deepsecurity 0.0.18 → 0.0.19
Sign up to get free protection for your applications and to get access to all the features.
- data/.yardopts +1 -0
- data/CHANGELOG.md +7 -0
- data/README.md +3 -2
- data/dsc.md +157 -0
- data/lib/deepsecurity/transport_objects/anti_malware_event.rb +1 -1
- data/lib/deepsecurity/transport_objects/host.rb +10 -1
- data/lib/deepsecurity/transport_objects/host_detail.rb +11 -1
- data/lib/deepsecurity/transport_objects/host_filter.rb +20 -0
- data/lib/deepsecurity/transport_objects/host_group.rb +90 -12
- data/lib/deepsecurity/transport_objects/id_filter.rb +18 -2
- data/lib/deepsecurity/transport_objects/time_filter.rb +31 -7
- data/lib/deepsecurity/version.rb +1 -1
- data/lib/dsc/anti_malware_event_command.rb +7 -1
- data/lib/dsc/host_detail_command.rb +8 -2
- data/lib/savon_helper/mapping_object.rb +7 -7
- data/lib/savon_helper/type_mappings.rb +65 -16
- metadata +4 -2
data/.yardopts
CHANGED
data/CHANGELOG.md
ADDED
data/README.md
CHANGED
data/dsc.md
ADDED
@@ -0,0 +1,157 @@
|
|
1
|
+
# dsc
|
2
|
+
|
3
|
+
`dsc` (Deep Security Client) is a command line client for Trend Micro's Deep Security product.
|
4
|
+
In its current version it allows you to query a Deep Security Manager for Host Status and Malware Event information.
|
5
|
+
|
6
|
+
## SYNOPSIS
|
7
|
+
dsc [global options] command [command options] [arguments...]
|
8
|
+
|
9
|
+
### GLOBAL OPTIONS
|
10
|
+
-P - Show progressbar
|
11
|
+
-d, --debug=debug - Enable client debug output. (One of debug, info, warn, error, fatal) (default: none)
|
12
|
+
--help - Show this message
|
13
|
+
-m, --manager=hostname - Deep Security Manager Host (default: none)
|
14
|
+
-o, --outfile=arg - Output filename (default: --)
|
15
|
+
-p, --password=password - Password (default: none)
|
16
|
+
--port=port - Webservice Port (default: 4119)
|
17
|
+
-t, --tenant=tenat - Tenat Name (default: )
|
18
|
+
-u, --username=username - Username (default: MasterAdmin)
|
19
|
+
--version -
|
20
|
+
|
21
|
+
## COMMANDS
|
22
|
+
|
23
|
+
Most commands provide multiple subcommands. The most usefull are:
|
24
|
+
|
25
|
+
* `schema`
|
26
|
+
* `list`
|
27
|
+
|
28
|
+
|
29
|
+
### SUBCOMMANDS
|
30
|
+
|
31
|
+
#### `schema`
|
32
|
+
|
33
|
+
The `schema` subcommand displays a list of all known attributes with types and descriptions for the given command. E.g.:
|
34
|
+
|
35
|
+
$ dsc host_detail schema
|
36
|
+
anti_malware_classic_pattern_version (String): Current version of the classic Anti-Malware pattern
|
37
|
+
anti_malware_engine_version (String): Current version of the Anti-Malware engine
|
38
|
+
anti_malware_intelli_trap_exception_version (String): Current version of the IntelliTrap exception pattern
|
39
|
+
anti_malware_intelli_trap_version (String): Current version of the IntelliTrap pattern
|
40
|
+
anti_malware_smart_scan_pattern_version (String): Current version of the Smart Scan pattern
|
41
|
+
anti_malware_spyware_pattern_version (String): Current version of the Spyware pattern
|
42
|
+
[...]
|
43
|
+
security_profile_id (int): Assigned SecurityProfileTransport ID
|
44
|
+
security_profile_name (String): Name of the security profile assigned to the computer
|
45
|
+
virtual_name (String): Internal virtual name (only populated if this is a computer provisioned through vCenter)
|
46
|
+
virtual_uuid (String): Internal virtual UUID (only populated if this is a computer provisioned through vCenter)
|
47
|
+
|
48
|
+
These fields can be used in manual `--fields` definitions.
|
49
|
+
|
50
|
+
#### list
|
51
|
+
|
52
|
+
The `list` subcommand displays a list of entries for the given command - optionally filtered by additional filters.
|
53
|
+
|
54
|
+
### `host_detail list`
|
55
|
+
|
56
|
+
The `host_detail list` command dislays a list of host details.
