
|
+
desc 'Display Manager time'
|
156
87
|
command :manager_time do |c|
|
157
88
|
|
158
89
|
c.action do |global_options, options, args|
|
159
|
-
Dsc.
|
160
|
-
Dsc.print_manager_time(global_options[:m], global_options[:port].to_i, global_options[:t], global_options[:u], global_options[:p], output, Dsc.debug_level_from_option(global_options[:d]))
|
161
|
-
end
|
90
|
+
Dsc::Command.new(global_options).print_manager_time(options, args)
|
162
91
|
end
|
163
92
|
end
|
164
93
|
|
data/deepsecurity.gemspec
CHANGED
@@ -15,16 +15,16 @@ Gem::Specification.new do |gem|
|
|
15
15
|
gem.require_paths = ["lib"]
|
16
16
|
gem.version = DeepSecurity::VERSION
|
17
17
|
|
18
|
-
gem.add_dependency "json"
|
19
18
|
gem.add_dependency "savon"
|
20
19
|
gem.add_dependency "ruby-cache"
|
21
20
|
|
22
21
|
gem.add_dependency "gli"
|
23
|
-
|
24
|
-
gem.add_dependency 'yard'
|
25
|
-
# gem.add_dependency 'redcarpet'
|
26
|
-
# gem.add_dependency 'github-markup'
|
27
22
|
gem.add_dependency 'progressbar'
|
23
|
+
gem.add_dependency "json"
|
24
|
+
|
25
|
+
gem.add_development_dependency 'yard'
|
26
|
+
gem.add_development_dependency 'redcarpet'
|
27
|
+
gem.add_development_dependency 'github-markup'
|
28
28
|
|
29
29
|
end
|
30
30
|
|
data/lib/deepsecurity/version.rb
CHANGED
@@ -0,0 +1,86 @@
|
|
1
|
+
module Dsc
|
2
|
+
|
3
|
+
class AntiMalwareEventCommand < Command
|
4
|
+
|
5
|
+
|
6
|
+
def self.transport_class
|
7
|
+
DeepSecurity::AntiMalwareEvent
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.default_fields
|
11
|
+
[
|
12
|
+
# DNS name of system
|
13
|
+
:"host.name",
|
14
|
+
|
15
|
+
|
16
|
+
# fully qualified system node
|
17
|
+
:"host.display_name",
|
18
|
+
|
19
|
+
# signature / pattern version used in detection
|
20
|
+
# MISSING
|
21
|
+
|
22
|
+
# datetime the event was generated and/or received OS version
|
23
|
+
:log_date,
|
24
|
+
:start_time,
|
25
|
+
:end_time,
|
26
|
+
|
27
|
+
# system domain or system group
|
28
|
+
# MISSING
|
29
|
+
|
30
|
+
# account logged on during detection
|
31
|
+
# MISSING
|
32
|
+
|
33
|
+
# action taken
|
34
|
+
:scan_action1,
|
35
|
+
:scan_action2,
|
36
|
+
:summary_scan_result,
|
37
|
+
|
38
|
+
# result of action taken
|
39
|
+
:scan_result_action1,
|
40
|
+
:scan_result_action2,
|
41
|
+
# :spyware_items,
|
42
|
+
# :"spyware_items.to_json",
|
43
|
+
|
44
|
+
# name of malware/detection
|
45
|
+
:malware_name,
|
46
|
+
:malware_type,
|
47
|
+
|
48
|
+
# source/path/filename/object of detection
|
49
|
+
:infected_file_path,
|
50
|
+
:infection_source
|
51
|
+
|
52
|
+
]
|
53
|
+
end
|
54
|
+
|
55
|
+
def list(options, args)
|
56
|
+
fields = parse_fields(options[:fields])
|
57
|
+
time_filter = parse_time_filter(options[:time_filter])
|
58
|
+
output do |output|
|
59
|
+
authenticate do |dsm|
|
60
|
+
progressBar = ProgressBar.new("anti_malware_event", 100) if @show_progress_bar
|
61
|
+
DeepSecurity::Host.all # Make sure that hosts are cached
|
62
|
+
progressBar.set(10) if @show_progress_bar
|
63
|
+
hostFilter = DeepSecurity::HostFilter.all_hosts
|
64
|
+
eventIdFilter = DeepSecurity::IDFilter.greater_than(0)
|
65
|
+
anti_malware_events = DeepSecurity::AntiMalwareEvent.find_all(time_filter, hostFilter, eventIdFilter)
|
66
|
+
progressBar.set(25) if @show_progress_bar
|
67
|
+
csv = CSV.new(output)
|
68
|
+
csv << fields
|
69
|
+
