nwsdk 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,56 @@
1
+ module Nwsdk
2
+ class Packets
3
+ include Helpers
4
+
5
+ attr_accessor :group, :file_prefix, :query, :endpoint, :condition
6
+
7
+ def initialize(*args)
8
+ Hash[*args].each {|k,v| self.send("%s="%k, v)}
9
+ @group ||= 1000
10
+ @file_prefix ||= "pcap"
11
+ @query ||= Nwsdk::Query.new(keys: %w{ sessionid })
12
+ end
13
+
14
+ def request
15
+ pcaps={}
16
+ each_pcap_group do | group |
17
+ pcaps[group[:filename]]=data
18
+ end
19
+ pcaps
20
+ end
21
+
22
+ def build_request(sessions=[])
23
+ endpoint.get_request(
24
+ path: 'sdk/packets',
25
+ params: {
26
+ sessions: sessions.join(',')
27
+ }
28
+ )
29
+ end
30
+
31
+ def get_pcap_data(sessions=[])
32
+ build_request(sessions).execute
33
+ end
34
+
35
+ def each_pcap_group
36
+ sessions=get_sessionids(self)
37
+ sessions_digits=sessions.size.to_s.length
38
+ session_counter=0
39
+ session_stamp=Time.new.to_i
40
+ fformat="%s_%0#{sessions_digits}d-%0#{sessions_digits}d.pcap"
41
+ sessions.each_slice(group) do |slice|
42
+ sstart=session_counter
43
+ ssend = sstart + slice.size - 1
44
+ fname=sprintf(fformat, file_prefix, sstart, ssend)
45
+ data=get_pcap_data(slice)
46
+ yield pcap_group={
47
+ group_start: sstart,
48
+ group_end: ssend,
49
+ filename: fname,
50
+ data: data
51
+ }
52
+ session_counter += slice.size
53
+ end
54
+ end
55
+ end
56
+ end
@@ -0,0 +1,62 @@
1
+ module Nwsdk
2
+ class Query
3
+ include Helpers
4
+
5
+ attr_accessor :limit, :keys, :id1, :id2, :endpoint, :condition
6
+
7
+ def initialize(*args)
8
+ Hash[*args].each {|k,v| self.send("%s="%k, v)}
9
+ @limit ||= 10000
10
+ @keys ||= %w{ * }
11
+ end
12
+
13
+ def request
14
+ result=build_request.execute
15
+ if response_successful?(result)
16
+ unroll_result(JSON.parse(result))
17
+ else
18
+ result
19
+ end
20
+ end
21
+
22
+ def build_request
23
+ endpoint.get_request(
24
+ path: 'sdk',
25
+ params: {
26
+ msg: 'query',
27
+ query: format_select,
28
+ size: limit * width
29
+ }
30
+ )
31
+ end
32
+
33
+ def width
34
+ if keys==["*"]
35
+ 100
36
+ else
37
+ keys.size
38
+ end
39
+ end
40
+
41
+ def format_select
42
+ sprintf("select %s where %s", keys.join(','), condition.format)
43
+ end
44
+
45
+ def unroll_result(result)
46
+ grouped=result["results"]["fields"].group_by {|f| f["group"] }
47
+ grouped.map do |gid,fields|
48
+ report=Hash.new
49
+ fields.each do |field|
50
+ key = field["type"]
51
+ val = decode_value(field)
52
+ if report.has_key?(key)
53
+ report[key]=[*report[key],val]
54
+ else
55
+ report[key]=val
56
+ end
57
+ end
58
+ report
59
+ end
60
+ end
61
+ end
62
+ end
@@ -0,0 +1,48 @@
1
+ module Nwsdk
2
+ class Timeline
3
+ include Helpers
4
+
5
+ attr_accessor :flags, :condition, :endpoint, :limit
6
+
7
+ def initialize(*args)
8
+ Hash[*args].each {|k,v| self.send("%s="%k, v)}
9
+ @limit ||= 10000
10
+ @flags ||= %w{ size }
11
+ end
12
+
13
+ def request
14
+ result=build_request.execute
15
+ if response_successful?(result)
16
+ res=count_results(JSON.parse(result))
17
+ keys=res.keys.map {|k| k - k.gmtoff}
18
+ Hash[keys.zip(res.values)]
19
+ else
20
+ result
21
+ end
22
+ end
23
+
24
+ def build_request
25
+ endpoint.get_request(
26
+ path: 'sdk',
27
+ params: build_params
28
+ )
29
+ end
30
+ def build_params
31
+
32
+ params={
33
+ msg: 'timeline',
34
+ time1: format_timestamp(condition.time1),
35
+ time2: format_timestamp(condition.time2),
36
+ size: limit,
37
+ timezone: 0,
38
+ flags: flags.join(','),
39
+ }
40
+ if condition.where.nil?