|
57
|
+
|
58
|
+
NAME
|
59
|
+
list - List Host Details
|
60
|
+
|
61
|
+
SYNOPSIS
|
62
|
+
dsc [global options] host_detail list [command options]
|
63
|
+
|
64
|
+
COMMAND OPTIONS
|
65
|
+
--fields=arg - A comma separated list of fields to display. (Available fields: anti_malware_classic_pattern_version, anti_malware_engine_version, anti_malware_intelli_trap_exception_version, anti_malware_intelli_trap_version,
|
66
|
+
anti_malware_smart_scan_pattern_version, anti_malware_spyware_pattern_version, cloud_object_image_id, cloud_object_instance_id, cloud_object_internal_unique_id, cloud_object_security_group_ids, cloud_object_type,
|
67
|
+
component_klasses, component_names, component_types, component_versions, description, display_name, external, external_id, host_group_id, host_group_name, host_interfaces, host_light, host_type, id,
|
68
|
+
last_anit_malware_scheduled_scan, last_anti_malware_event, last_anti_malware_manual_scan, last_dpi_event, last_firewall_event, last_integrity_monitoring_event, last_ip_used, last_log_inspection_event,
|
69
|
+
last_web_reputation_event, light, locked, name, overall_anti_malware_status, overall_dpi_status, overall_firewall_status, overall_integrity_monitoring_status, overall_last_recommendation_scan,
|
70
|
+
overall_last_successful_communication, overall_last_successful_update, overall_last_update_required, overall_log_inspection_status, overall_status, overall_version, overall_web_reputation_status, platform,
|
71
|
+
security_profile_id, security_profile_name, virtual_name, virtual_uuid) (default:
|
72
|
+
name,display_name,anti_malware_classic_pattern_version,anti_malware_engine_version,anti_malware_intelli_trap_exception_version,anti_malware_intelli_trap_version,anti_malware_smart_scan_pattern_version,anti_malware_spyware_pattern_version,overall_last_successful_communication,platform,host_type,host_group_id)
|
73
|
+
|
74
|
+
If you don't specify an explicit list of fields, the following fields are used by default:
|
75
|
+
|
76
|
+
* name
|
77
|
+
* display_name
|
78
|
+
* anti_malware_classic_pattern_version
|
79
|
+
* anti_malware_engine_version
|
80
|
+
* anti_malware_intelli_trap_exception_version
|
81
|
+
* anti_malware_intelli_trap_version
|
82
|
+
* anti_malware_smart_scan_pattern_version
|
83
|
+
* anti_malware_spyware_pattern_version
|
84
|
+
* overall_last_successful_communication
|
85
|
+
* platform
|
86
|
+
* host_type
|
87
|
+
* host_group_id
|
88
|
+
|
89
|
+
### `anti_malware_event list`
|
90
|
+
|
91
|
+
The `anti_malware_event list`command displays a list of AntiMalware events.
|
92
|
+
|
93
|
+
NAME
|
94
|
+
list - List Anti Malware Events
|
95
|
+
|
96
|
+
SYNOPSIS
|
97
|
+
dsc [global options] anti_malware_event list [command options]
|
98
|
+
|
99
|
+
COMMAND OPTIONS
|
100
|
+
--fields=arg - A comma separated list of fields to display. (Available fields: anti_malware_config_id, anti_malware_event_id, end_time, error_code, host, host_id, infected_file_path, infection_source, log_date, malware_name,
|
101
|
+
malware_type, protocol, quarantine_record_id, scan_action1, scan_action2, scan_result_action1, scan_result_action2, scan_type, spyware_items, start_time, summary_scan_result, tags) (default:
|
102
|
+
host.name,host.display_name,log_date,start_time,end_time,scan_action1,scan_action2,summary_scan_result,scan_result_action1,scan_result_action2,malware_name,malware_type,infected_file_path,infection_source)
|
103
|
+
--time_filter=arg - A filter specifying the time interval to query (One of last_hour, last_24_hours, last_7_days, last_day) (default: last_day)
|
104
|
+
|
105
|
+
If you don't specify an explicit list of fields, the following fields are used by default:
|
106
|
+
|
107
|
+
* host.name
|
108
|
+
* host.display_name
|
109
|
+
* log_date
|
110
|
+
* start_time
|
111
|
+
* end_time
|
112
|
+
* scan_action1
|
113
|
+
* scan_action2
|
114
|
+
* summary_scan_result
|
115
|
+
* scan_result_action1
|
116
|
+
* scan_result_action2
|
117
|
+
* malware_name
|
118
|
+
* malware_type
|
119
|
+
* infected_file_path
|
120
|
+
* infection_source
|
121
|
+
|
122
|
+
Please note that if you don't specify a time filter all events of the previous day (00:00:00UTC-23:59:59UTC).
|
123
|
+
|
124
|
+
|
125
|
+
## COMMAND OPTIONS
|
126
|
+
|
127
|
+
### FIELDS
|
128
|
+
|
129
|
+
The `--fields` option takes a list of comma-separated values of fields to display. You can check available fields usind the `schema` subcommand.
|
130
|
+
You can also get further output by separating method calls with a dot `.`. E.g.: If the field itself is called `host_name` you can also
|
131
|
+
specify `host_name.size` which would call the `size()` method returning the length of the String.