anti_malware_events.each do |anti_malware_event|
|
70
|
+
progressBar.inc(75/anti_malware_events.size) if @show_progress_bar
|
71
|
+
csv << fields.map { |attribute| anti_malware_event.instance_eval(attribute) }
|
72
|
+
end
|
73
|
+
progressBar.finish if @show_progress_bar
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
def self.define_list_command(c)
|
79
|
+
super(c) do |list|
|
80
|
+
define_time_filter_argument(list)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
end
|
85
|
+
|
86
|
+
end
|
data/lib/dsc/command.rb
ADDED
@@ -0,0 +1,184 @@
|
|
1
|
+
require "progressbar"
|
2
|
+
require "csv"
|
3
|
+
|
4
|
+
module Dsc
|
5
|
+
|
6
|
+
class Command
|
7
|
+
|
8
|
+
def self.transport_class
|
9
|
+
nil
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.transport_class_name
|
13
|
+
class_name = transport_class.name.split('::').last || ''
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.transport_class_string
|
17
|
+
transport_class_name.split(/(?=[A-Z])/).join(" ")
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.command_symbol
|
21
|
+
transport_class_name.split(/(?=[A-Z])/).join("_").downcase.to_sym
|
22
|
+
end
|
23
|
+
|
24
|
+
def self.schema
|
25
|
+
transport_class.mappings
|
26
|
+
end
|
27
|
+
|
28
|
+
def initialize(global_options)
|
29
|
+
@hostname = global_options[:m]
|
30
|
+
@port = global_options[:port].to_i
|
31
|
+
@tenant = global_options[:t]
|
32
|
+
@username =global_options[:u]
|
33
|
+
@password = global_options[:p]
|
34
|
+
@show_progress_bar = global_options[:P]
|
35
|
+
@debug_level = debug_level_from_option(global_options[:d])
|
36
|
+
@output = global_options[:o]
|
37
|
+
end
|
38
|
+
|
39
|
+
def self.valid_debug_levels
|
40
|
+
DeepSecurity::LOG_MAPPING.keys
|
41
|
+
end
|
42
|
+
|
43
|
+
def self.valid_debug_levels_string
|
44
|
+
valid_debug_levels.join(", ")
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.default_fields
|
48
|
+
[]
|
49
|
+
end
|
50
|
+
|
51
|
+
def self.default_fields_string
|
52
|
+
default_fields.join(",")
|
53
|
+
end
|
54
|
+
|
55
|
+
def self.valid_fields
|
56
|
+
transport_class.defined_attributes.sort
|
57
|
+
end
|
58
|
+
|
59
|
+
def self.valid_fields_string
|
60
|
+
valid_fields.join(", ")
|
61
|
+
end
|
62
|
+
|
63
|
+
def parse_fields(string)
|
64
|
+
fields = string.split(",").map(&:strip)
|
65
|
+
unknown_fields = fields.reject { |each| self.class.transport_class.has_attribute_chain(each) }
|
66
|
+
raise "Unknown field found (#{unknown_fields.join(', ')}) - known fields are: #{self.class.valid_fields.join(', ')}" unless unknown_fields.empty?
|
67
|
+
fields
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.valid_time_filters
|
71
|
+
{
|
72
|
+
:last_hour => DeepSecurity::TimeFilter.last_hour,
|
73
|
+
:last_24_hours => DeepSecurity::TimeFilter.last_24_hours,
|
74
|
+
:last_7_days => DeepSecurity::TimeFilter.last_7_days,
|
75
|
+
:last_day => DeepSecurity::TimeFilter.last_day
|
76
|
+
}
|
77
|
+
end
|
78
|
+
|
79
|
+
def self.valid_time_filters_string
|
80
|
+
valid_time_filters.keys.join(', ')
|
81
|
+
end
|
82
|
+
|
83
|
+
def parse_time_filter(string)
|
84
|
+
filter = self.class.valid_time_filters[string.to_sym]
|
85
|
+
raise "Unknown time filter" if filter.nil?
|
86
|
+
filter
|
87
|
+
end
|
88
|
+
|
89
|
+
|
90
|
+
def debug_level_from_option(option)
|
91
|
+
return nil if option.blank?