41
+ params
42
+ else
43
+ params.merge(where: condition.format(use_time: false))
44
+ end
45
+ end
46
+
47
+ end
48
+ end
@@ -0,0 +1,38 @@
1
+ module Nwsdk
2
+ class Values
3
+ include Helpers
4
+
5
+ attr_accessor :key_name, :flags, :limit, :condition, :endpoint
6
+
7
+ def initialize(*args)
8
+ Hash[*args].each {|k,v| self.send("%s="%k, v)}
9
+ @flags ||= %w{ sort-total sessions order-descending }
10
+ @limit ||= 10000
11
+ @key_name ||= 'service'
12
+ end
13
+
14
+ def build_request
15
+ endpoint.get_request(
16
+ path: 'sdk',
17
+ params: {
18
+ msg: 'values',
19
+ where: condition.format(use_time: false),
20
+ time1: format_timestamp(condition.time1.utc),
21
+ time2: format_timestamp(condition.time2.utc),
22
+ size: limit,
23
+ flags: flags.join(','),
24
+ fieldName: key_name
25
+ }
26
+ )
27
+ end
28
+
29
+ def request
30
+ result=build_request.execute
31
+ if response_successful?(result)
32
+ count_results(JSON.parse(result))
33
+ else
34
+ result
35
+ end
36
+ end
37
+ end
38
+ end
@@ -0,0 +1,3 @@
1
+ module Nwsdk
2
+ VERSION = '1.1.3'
3
+ end
data/lib/nwsdk.rb ADDED
@@ -0,0 +1,19 @@
1
+ require 'rest-client'
2
+ require 'openssl'
3
+ require 'json'
4
+ require 'ipaddr'
5
+ require 'pry'
6
+ require 'nwsdk/version'
7
+ require 'nwsdk/constants'
8
+ require 'nwsdk/helpers'
9
+ require 'nwsdk/endpoint'
10
+ require 'nwsdk/condition'
11
+ require 'nwsdk/query'
12
+ require 'nwsdk/packets'
13
+ require 'nwsdk/values'
14
+ require 'nwsdk/timeline'
15
+ require 'nwsdk/content'
16
+
17
+ module Nwsdk
18
+
19
+ end
data/nwsdk.gemspec ADDED
@@ -0,0 +1,34 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'nwsdk/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = 'nwsdk'
8
+ spec.version = Nwsdk::VERSION
9
+ spec.authors = ['Ryan Breed']
10
+ spec.email = ['ryan.breed@ercot.com']
11
+
12
+ spec.summary = %q{ small wrapper around netwitness REST API }
13
+ spec.description = %q{ allows users to run queries, extracts, and generate cef alerts }
14
+ spec.homepage = 'http://github.com/ryanbreed/nwsdk'
15
+ spec.license = 'GPLv3'
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = 'bin'
19
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
20
+ spec.require_paths = ['lib']
21
+
22
+ spec.add_dependency 'cef', '~> 1.0'
23
+ spec.add_dependency 'chronic', '0.10.2'
24
+ spec.add_dependency 'rest-client', '~> 1.8'
25
+ spec.add_dependency 'thor', '~> 0.19'
26
+
27
+ spec.add_development_dependency 'pry', '~> 0.10'
28
+ spec.add_development_dependency 'bundler', '~> 1.10'
29
+ spec.add_development_dependency 'rake', '~> 10.0'
30
+ spec.add_development_dependency 'rspec', '~> 3.3'
31
+ spec.add_development_dependency 'guard', '~> 2.13'
32
+ spec.add_development_dependency 'guard-rspec', '~> 4.6'
33
+ spec.add_development_dependency 'simplecov', '~> 0.10'
34
+ end
metadata ADDED
@@ -0,0 +1,219 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: nwsdk
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.1.3
5
+ platform: ruby
6
+ authors:
7
+ - Ryan Breed
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-09-03 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: cef
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: chronic
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - '='
32
+ - !ruby/object:Gem::Version
33
+ version: 0.10.2
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '='
39