|
132
|
+
|
133
|
+
### TIME FILTER
|
134
|
+
|
135
|
+
The `--time_filter` option allows you to specify the time to be queried. One of
|
136
|
+
|
137
|
+
* last_hour
|
138
|
+
* last_24_hours
|
139
|
+
* last_7_days
|
140
|
+
* last_day
|
141
|
+
|
142
|
+
Please note the difference between `last_24_hours` and `last_day`. `last_24_hours` returns events from the current time yesterday to now.
|
143
|
+
`last_day` returns events from yesterday 00:00:00UTC to 23:59:59UTC.
|
144
|
+
|
145
|
+
# TIPS & TRICKS
|
146
|
+
|
147
|
+
## DEFINE ROLE/USER FOR SOAP ACCESS
|
148
|
+
|
149
|
+
TODO
|
150
|
+
|
151
|
+
## UNLOCK A LOCKED ACCOUNT
|
152
|
+
|
153
|
+
[How to unlock a username that has been locked out](http://esupport.trendmicro.com/solution/en-us/1055084.aspx)
|
154
|
+
|
155
|
+
|
156
|
+
|
157
|
+
|
@@ -33,6 +33,10 @@ module DeepSecurity
|
|
33
33
|
attr_integer_accessor :security_profile_id,
|
34
34
|
'Assigned SecurityProfileTransport ID'
|
35
35
|
|
36
|
+
hint_object_accessor :host_group,
|
37
|
+
HostGroup,
|
38
|
+
'The host group this host belongs to'
|
39
|
+
|
36
40
|
cache_by_aspect :id, :name
|
37
41
|
|
38
42
|
# @!group High-Level Screenscraping Wrapper
|
@@ -84,7 +88,7 @@ module DeepSecurity
|
|
84
88
|
# Retrieves a Host by ID.
|
85
89
|
# @param [Integer] id Host ID
|
86
90
|
# @return [Host]
|
87
|
-
def self.
|
91
|
+
def self.find(id)
|
88
92
|
dsm.hostRetrieve(id)
|
89
93
|
end
|
90
94
|
|
@@ -94,6 +98,11 @@ module DeepSecurity
|
|
94
98
|
def self.find_by_name(hostname)
|
95
99
|
dsm.hostRetrieveByName(hostname)
|
96
100
|
end
|
101
|
+
|
102
|
+
def host_group
|
103
|
+
HostGroup.find(host_group_id)
|
104
|
+
end
|
105
|
+
|
97
106
|
#@!endgroup
|
98
107
|
end
|
99
108
|
|
@@ -24,6 +24,11 @@ module DeepSecurity
|
|
24
24
|
'Computer platform'
|
25
25
|
attr_integer_accessor :security_profile_id,
|
26
26
|
'Assigned SecurityProfileTransport ID'
|
27
|
+
|
28
|
+
hint_object_accessor :host_group,
|
29
|
+
HostGroup,
|
30
|
+
'The host group this host belongs to'
|
31
|
+
|
27
32
|
# ABOVE is duplicates from Host!
|
28
33
|
|
29
34
|
attr_string_accessor :anti_malware_classic_pattern_version,
|
@@ -119,7 +124,7 @@ module DeepSecurity
|
|
119
124
|
array_object_accessor :host_interfaces,
|
120
125
|
HostInterface
|
121
126
|
|
122
|
-
|
127
|
+
cache_by_aspect :id, :name
|
123
128
|
|
124
129
|
# @!group High-Level SOAP Wrapper
|
125
130
|
|
@@ -131,6 +136,11 @@ module DeepSecurity
|
|
131
136
|
dsm.hostDetailRetrieve(host_filter, detail_level)
|
132
137
|
end
|
133
138
|
|
139
|
+
def host_group
|
140
|
+
return nil if host_group_id.nil?
|
141
|
+
HostGroup.find(host_group_id)
|
142
|
+
end
|
143
|
+
|
134
144
|
# @!endgroup
|
135
145
|
|
136
146
|
end
|
@@ -17,12 +17,19 @@ module DeepSecurity
|
|
17
17
|
EnumHostFilterType,
|
18
18
|
"EnumHostFilterType to filter computers by"
|
19
19
|
|
20
|
+
# @!group High-Level SOAP Wrapper
|
21
|
+
|
22
|
+
# Return a new instance for all hosts.
|
23
|
+
# @return [HostFilter]
|
20
24
|
def self.all_hosts
|
21
25
|
instance = self.new()
|
22
26
|
instance.type = :all_hosts
|
23
27
|
instance
|
24
28
|
end
|
25
29
|
|
30
|
+
# Return a new instance for hosts in the group defined by the given host_group_id.
|
31
|
+
# @param [Integer] host_group_id
|
32
|
+
# @return [HostFilter]
|
26
33
|
def self.hosts_in_group(host_group_id)
|
27
34
|
instance = self.new()