|
92
|
+
return option.to_sym if (DeepSecurity::LOG_MAPPING.keys.include?(option.to_sym))
|
93
|
+
:debug
|
94
|
+
end
|
95
|
+
|
96
|
+
def output
|
97
|
+
unless @output == '--'
|
98
|
+
output = File.open(option, 'w')
|
99
|
+
else
|
100
|
+
output = STDOUT
|
101
|
+
end
|
102
|
+
yield output
|
103
|
+
output.close() unless @output == '--'
|
104
|
+
end
|
105
|
+
|
106
|
+
def connect
|
107
|
+
yield DeepSecurity::Manager.server(@hostname, @port, @debug_level)
|
108
|
+
end
|
109
|
+
|
110
|
+
def authenticate
|
111
|
+
connect do |dsm|
|
112
|
+
begin
|
113
|
+
dsm.connect(@tenant, @username, @password)
|
114
|
+
yield dsm
|
115
|
+
rescue DeepSecurity::AuthenticationFailedException => e
|
116
|
+
puts "Authentication failed! #{e.message}"
|
117
|
+
ensure
|
118
|
+
dsm.disconnect()
|
119
|
+
end
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
|
124
|
+
def print_api_version(options, args)
|
125
|
+
output do |output|
|
126
|
+
authenticate do |dsm|
|
127
|
+
output.puts dsm.api_version()
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
def print_manager_time(options, args)
|
133
|
+
output do |output|
|
134
|
+
authenticate do |dsm|
|
135
|
+
output.puts dsm.manager_time()
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
140
|
+
def print_schema(options, args)
|
141
|
+
output do |output|
|
142
|
+
schema = self.class.schema()
|
143
|
+
schema.keys.sort.each do |key|
|
144
|
+
output.puts "#{key} (#{schema[key].type_string}): #{schema[key].description}"
|
145
|
+
end
|
146
|
+
end
|
147
|
+
end
|
148
|
+
|
149
|
+
def self.define_list_command(command)
|
150
|
+
command.desc "List #{self.transport_class_string}s"
|
151
|
+
command.command :list do |list|
|
152
|
+
define_fields_argument(list)
|
153
|
+
yield list if block_given?
|
154
|
+
list.action do |global_options, options, args|
|
155
|
+
self.new(global_options).list(options, args)
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
159
|
+
|
160
|
+
def self.define_schema_command(command)
|
161
|
+
command.desc "Show #{self.transport_class_string} schema"
|
162
|
+
command.command :schema do |schema|
|
163
|
+
yield schema if block_given?
|
164
|
+
schema.action do |global_options, options, args|
|
165
|
+
self.new(global_options).print_schema(options, args)
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
def self.define_time_filter_argument(command)
|
171
|
+
command.desc "A filter specifying the time interval to query (One of #{self.valid_time_filters_string})"
|
172
|
+
command.default_value "last_day"
|
173
|
+
command.flag [:time_filter]
|
174
|
+
end
|
175
|
+
|
176
|
+
def self.define_fields_argument(command)
|
177
|
+
command.desc "A comma separated list of fields to display. (Available fields: #{self.valid_fields_string})"
|
178
|
+
command.default_value self.default_fields_string
|
179
|
+
command.flag [:fields]
|
180
|
+
end
|
181
|
+
|
182
|
+
end
|
183
|
+
|
184
|
+
end
|
data/lib/dsc/helper.rb
CHANGED
@@ -1,48 +1,6 @@
|
|
1
1
|
module Dsc
|
2
2
|
|
3
3
|
|
4
|
-
def self.output_from_option(option)
|
5
|
-
unless option == '--'
|
6
|
-
output = File.open(option, 'w')
|
7
|
-
else
|
8
|
-
output = STDOUT
|
9
|
-
end
|
10
4
|
|
11
|
-
yield output
|
12
|
-
|
13
|
-
output.close() unless option == '--'
|
14
|
-
end
|
15
|
-
|
16
|
-
def self.debug_level_from_option(option)
|
17
|
-
return nil if option.blank?