+ - !ruby/object:Gem::Version
40
+ version: 0.10.2
41
+ - !ruby/object:Gem::Dependency
42
+ name: rest-client
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.8'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.8'
55
+ - !ruby/object:Gem::Dependency
56
+ name: thor
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '0.19'
62
+ type: :runtime
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '0.19'
69
+ - !ruby/object:Gem::Dependency
70
+ name: pry
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '0.10'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '0.10'
83
+ - !ruby/object:Gem::Dependency
84
+ name: bundler
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.10'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.10'
97
+ - !ruby/object:Gem::Dependency
98
+ name: rake
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - "~>"
102
+ - !ruby/object:Gem::Version
103
+ version: '10.0'
104
+ type: :development
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '10.0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rspec
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '3.3'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: '3.3'
125
+ - !ruby/object:Gem::Dependency
126
+ name: guard
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '2.13'
132
+ type: :development
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '2.13'
139
+ - !ruby/object:Gem::Dependency
140
+ name: guard-rspec
141
+ requirement: !ruby/object:Gem::Requirement
142
+ requirements:
143
+ - - "~>"
144
+ - !ruby/object:Gem::Version
145
+ version: '4.6'
146
+ type: :development
147
+ prerelease: false
148
+ version_requirements: !ruby/object:Gem::Requirement
149
+ requirements:
150
+ - - "~>"
151
+ - !ruby/object:Gem::Version
152
+ version: '4.6'
153
+ - !ruby/object:Gem::Dependency
154
+ name: simplecov
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '0.10'
160
+ type: :development
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: '0.10'
167
+ description: " allows users to run queries, extracts, and generate cef alerts "
168
+ email:
169
+ - ryan.breed@ercot.com
170
+ executables:
171
+ - nw
172
+ extensions: []
173
+ extra_rdoc_files: []
174
+ files:
175
+ - ".gitignore"
176
+ - Gemfile
177
+ - Guardfile
178
+ - LICENSE
179
+ - README.md
180
+ - Rakefile
181
+ - bin/nw
182
+ - lib/nwsdk.rb
183
+ - lib/nwsdk/cli.rb
184
+ - lib/nwsdk/condition.rb
185
+ - lib/nwsdk/constants.rb
186
+ - lib/nwsdk/content.rb
187
+ - lib/nwsdk/endpoint.rb
188
+ - lib/nwsdk/helpers.rb
189
+ - lib/nwsdk/packets.rb
190
+ - lib/nwsdk/query.rb
191
+ - lib/nwsdk/timeline.rb
192
+ - lib/nwsdk/values.rb
193
+ - lib/nwsdk/version.rb
194
+ - nwsdk.gemspec
195
+ homepage: http://github.com/ryanbreed/nwsdk
196
+ licenses:
197
+ - GPLv3
198
+ metadata: {}
199
+ post_install_message:
200
+ rdoc_options: []
201
+ require_paths:
202
+ - lib
203
+ required_ruby_version: !ruby/object:Gem::Requirement
204
+ requirements:
205
+ - - ">="
206
+ - !ruby/object:Gem::Version
207
+ version: '0'
208
+ required_rubygems_version: !ruby/object:Gem::Requirement
209
+ requirements:
210
+ - - ">="
211
+ - !ruby/object:Gem::Version
212
+ version: '0'
213
+ requirements: []
214
+ rubyforge_project:
215
+ rubygems_version: 2.4.5
216
+ signing_key:
217
+ specification_version: 4
218
+ summary: small wrapper around netwitness REST API
219
+ test_files: []