|
28
35
|
instance.type = :hosts_in_group
|
@@ -30,6 +37,9 @@ module DeepSecurity
|
|
30
37
|
instance
|
31
38
|
end
|
32
39
|
|
40
|
+
# Return a new instance for hosts in the security profile defined by the given security_profile_id.
|
41
|
+
# @param [Integer] security_profile_id
|
42
|
+
# @return [HostFilter]
|
33
43
|
def self.hosts_using_security_profile(security_profile_id)
|
34
44
|
instance = self.new()
|
35
45
|
instance.type = :hosts_using_security_profile
|
@@ -37,6 +47,9 @@ module DeepSecurity
|
|
37
47
|
instance
|
38
48
|
end
|
39
49
|
|
50
|
+
# Return a new instance for hosts in the group and their subgroups defined by the given host_group_id.
|
51
|
+
# @param [Integer] host_group_id
|
52
|
+
# @return [HostFilter]
|
40
53
|
def self.hosts_in_group_and_all_subgroups(host_group_id)
|
41
54
|
instance = self.new()
|
42
55
|
instance.type = :hosts_in_group_and_all_subgroups
|
@@ -44,6 +57,9 @@ module DeepSecurity
|
|
44
57
|
instance
|
45
58
|
end
|
46
59
|
|
60
|
+
# Return a new instance for hosts defined by the given host_id.
|
61
|
+
# @param [Integer] host_id
|
62
|
+
# @return [HostFilter]
|
47
63
|
def self.specific_host(host_id)
|
48
64
|
instance = self.new()
|
49
65
|
instance.type = :specific_host
|
@@ -51,12 +67,16 @@ module DeepSecurity
|
|
51
67
|
instance
|
52
68
|
end
|
53
69
|
|
70
|
+
# Return a new instance for "my" hosts.
|
71
|
+
# @return [HostFilter]
|
54
72
|
def self.my_hosts
|
55
73
|
instance = self.new()
|
56
74
|
instance.type = :my_hosts
|
57
75
|
instance
|
58
76
|
end
|
59
77
|
|
78
|
+
# @!endgroup
|
79
|
+
|
60
80
|
end
|
61
81
|
|
62
82
|
end
|
@@ -1,41 +1,119 @@
|
|
1
1
|
module DeepSecurity
|
2
2
|
|
3
|
+
# Represents a computer group folder that computers can be assigned to for organizational purposes.
|
3
4
|
class HostGroup < TransportObject
|
4
5
|
|
5
|
-
attr_integer_accessor :id
|
6
|
-
|
7
|
-
attr_string_accessor :
|
8
|
-
|
9
|
-
attr_string_accessor :
|
10
|
-
|
6
|
+
attr_integer_accessor :id,
|
7
|
+
"ID"
|
8
|
+
attr_string_accessor :name,
|
9
|
+
"Name"
|
10
|
+
attr_string_accessor :description,
|
11
|
+
"Description"
|
12
|
+
attr_boolean_accessor :external,
|
13
|
+
"Administrative external boolean for integration purposes"
|
14
|
+
attr_string_accessor :external_id,
|
15
|
+
"Administrative external ID for integration purposes"
|
16
|
+
attr_integer_accessor :parent_group_id,
|
17
|
+
"If the group belongs to a parent group, then this ID will be set and used to retrieve the parent group"
|
18
|
+
|
19
|
+
hint_object_accessor :parent_group,
|
20
|
+
HostGroup,
|
21
|
+
'The paren group if existent'
|
22
|
+
|
23
|
+
cache_by_aspect :id, :name
|
24
|
+
|
25
|
+
# @!group High-Level SOAP Wrapper
|
11
26
|
|
12
27
|
def parent_group
|
13
28
|
return nil if @parent_group_id.nil?
|
14
29
|
@dsm.host_group(@parent_group_id)
|
15
30
|
end
|
16
31
|
|
32
|
+
# Retrieves HostGroups.
|
33
|
+
# @return [Array<HostGroup>]
|
34
|
+
def self.all
|
35
|
+
dsm.hostGroupRetrieveAll()
|
36
|
+
end
|
37
|
+
|
38
|
+
# Retrieves a HostGroup by ID.
|
39
|
+
# @param [Integer] id HostGroup ID
|
40
|
+
# @return [HostGroup]
|
41
|
+
def self.find(id)
|
42
|
+
dsm.hostGroupRetrieve(id)
|
43
|
+
end
|
44
|
+
|
45
|
+
# Retrieves a HostGroup by name.
|
46
|
+
# @param [String] hostname hostname
|
47
|
+
# @return [HostGroup]
|
48
|
+
def self.find_by_name(hostname)
|
49
|
+
dsm.hostGroupRetrieveByName(hostname)