|
18
|
-
return option.to_sym if (DeepSecurity::LOG_MAPPING.keys.include?(option.to_sym))
|
19
|
-
:debug
|
20
|
-
end
|
21
|
-
|
22
|
-
def self.dsm_connect(hostname, port, tenat, username, password, debug)
|
23
|
-
|
24
|
-
begin
|
25
|
-
dsm = DeepSecurity::Manager.server(hostname, port, debug)
|
26
|
-
dsm.connect(tenat, username, password)
|
27
|
-
yield dsm
|
28
|
-
rescue DeepSecurity::AuthenticationFailedException => e
|
29
|
-
puts "Authentication failed! #{e.message}"
|
30
|
-
ensure
|
31
|
-
dsm.disconnect()
|
32
|
-
end
|
33
|
-
|
34
|
-
end
|
35
|
-
|
36
|
-
def self.print_api_version(hostname, port, tenat, username, password, output, debug)
|
37
|
-
dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
38
|
-
output.puts dsm.api_version()
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
def self.print_manager_time(hostname, port, tenat, username, password, output, debug)
|
43
|
-
dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
44
|
-
output.puts dsm.manager_time()
|
45
|
-
end
|
46
|
-
end
|
47
5
|
|
48
6
|
end
|
@@ -1,9 +1,6 @@
|
|
1
|
-
require "progressbar"
|
2
|
-
require "csv"
|
3
|
-
|
4
1
|
module Dsc
|
5
2
|
|
6
|
-
class
|
3
|
+
class HostDetailCommand < Command
|
7
4
|
|
8
5
|
|
9
6
|
def self.transport_class
|
@@ -33,30 +30,30 @@ module Dsc
|
|
33
30
|
:platform,
|
34
31
|
:host_type,
|
35
32
|
# system domain or system group
|
36
|
-
:host_group_id
|
33
|
+
:host_group_id,
|
37
34
|
|
38
35
|
# last/currently logged on account
|
39
36
|
]
|
40
|
-
|
41
|
-
|
42
37
|
end
|
43
38
|
|
44
|
-
def
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
39
|
+
def list(options, args)
|
40
|
+
fields = parse_fields(options[:fields])
|
41
|
+
output do |output|
|
42
|
+
authenticate do |dsm|
|
43
|
+
hostFilter = DeepSecurity::HostFilter.all_hosts
|
44
|
+
progressBar = ProgressBar.new("host_status", 100) if @show_progress_bar
|
45
|
+
hostDetails = DeepSecurity::HostDetail.find_all(hostFilter, :low)
|
46
|
+
progressBar.set(25) if @show_progress_bar
|
47
|
+
csv = CSV.new(output)
|
48
|
+
csv << fields
|
49
|
+
hostDetails.each do |hostDetail|
|
50
|
+
progressBar.inc(75/hostDetails.size) if @show_progress_bar
|
51
|
+
csv << fields.map { |attribute| hostDetail.instance_eval(attribute) }
|
52
|
+
end
|
53
|
+
progressBar.finish if @show_progress_bar
|
55
54
|
end
|
56
|
-
progressBar.finish if progress_bar
|
57
55
|
end
|
58
56
|
end
|
59
|
-
|
60
57
|
end
|
61
58
|
|
62
59
|
end
|
data/lib/dsc.rb
CHANGED
@@ -28,6 +28,10 @@ module SavonHelper
|
|
28
28
|
logger.error { "#{self.class}##{__method__}() not implemented!" }
|
29
29
|
end
|
30
30
|
|
31
|
+
def type_string
|
32
|
+
logger.error { "#{self.class}##{__method__}() not implemented!" }
|
33
|
+
end
|
34
|
+
|
31
35
|
end
|
32
36
|
|
33
37
|
class ArrayMapping < TypeMapping
|
@@ -70,7 +74,11 @@ module SavonHelper
|
|
70
74
|
|
71
75
|
def object_klass
|
72
76
|
@element_mapping.object_klass
|
73
|
-
|
77
|
+
end
|
78
|
+
|
79
|
+
def type_string
|
80
|
+
"Array<#{@element_mapping.type_string}>"
|
81
|
+
end
|
74
82
|
|
75
83
|
end
|
76
84
|
|
@@ -84,6 +92,10 @@ module SavonHelper
|
|
84
92
|
value.to_s
|
85
93
|
end
|
86
94
|
|
95
|
+
def type_string
|
96
|
+
"bool"
|
97
|
+
end
|
98
|
+
|
87
99
|
end
|
88
100
|
|
89
