sdee 0.0.6 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/examples/simple.rb +9 -6
- data/lib/sdee.rb +2 -3
- data/lib/sdee/client.rb +40 -0
- data/lib/sdee/event.rb +7 -0
- data/lib/sdee/poller.rb +19 -21
- data/sdee.gemspec +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b64a66ed43dbff1fd7ad802fd21a3cd60f8074ca
|
4
|
+
data.tar.gz: ed1877bf55562f7045ac1c6c6a51a587236840ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4cc254eaa1d958d1e5eb5e37c866fe1e9c2e1f2f637a65bf55693209a346b941286e2a1835e0319099caa20c29defb895fe46dab26e4aa2684c2ccc93b5cff84
|
7
|
+
data.tar.gz: d1f4b2eae092ed76a6959cfb28e6d4c18c0162ec964f0e1f059c2c491a9308c5d7e2158ac96554f3a98ff60e2a44db9e88e91b4939760eb00eb718d140ba62bb
|
data/examples/simple.rb
CHANGED
@@ -1,10 +1,13 @@
|
|
1
|
-
|
1
|
+
$LOAD_PATH << './lib'
|
2
|
+
require './lib/sdee'
|
2
3
|
|
3
4
|
# create new SDEE connection
|
4
|
-
|
5
|
+
client = SDEE::Client.new(
|
6
|
+
host: 'localhost',
|
7
|
+
user: 'user',
|
8
|
+
password: 'pass')
|
5
9
|
|
6
|
-
|
7
|
-
poller.login
|
10
|
+
puts "client initialized"
|
8
11
|
|
9
|
-
#
|
10
|
-
|
12
|
+
# start polling
|
13
|
+
client.start_polling
|
data/lib/sdee.rb
CHANGED
data/lib/sdee/client.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'sdee/poller'
|
2
|
+
require 'sdee/alert'
|
3
|
+
|
4
|
+
module SDEE
|
5
|
+
class Client
|
6
|
+
def initialize(options={})
|
7
|
+
@options = options
|
8
|
+
|
9
|
+
# buffer to retain alerts, threads
|
10
|
+
@events = @threads = []
|
11
|
+
end
|
12
|
+
|
13
|
+
def start_polling(num_threads=5)
|
14
|
+
stop_polling unless @threads.empty?
|
15
|
+
|
16
|
+
num_threads.times do
|
17
|
+
@threads << Thread.new do
|
18
|
+
poller = Poller.new(@options)
|
19
|
+
poller.poll
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
@threads.each { |t| t.join }
|
24
|
+
end
|
25
|
+
|
26
|
+
def stop_polling
|
27
|
+
@threads.each { |thread| thread.terminate }
|
28
|
+
end
|
29
|
+
|
30
|
+
# Removes events from buffer
|
31
|
+
def pop
|
32
|
+
@events.delete
|
33
|
+
end
|
34
|
+
|
35
|
+
# Retrieves but doesn't remove events from buffer
|
36
|
+
def get
|
37
|
+
@events
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/sdee/event.rb
ADDED
data/lib/sdee/poller.rb
CHANGED
@@ -6,12 +6,17 @@ require 'nokogiri'
|
|
6
6
|
|
7
7
|
module SDEE
|
8
8
|
class Poller
|
9
|
-
|
10
|
-
|
11
|
-
@path = '/cgi-bin/sdee-server'
|
12
|
-
@proto = 'https://'
|
9
|
+
attr_accessor :authenticated, :host, :path, :scheme, :user, :password,
|
10
|
+
:verify_ssl, :ssl_version
|
13
11
|
|
14
|
-
|
12
|
+
def initialize(options = {})
|
13
|
+
@host = options[:host] || 'localhost'
|
14
|
+
@path = options[:path] || '/cgi-bin/sdee-server'
|
15
|
+
@scheme = options[:scheme] || 'https://'
|
16
|
+
@user = options[:user]
|
17
|
+
@password = options[:password]
|
18
|
+
@verify_ssl = options[:verify_ssl]
|
19
|
+
@ssl_version = options[:ssl_version] || :SSLv3
|
15
20
|
end
|
16
21
|
|
17
22
|
def login
|
@@ -34,15 +39,15 @@ module SDEE
|
|
34
39
|
response
|
35
40
|
end
|
36
41
|
|
37
|
-
def
|
42
|
+
def poll(sleep_time=5)
|
38
43
|
while true do
|
39
|
-
get_events
|
44
|
+
puts get_events
|
40
45
|
sleep sleep_time
|
41
46
|
end
|
42
47
|
end
|
43
48
|
|
44
49
|
def get_events
|
45
|
-
|
50
|
+
login unless @subscription_id
|
46
51
|
|
47
52
|
params = {
|
48
53
|
action: 'get',
|
@@ -53,28 +58,21 @@ module SDEE
|
|
53
58
|
sessionId: @session_id
|
54
59
|
}
|
55
60
|
|
56
|
-
|
57
|
-
doc
|
58
|
-
|
59
|
-
xml_alerts = doc.xpath("//sd:evIdsAlert")
|
60
|
-
hash_alerts = xml_alerts.collect {|x| Alert.new(x.to_s).to_hash }.uniq
|
61
|
-
|
62
|
-
hash_alerts.each {|h| puts h.to_json }
|
63
|
-
|
64
|
-
hash_alerts
|
61
|
+
doc = Nokogiri::XML(request(params).body)
|
62
|
+
doc.xpath("//sd:evIdsAlert").collect {|x| Alert.new(x).to_hash }.uniq
|
65
63
|
end
|
66
64
|
|
67
65
|
def request(params)
|
68
66
|
http = Net::HTTP.new(@host, 443)
|
69
67
|
http.use_ssl = true
|
70
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
71
|
-
http.ssl_version =
|
68
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless @verify_ssl
|
69
|
+
http.ssl_version = @ssl_version
|
72
70
|
|
73
|
-
uri = URI(@
|
71
|
+
uri = URI(@scheme + @host + @path)
|
74
72
|
uri.query = URI.encode_www_form(params)
|
75
73
|
|
76
74
|
req = Net::HTTP::Get.new(uri)
|
77
|
-
req
|
75
|
+
req.basic_auth @user, @password
|
78
76
|
|
79
77
|
http.request(req)
|
80
78
|
end
|
data/sdee.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'sdee'
|
3
|
-
s.version = '0.0.
|
3
|
+
s.version = '0.0.7'
|
4
4
|
s.summary = 'Simple Ruby SDEE Poller'
|
5
5
|
s.description = 'Secure Device Event Exchange (SDEE) is a simple HTTP-based protocol used by security appliances to exchange events and alerts. Results are returned in XML. This is a very bare-bones ruby implementation to get SDEE events from a Cisco IPS in JSON format.'
|
6
6
|
s.authors = ['Jamil Bou Kheir']
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sdee
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jamil Bou Kheir
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-12-
|
11
|
+
date: 2013-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -76,6 +76,8 @@ files:
|
|
76
76
|
- examples/simple.rb
|
77
77
|
- lib/sdee.rb
|
78
78
|
- lib/sdee/alert.rb
|
79
|
+
- lib/sdee/client.rb
|
80
|
+
- lib/sdee/event.rb
|
79
81
|
- lib/sdee/poller.rb
|
80
82
|
- sdee.gemspec
|
81
83
|
- spec/alert_spec.rb
|