|
50
|
+
end
|
51
|
+
#@!endgroup
|
52
|
+
|
17
53
|
end
|
18
54
|
|
19
55
|
class Manager
|
20
56
|
|
21
|
-
|
57
|
+
# @!group Low-Level SOAP Wrapper
|
58
|
+
|
59
|
+
# Retrieves all Host Groups.
|
60
|
+
#
|
61
|
+
# SYNTAX
|
62
|
+
# HostGroupTransport[] hostGroupRetrieveAll(String sID)
|
63
|
+
#
|
64
|
+
# PARAMETERS
|
65
|
+
# sID Authentication session identifier ID.
|
66
|
+
#
|
67
|
+
# RETURNS
|
68
|
+
# HostGroupTransport object array.
|
69
|
+
def hostGroupRetrieveAll(sID = dsm.sID)
|
22
70
|
cache.fetch(HostGroup.cache_key(:all, :all)) do
|
23
|
-
request_array(
|
71
|
+
request_array(:host_group_retrieve_all, HostGroup, nil,
|
72
|
+
:sID => sID)
|
24
73
|
end
|
25
74
|
end
|
26
75
|
|
27
|
-
|
76
|
+
# Retrieves a Host Group by ID.
|
77
|
+
#
|
78
|
+
# SYNTAX
|
79
|
+
# HostGroupTransport hostGroupRetrieve(int ID, String sID)
|
80
|
+
#
|
81
|
+
# PARAMETERS
|
82
|
+
# ID Identifying Host Group ID.
|
83
|
+
# sID Authentication session identifier ID.
|
84
|
+
#
|
85
|
+
# RETURNS
|
86
|
+
# HostGroupTransport object.
|
87
|
+
def hostGroupRetrieve(id, sID = dsm.sID)
|
28
88
|
cache.fetch(HostGroup.cache_key(:id, id)) do
|
29
|
-
request_object(
|
89
|
+
request_object(:host_group_retrieve, HostGroup,
|
90
|
+
:id => id,
|
91
|
+
:sID => sID)
|
30
92
|
end
|
31
93
|
end
|
32
94
|
|
33
|
-
|
95
|
+
|
96
|
+
# Retrieves a Host Group by name.
|
97
|
+
#
|
98
|
+
# SYNTAX
|
99
|
+
# HostGroupTransport hostGroupRetrieveByName(String Name, String sID)
|
100
|
+
#
|
101
|
+
# PARAMETERS
|
102
|
+
# Name Identifying Host Group name.
|
103
|
+
# sID Authentication session identifier ID.
|
104
|
+
#
|
105
|
+
# RETURNS
|
106
|
+
# HostGroupTransport object.
|
107
|
+
def hostGroupRetrieveByName(name, sID = dsm.sID)
|
34
108
|
cache.fetch(HostGroup.cache_key(:name, name)) do
|
35
|
-
request_object(
|
109
|
+
request_object(:host_group_retrieve_by_name, HostGroup,
|
110
|
+
:name => name,
|
111
|
+
:sID => sID)
|
36
112
|
end
|
37
113
|
end
|
38
114
|
|
115
|
+
# @!endgroup
|
116
|
+
|
39
117
|
end
|
40
118
|
|
41
119
|
end
|
@@ -8,9 +8,17 @@ module DeepSecurity
|
|
8
8
|
# uniquely identify which events have already been retrieved. This way retrieval of duplicate events can be avoided.
|
9
9
|
class IDFilter < TransportObject
|
10
10
|
|
11
|
-
attr_integer_accessor :id
|
12
|
-
|
11
|
+
attr_integer_accessor :id,
|
12
|
+
"Event transport objects ID to filter by."
|
13
|
+
attr_enum_accessor :operator,
|
14
|
+
EnumOperator,
|
15
|
+
"EnumOperator to used to apply the id property, e.g., greater than, less than, and equal."
|
13
16
|
|
17
|
+
# @!group High-Level SOAP Wrapper
|
18
|
+
|
19
|
+
# Return a new instance for events with the given event id.
|
20
|
+
# @param [Integer] id
|
21
|
+
# @return [IDFilter]
|
14
22
|
def self.equals(id)
|
15
23
|
instance = self.new()
|
16
24
|
instance.operator = :equals
|
@@ -18,6 +26,9 @@ module DeepSecurity
|
|
18
26
|
instance
|
19
27
|
end
|
20
28
|
|
29
|
+
# Return a new instance for events with event ids less than the given event id.
|
30
|
+
# @param [Integer] id
|
31
|
+
# @return [IDFilter]
|
21
32
|
def self.less_than(id)
|
22
33
|
instance = self.new()
|
23
34
|
instance.operator = :less_than
|
@@ -25,6 +36,9 @@ module DeepSecurity
|
|
25
36
|
instance
|
26
37
|
end
|
27
38
|
|
39
|
+
# Return a new instance for events with event ids greater than the given event id.
|
40
|
+
# @param [Integer] id
|
41
|
+
# @return [IDFilter]
|
28
42
|
def self.greater_than(id)
|
29
43
|
instance = self.new()
|
30
44
|
instance.operator = :greater_than
|
@@ -32,6 +46,8 @@ module DeepSecurity
|
|
32
46
|
instance
|
33
47
|
end
|
34
48
|
|
49
|
+
# @!endgroup
|
50
|
+
|
35
51
|
end
|
36
52
|
|
37
53
|
end
|
@@ -5,40 +5,59 @@ module DeepSecurity
|
|
5
5
|
# be required. If the EnumTimeFilterType SPECIFIC_TIME type is set, then the specifiicTime property will be required.
|
6
6
|
class TimeFilter < TransportObject
|
7
7
|
|
8
|
-
attr_datetime_accessor :rangeFrom
|
9
|
-
|
10
|
-
attr_datetime_accessor :
|
8
|
+
attr_datetime_accessor :rangeFrom,
|
9
|
+
"Time range start to filter computers by."