101
|
class DatetimeMapping < TypeMapping
|
@@ -96,6 +108,10 @@ module SavonHelper
|
|
96
108
|
value.to_datetime.to_s
|
97
109
|
end
|
98
110
|
|
111
|
+
def type_string
|
112
|
+
"datetime"
|
113
|
+
end
|
114
|
+
|
99
115
|
end
|
100
116
|
|
101
117
|
class EnumMapping < TypeMapping
|
@@ -113,6 +129,10 @@ module SavonHelper
|
|
113
129
|
@enum.key(value)
|
114
130
|
end
|
115
131
|
|
132
|
+
def type_string
|
133
|
+
"enum"
|
134
|
+
end
|
135
|
+
|
116
136
|
end
|
117
137
|
|
118
138
|
class FloatMapping < TypeMapping
|
@@ -125,6 +145,10 @@ module SavonHelper
|
|
125
145
|
value.to_s
|
126
146
|
end
|
127
147
|
|
148
|
+
def type_string
|
149
|
+
"float"
|
150
|
+
end
|
151
|
+
|
128
152
|
end
|
129
153
|
|
130
154
|
class IntegerMapping < TypeMapping
|
@@ -137,6 +161,9 @@ module SavonHelper
|
|
137
161
|
value.to_s
|
138
162
|
end
|
139
163
|
|
164
|
+
def type_string
|
165
|
+
"int"
|
166
|
+
end
|
140
167
|
end
|
141
168
|
|
142
169
|
class IPAddressMapping < TypeMapping
|
@@ -149,6 +176,10 @@ module SavonHelper
|
|
149
176
|
value.to_s
|
150
177
|
end
|
151
178
|
|
179
|
+
def type_string
|
180
|
+
"IPAddress"
|
181
|
+
end
|
182
|
+
|
152
183
|
end
|
153
184
|
|
154
185
|
class ObjectMapping < TypeMapping
|
@@ -166,6 +197,10 @@ module SavonHelper
|
|
166
197
|
@klass
|
167
198
|
end
|
168
199
|
|
200
|
+
def type_string
|
201
|
+
"#{@klass}"
|
202
|
+
end
|
203
|
+
|
169
204
|
end
|
170
205
|
|
171
206
|
class StringMapping < TypeMapping
|
@@ -182,6 +217,10 @@ module SavonHelper
|
|
182
217
|
String
|
183
218
|
end
|
184
219
|
|
220
|
+
def type_string
|
221
|
+
"String"
|
222
|
+
end
|
223
|
+
|
185
224
|
end
|
186
225
|
|
187
226
|
class MissingMapping < TypeMapping
|
@@ -194,6 +233,10 @@ module SavonHelper
|
|
194
233
|
value
|
195
234
|
end
|
196
235
|
|
236
|
+
def type_string
|
237
|
+
"MISSING"
|
238
|
+
end
|
239
|
+
|
197
240
|
end
|
198
241
|
|
199
242
|
class HintMapping < TypeMapping
|
@@ -207,6 +250,10 @@ module SavonHelper
|
|
207
250
|
@klass
|
208
251
|
end
|
209
252
|
|
253
|
+
def type_string
|
254
|
+
"HINT"
|
255
|
+
end
|
256
|
+
|
210
257
|
end
|
211
258
|
|
212
259
|
def self.define_missing_type_mapping(klass, ivar_name, value, mappings)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: deepsecurity
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.16
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,10 +9,10 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-03-
|
12
|
+
date: 2013-03-13 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
|
-
name:
|
15
|
+
name: savon
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
@@ -28,7 +28,7 @@ dependencies:
|
|
28
28
|
- !ruby/object:Gem::Version
|
29
29
|
version: '0'
|
30
30
|
- !ruby/object:Gem::Dependency
|
31
|
-
name:
|
31
|
+
name: ruby-cache
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|
33
33
|
none: false
|
34
34
|
requirements:
|
@@ -44,7 +44,7 @@ dependencies:
|
|
44
44
|
- !ruby/object:Gem::Version
|
45
45
|
version: '0'
|
46
46
|
- !ruby/object:Gem::Dependency
|
47
|
-
name:
|
47
|
+
name: gli
|
48
48
|
requirement: !ruby/object:Gem::Requirement
|
49
49
|
none: false
|
50
50
|
requirements:
|
@@ -60,7 +60,7 @@ dependencies:
|
|
60
60
|
- !ruby/object:Gem::Version
|
61
61
|
version: '0'
|
62
62
|
- !ruby/object:Gem::Dependency
|
63
|
-
name:
|
63
|
+
name: progressbar
|
64
64
|
requirement: !ruby/object:Gem::Requirement
|
65
65
|
none: false
|
66
66
|
requirements:
|
@@ -76,7 +76,7 @@ dependencies:
|
|
76
76
|
- !ruby/object:Gem::Version
|
77
77
|
version: '0'
|
78
78
|
- !ruby/object:Gem::Dependency
|
79
|
-
name:
|
79
|
+
name: json
|
80
80
|
requirement: !ruby/object:Gem::Requirement
|
81
81
|
none: false
|
82
82
|
requirements:
|
@@ -92,14 +92,46 @@ dependencies:
|
|
92
92
|
- !ruby/object:Gem::Version
|
93
93
|
version: '0'
|
94
94
|
- !ruby/object:Gem::Dependency
|
95
|
-
name:
|
95
|
+
name: yard
|
96
96
|
requirement: !ruby/object:Gem::Requirement
|
97
97
|
none: false
|
98
98
|
requirements:
|
99
99
|
- - ! '>='
|
100
100
|
- !ruby/object:Gem::Version
|
101
101
|
version: '0'
|
102
|
-
type: :
|
102
|
+
type: :development
|
103
|
+
prerelease: false
|
104
|
+
version_requirements: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>='
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: '0'
|
110
|
+
- !ruby/object:Gem::Dependency
|
111
|
+
name: redcarpet
|
112
|
+
requirement: !ruby/object:Gem::Requirement
|
113
|
+
none: false
|
114
|
+
requirements:
|
115
|
+
- - ! '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
none: false
|
122
|
+
requirements:
|
123
|
+
- - ! '>='
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
126
|
+
- !ruby/object:Gem::Dependency
|
127
|
+
name: github-markup
|
128
|
+
requirement: !ruby/object:Gem::Requirement
|
129
|
+
none: false
|
130
|
+
requirements:
|
131
|
+
- - ! '>='
|
132
|
+
- !ruby/object:Gem::Version
|
133
|
+
version: '0'
|
134
|
+
type: :development
|
103
135
|
prerelease: false
|
104
136
|
version_requirements: !ruby/object:Gem::Requirement
|
105
137
|
none: false
|
@@ -149,10 +181,10 @@ files:
|
|
149
181
|
- lib/deepsecurity/transport_objects/time_filter.rb
|
150
182
|
- lib/deepsecurity/version.rb
|
151
183
|
- lib/dsc.rb
|
152
|
-
- lib/dsc/
|
153
|
-
- lib/dsc/
|
184
|
+
- lib/dsc/anti_malware_event_command.rb
|
185
|
+
- lib/dsc/command.rb
|
154
186
|
- lib/dsc/helper.rb
|
155
|
-
- lib/dsc/
|
187
|
+
- lib/dsc/host_detail_command.rb
|
156
188
|
- lib/dsc_version.rb
|
157
189
|
- lib/savon_helper.rb
|
158
190
|
- lib/savon_helper/caching_object.rb
|
@@ -1,101 +0,0 @@
|
|
1
|
-
require "progressbar"
|
2
|
-
require "csv"
|
3
|
-
|
4
|
-
module Dsc
|
5
|
-
|
6
|
-
class AntiMalwareEvent < DscObject
|
7
|
-
|
8
|
-
|
9
|
-
def self.transport_class
|
10
|
-
DeepSecurity::AntiMalwareEvent
|
11
|
-
end
|
12
|
-
|
13
|
-
def self.default_fields
|
14
|
-
[
|
15
|
-
# DNS name of system
|
16
|
-
:"host.name",
|
17
|
-
|
18
|
-
|
19
|
-
# fully qualified system node
|
20
|
-
:"host.display_name",
|
21
|
-
|
22
|
-
# signature / pattern version used in detection
|
23
|
-
# MISSING
|
24
|
-
|
25
|
-
# datetime the event was generated and/or received OS version
|
26
|
-
:log_date,
|
27
|
-
:start_time,
|
28
|
-
:end_time,
|
29
|
-
|
30
|
-
# system domain or system group
|
31
|
-
# MISSING
|
32
|
-
|
33
|
-
# account logged on during detection
|
34
|
-
# MISSING
|
35
|
-
|
36
|
-
# action taken
|
37
|
-
:scan_action1,
|
38
|
-
:scan_action2,
|
39
|
-
:summary_scan_result,
|
40
|
-
|
41
|
-
# result of action taken
|