|
10
|
+
attr_datetime_accessor :rangeTo,
|
11
|
+
"Time range end to filter computers by."
|
12
|
+
attr_datetime_accessor :specificTime,
|
13
|
+
"Specific time to filter computers by."
|
11
14
|
# attr_integer_accessor :host_group_id
|
12
15
|
# attr_integer_accessor :host_id
|
13
16
|
# attr_integer_accessor :security_profile_id
|
14
|
-
attr_enum_accessor :type, EnumTimeFilterType
|
17
|
+
attr_enum_accessor :type, EnumTimeFilterType,
|
18
|
+
"EnumTimeFilterType to filter computers by."
|
15
19
|
|
20
|
+
# @!group High-Level SOAP Wrapper
|
21
|
+
|
22
|
+
# Return a new instance for the last hour.
|
23
|
+
# @return [TimeFilter]
|
16
24
|
def self.last_hour
|
17
25
|
instance = self.new()
|
18
26
|
instance.type = :last_hour
|
19
27
|
instance
|
20
28
|
end
|
21
29
|
|
30
|
+
# Return a new instance for the last 24 hours.
|
31
|
+
# @return [TimeFilter]
|
22
32
|
def self.last_24_hours
|
23
33
|
instance = self.new()
|
24
34
|
instance.type = :last_24_hours
|
25
35
|
instance
|
26
36
|
end
|
27
37
|
|
38
|
+
|
39
|
+
# Return a new instance for the last 7 days.
|
40
|
+
# @return [TimeFilter]
|
28
41
|
def self.last_7_days
|
29
42
|
instance = self.new()
|
30
43
|
instance.type = :last_7_days
|
31
44
|
instance
|
32
45
|
end
|
33
46
|
|
34
|
-
|
47
|
+
# Return a new instance for the given datetime range.
|
48
|
+
# @param [Range] datetime_range A range of two datetimes
|
49
|
+
# @return [TimeFilter]
|
50
|
+
def self.custom_range(datetime_range)
|
35
51
|
instance = self.new()
|
36
52
|
instance.type = :custom_range
|
37
|
-
instance.rangeFrom =
|
38
|
-
instance.rangeTo =
|
53
|
+
instance.rangeFrom = datetime_range.first
|
54
|
+
instance.rangeTo = datetime_range.last
|
39
55
|
instance
|
40
56
|
end
|
41
57
|
|
58
|
+
# Return a new instance for the given datetime.
|
59
|
+
# @param [DateTime] datetime
|
60
|
+
# @return [TimeFilter]
|
42
61
|
def self.specificTime(datetime)
|
43
62
|
instance = self.new()
|
44
63
|
instance.type = :specificTime
|
@@ -46,10 +65,15 @@ module DeepSecurity
|
|
46
65
|
instance
|
47
66
|
end
|
48
67
|
|
68
|
+
|
69
|
+
# Return a new instance for last day (yesterday 00:00:00UTC-23:59:59UTC).
|
70
|
+
# @return [TimeFilter]
|
49
71
|
def self.last_day
|
50
72
|
self.custom_range(((Date.today-1).to_time)..((Date.today).to_time-1))
|
51
73
|
end
|
52
74
|
|
75
|
+
# @!endgroup
|
76
|
+
|
53
77
|
end
|
54
78
|
|
55
79
|
end
|
data/lib/deepsecurity/version.rb
CHANGED
@@ -68,7 +68,13 @@ module Dsc
|
|
68
68
|
csv << fields
|
69
69
|
anti_malware_events.each do |anti_malware_event|
|
70
70
|
progressBar.inc(75/anti_malware_events.size) if @show_progress_bar
|
71
|
-
csv << fields.map
|
71
|
+
csv << fields.map do |attribute|
|
72
|
+
begin
|
73
|
+
anti_malware_event.instance_eval(attribute)
|
74
|
+
rescue => e
|
75
|
+
"ERROR (#{e.message}"
|
76
|
+
end
|
77
|
+
end
|
72
78
|
end
|
73
79
|
progressBar.finish if @show_progress_bar
|
74
80
|
end
|
@@ -30,7 +30,7 @@ module Dsc
|
|
30
30
|
:platform,
|
31
31
|
:host_type,
|
32
32
|
# system domain or system group
|
33
|
-
:
|
33
|
+
:host_group_name,
|
34
34
|
|
35
35
|
# last/currently logged on account
|
36
36
|
]
|
@@ -48,7 +48,13 @@ module Dsc
|
|
48
48
|
csv << fields
|
49
49
|
hostDetails.each do |hostDetail|
|
50
50
|
progressBar.inc(75/hostDetails.size) if @show_progress_bar
|
51
|
-
csv << fields.map
|
51
|
+
csv << fields.map do |attribute|
|
52
|
+
begin
|
53
|
+
hostDetail.instance_eval(attribute)
|
54
|
+
rescue => e
|
55
|
+
"ERROR (#{e.message}"
|
56
|
+
end
|
57
|
+
end
|
52
58
|
end
|
53
59
|
progressBar.finish if @show_progress_bar
|
54
60
|
end
|
@@ -17,13 +17,13 @@ module SavonHelper
|
|
17
17
|
end
|
18
18
|
|
19
19
|
# Helper Method deserializing the SOAP response into an object
|
20
|
-
def request_object(method_name, object_class,
|
21
|
-
object_class.from_savon_data(
|
20
|
+
def request_object(method_name, object_class, arguments={})
|
21
|
+
object_class.from_savon_data(send_soap(method_name, arguments))
|
22
22
|
end
|
23
23
|
|
24
24
|
# Helper Method deserializing the SOAP response into an object
|
25
|
-
def request_array(method_name, object_class, collection_name = nil,
|
26
|
-
data = send_soap(method_name,
|
25
|
+
def request_array(method_name, object_class, collection_name = nil, arguments={})
|
26
|
+
data = send_soap(method_name, arguments)
|
27
27
|
data = data[collection_name] unless collection_name.blank?
|
28
28
|
SavonHelper::ArrayMapping.new(SavonHelper::ObjectMapping.new(object_class)).from_savon_data(data)
|
29
29
|
end
|
@@ -374,9 +374,9 @@ module SavonHelper
|
|
374
374
|
end
|
375
375
|
|
376
376
|
# @macro [attach] hint_object_accessor
|
377
|
-
# @!attribute [rw] $
|
378
|
-
# $
|
379
|
-
# @return [
|
377
|
+
# @!attribute [rw] $4
|
378
|
+
# $3
|
379
|
+
# @return [$2]
|
380
380
|
# Define a new "hint" for documentation purposes. Please note, that the method has to be define elsewhere!
|
381
381
|
# @param accessor [Symbol] The accessor to be created
|
382
382
|
# @param description [String] The description for this accessor
|
@@ -2,53 +2,81 @@
|
|
2
2
|
|
3
3
|
module SavonHelper
|
4
4
|
|
5
|
+
# A TypeMappng class is responsible for converting between Savon primitive types and compound Ruby Types
|
5
6
|
class TypeMapping
|
6
7
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
# A new instance of TypeMapping with description
|
9
|
+
# @param [String] description
|
10
|
+
# @return [TypeMapping]
|
11
11
|
def initialize(description='')
|
12
12
|
@description = description
|
13
13
|
end
|
14
14
|
|
15
|
+
# @!group Converting
|
16
|
+
|
17
|
+
# Convert from Savon data to Ruby value
|
18
|
+
# @param [Hash] data Savon data
|
19
|
+
# @return [Object]
|
15
20
|
def from_savon_data(data)
|
16
21
|
logger.error { "#{self.class}##{__method__}(#{data.inspect}) not implemented!" }
|
17
22
|
end
|
18
23
|
|
24
|
+
# Convert from Ruby value type to Savon data
|
25
|
+
# @param [Object] value Ruby value
|
26
|
+
# @return [Object]
|
19
27
|
def to_savon_data(value)
|
20
28
|
logger.error { "#{self.class}##{__method__}(#{value.inspect}) not implemented!" }
|
21
29
|
end
|
22
30
|
|
31
|
+
# @!endgroup
|
32
|
+
|
33
|
+
# Return the description
|
34
|
+
# @return [String]
|
23
35
|
def description
|
24
36
|
@description
|
25
37
|
end
|
26
38
|
|
39
|
+
# Return the class represented by the mapping.
|
40
|
+
# @return [Class]
|
27
41
|
def object_klass
|
28
42
|
logger.error { "#{self.class}##{__method__}() not implemented!" }
|
29
43
|
end
|
30
44
|
|
45
|
+
# Return the class description represented by the mapping.
|
46
|
+
# @return [String]
|
31
47
|
def type_string
|
32
48
|
logger.error { "#{self.class}##{__method__}() not implemented!" }
|
33
49
|
end
|
34
50
|
|
51
|
+
# The current logger
|
52
|
+
# @return [Logger]
|
53
|
+
def logger
|
54
|
+
DeepSecurity::logger
|
55
|
+
end
|
56
|
+
|
35
57
|
end
|
36
58
|
|
59
|
+
# ArrayMapping maps Savon data to Ruby Arrays
|
37
60
|
class ArrayMapping < TypeMapping
|
38
61
|
|
39
|
-
|
62
|
+
|
63
|
+
# Convert the given Savon data to an Array consisting of elements of class klass
|
64
|
+
# @param [TypeMapping] element_mapping TypeMapping for elements
|
65
|
+
# @param [Hash,Array] data Savon Data
|
66
|
+
# @return [Array<Object>]
|
67
|
+
def self.from_savon_data(element_mapping, data)
|
40
68
|
return [] if data.blank?