42
|
-
:scan_result_action1,
|
43
|
-
:scan_result_action2,
|
44
|
-
# :spyware_items,
|
45
|
-
# :"spyware_items.to_json",
|
46
|
-
|
47
|
-
# name of malware/detection
|
48
|
-
:malware_name,
|
49
|
-
:malware_type,
|
50
|
-
|
51
|
-
# source/path/filename/object of detection
|
52
|
-
:infected_file_path,
|
53
|
-
:infection_source
|
54
|
-
|
55
|
-
]
|
56
|
-
end
|
57
|
-
|
58
|
-
def self.list(hostname, port, tenat, username, password, host_filter, time_filter, fields, output, progress_bar, debug)
|
59
|
-
Dsc.dsm_connect(hostname, port, tenat, username, password, debug) do |dsm|
|
60
|
-
|
61
|
-
progressBar = ProgressBar.new("anti_malware_event", 100) if progress_bar
|
62
|
-
|
63
|
-
DeepSecurity::Host.all # Make sure that hosts are cached
|
64
|
-
progressBar.set(10) if progress_bar
|
65
|
-
|
66
|
-
hostFilter = DeepSecurity::HostFilter.all_hosts
|
67
|
-
eventIdFilter = DeepSecurity::IDFilter.greater_than(0)
|
68
|
-
|
69
|
-
|
70
|
-
anti_malware_events = DeepSecurity::AntiMalwareEvent.find_all(time_filter, hostFilter, eventIdFilter)
|
71
|
-
progressBar.set(25) if progress_bar
|
72
|
-
csv = CSV.new(output)
|
73
|
-
csv << fields
|
74
|
-
anti_malware_events.each do |anti_malware_event|
|
75
|
-
progressBar.inc(75/anti_malware_events.size) if progress_bar
|
76
|
-
|
77
|
-
csv << fields.map { |attribute| anti_malware_event.instance_eval(attribute) }
|
78
|
-
end
|
79
|
-
progressBar.finish if progress_bar
|
80
|
-
end
|
81
|
-
|
82
|
-
end
|
83
|
-
|
84
|
-
def self.parse_time_filter(string)
|
85
|
-
filter = valid_time_filters[string.to_sym]
|
86
|
-
raise "Unknown time filter" if filter.nil?
|
87
|
-
filter
|
88
|
-
end
|
89
|
-
|
90
|
-
def self.valid_time_filters
|
91
|
-
{
|
92
|
-
:last_hour => DeepSecurity::TimeFilter.last_hour,
|
93
|
-
:last_24_hours => DeepSecurity::TimeFilter.last_24_hours,
|
94
|
-
:last_7_days => DeepSecurity::TimeFilter.last_7_days,
|
95
|
-
:last_day => DeepSecurity::TimeFilter.last_day
|
96
|
-
}
|
97
|
-
end
|
98
|
-
|
99
|
-
end
|
100
|
-
|
101
|
-
end
|
data/lib/dsc/dsc_object.rb
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
module Dsc
|
2
|
-
|
3
|
-
class DscObject
|
4
|
-
|
5
|
-
|
6
|
-
def self.transport_class
|
7
|
-
raise "Subclass responsibility!"
|
8
|
-
end
|
9
|
-
|
10
|
-
def self.default_fields
|
11
|
-
[]
|
12
|
-
end
|
13
|
-
|
14
|
-
def self.default_fields_string
|
15
|
-
default_fields.join(",")
|
16
|
-
end
|
17
|
-
|
18
|
-
def self.schema
|
19
|
-
result ={}
|
20
|
-
transport_class.mappings.each { |key, value| result[key] = value.description }
|
21
|
-
result
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.print_schema(output)
|
25
|
-
schema = self.schema()
|
26
|
-
schema.keys.sort.each do |key|
|
27
|
-
output.puts "#{key}: #{schema[key]}"
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
def self.fields_from_string(string)
|
32
|
-
fields = string.split(",").map(&:strip)
|
33
|
-
unknown_fields = fields.reject { |each| transport_class.has_attribute_chain(each) }
|
34
|
-
raise "Unknown field found (#{unknown_fields.join(', ')}) - known fields are: #{transport_class.defined_attributes.sort.join(', ')}" unless unknown_fields.empty?
|
35
|
-
fields
|
36
|
-
end
|
37
|
-
|
38
|
-
|
39
|
-
end
|
40
|
-
|
41
|
-
end
|