|
41
69
|
result = []
|
42
70
|
if data.is_a?(Array)
|
43
71
|
data.each do |element|
|
44
|
-
result <<
|
72
|
+
result << element_mapping.from_savon_data(element)
|
45
73
|
end
|
46
74
|
elsif data.is_a?(Hash)
|
47
75
|
item = data[:item]
|
48
76
|
if item.nil?
|
49
|
-
result <<
|
77
|
+
result << element_mapping.from_savon_data(data)
|
50
78
|
else
|
51
|
-
result = from_savon_data(
|
79
|
+
result = from_savon_data(element_mapping, item)
|
52
80
|
end
|
53
81
|
else
|
54
82
|
raise "Unknown Array mapping"
|
@@ -56,42 +84,63 @@ module SavonHelper
|
|
56
84
|
result
|
57
85
|
end
|
58
86
|
|
87
|
+
# A new instance of TypeMapping with description
|
88
|
+
# @param [TypeMapping] element_mapping A TypeMapping for elements
|
89
|
+
# @param [String] description
|
90
|
+
# @return [ArrayMapping]
|
59
91
|
def initialize(element_mapping, description='')
|
60
92
|
super(description)
|
61
93
|
@element_mapping = element_mapping
|
62
94
|
end
|
63
95
|
|
96
|
+
# @!group Converting
|
97
|
+
|
98
|
+
# Convert from Savon data to Ruby value
|
99
|
+
# @param [Hash] data Savon data
|
100
|
+
# @return [Array]
|
64
101
|
def from_savon_data(data)
|
65
102
|
self.class.from_savon_data(@element_mapping, data)
|
66
103
|
end
|
67
104
|
|
68
|
-
|
69
|
-
return @element_mapping.from_savon_data(data[:item]) if data[:item].is_a?(Hash)
|
70
|
-
data[:item].map do |each|
|
71
|
-
@element_mapping.from_savon_data(each)
|
72
|
-
end
|
73
|
-
end
|
105
|
+
# @!endgroup
|
74
106
|
|
107
|
+
# Return the class represented by the mapping.
|
108
|
+
# @return [Class]
|
75
109
|
def object_klass
|
76
|
-
|
110
|
+
@element_mapping.object_klass
|
77
111
|
end
|
78
112
|
|
113
|
+
# Return the class description represented by the mapping.
|
114
|
+
# @return [String]
|
79
115
|
def type_string
|
80
116
|
"Array<#{@element_mapping.type_string}>"
|
81
117
|
end
|
82
118
|
|
83
119
|
end
|
84
120
|
|
121
|
+
# BooleanMapping maps Savon data to Ruby Booleans.
|
85
122
|
class BooleanMapping < TypeMapping
|
86
123
|
|
124
|
+
# @!group Converting
|
125
|
+
|
126
|
+
# Convert from Savon data to Ruby Boolean
|
127
|
+
# @param [Hash] data Savon data
|
128
|
+
# @return [Boolean]
|
87
129
|
def from_savon_data(data)
|
88
130
|
data.to_s == "true"
|
89
131
|
end
|
90
132
|
|
133
|
+
# Convert from Ruby Boolean type to Savon data
|
134
|
+
# @param [Object] value Boolean
|
135
|
+
# @return [Hash]
|
91
136
|
def to_savon_data(value)
|
92
137
|
value.to_s
|
93
138
|
end
|
94
139
|
|
140
|
+
# @!endgroup
|
141
|
+
|
142
|
+
# Return the class description represented by the mapping.
|
143
|
+
# @return [String]
|
95
144
|
def type_string
|
96
145
|
"bool"
|
97
146
|
end
|
@@ -130,7 +179,7 @@ module SavonHelper
|
|
130
179
|
end
|
131
180
|
|
132
181
|
def type_string
|
133
|
-
"enum"
|
182
|
+
"enum<#{@enum.values.join(', ')}>"
|
134
183
|
end
|
135
184
|
|
136
185
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: deepsecurity
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.19
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-03-
|
12
|
+
date: 2013-03-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: savon
|
@@ -149,12 +149,14 @@ extra_rdoc_files: []
|
|
149
149
|
files:
|
150
150
|
- .gitignore
|
151
151
|
- .yardopts
|
152
|
+
- CHANGELOG.md
|
152
153
|
- Gemfile
|
153
154
|
- LICENSE
|
154
155
|
- README.md
|
155
156
|
- Rakefile
|
156
157
|
- bin/dsc
|
157
158
|
- deepsecurity.gemspec
|
159
|
+
- dsc.md
|
158
160
|
- lib/deepsecurity.rb
|
159
161
|
- lib/deepsecurity/ds_object.rb
|
160
162
|
- lib/deepsecurity/enums.rb
|