sdee 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d7400ca72437d03e9249f3b91a190fecb02b8a72
4
- data.tar.gz: fc34ce94cbd1a08adeb77a30e4941f0bd5e43a35
3
+ metadata.gz: b64a66ed43dbff1fd7ad802fd21a3cd60f8074ca
4
+ data.tar.gz: ed1877bf55562f7045ac1c6c6a51a587236840ff
5
5
  SHA512:
6
- metadata.gz: b83055d523805ae87fb1e28791cb292f4891325550e1d202cee1c8b592ca3c8078af65b41465c6629f0cd084f2b67cc68f53e454275e887c33b1b9b711085825
7
- data.tar.gz: 6a21642660cbfbfc27d3ed575d6515fc6d1f5300dd7a436205531340411a7f23ecc8b3685bf5699a6eff1c905b1f9e4e7a648477046f7eceee46764eee28c228
6
+ metadata.gz: 4cc254eaa1d958d1e5eb5e37c866fe1e9c2e1f2f637a65bf55693209a346b941286e2a1835e0319099caa20c29defb895fe46dab26e4aa2684c2ccc93b5cff84
7
+ data.tar.gz: d1f4b2eae092ed76a6959cfb28e6d4c18c0162ec964f0e1f059c2c491a9308c5d7e2158ac96554f3a98ff60e2a44db9e88e91b4939760eb00eb718d140ba62bb
@@ -1,10 +1,13 @@
1
- require 'sdee'
1
+ $LOAD_PATH << './lib'
2
+ require './lib/sdee'
2
3
 
3
4
  # create new SDEE connection
4
- poller = SDEE::Poller.new(host: '10.122.196.67', user: 'cisco', pass: 'MTD@c1sc0')
5
+ client = SDEE::Client.new(
6
+ host: 'localhost',
7
+ user: 'user',
8
+ password: 'pass')
5
9
 
6
- # login and set subscriptionId, sessionId
7
- poller.login
10
+ puts "client initialized"
8
11
 
9
- # print events every 1 second in JSON format
10
- poller.poll_events 1
12
+ # start polling
13
+ client.start_polling
@@ -1,7 +1,6 @@
1
- require 'sdee/poller'
2
1
  require 'sdee/alert'
2
+ require 'sdee/poller'
3
+ require 'sdee/client'
3
4
 
4
5
  module SDEE
5
- class << self
6
- end
7
6
  end
@@ -0,0 +1,40 @@
1
+ require 'sdee/poller'
2
+ require 'sdee/alert'
3
+
4
+ module SDEE
5
+ class Client
6
+ def initialize(options={})
7
+ @options = options
8
+
9
+ # buffer to retain alerts, threads
10
+ @events = @threads = []
11
+ end
12
+
13
+ def start_polling(num_threads=5)
14
+ stop_polling unless @threads.empty?
15
+
16
+ num_threads.times do
17
+ @threads << Thread.new do
18
+ poller = Poller.new(@options)
19
+ poller.poll
20
+ end
21
+ end
22
+
23
+ @threads.each { |t| t.join }
24
+ end
25
+
26
+ def stop_polling
27
+ @threads.each { |thread| thread.terminate }
28
+ end
29
+
30
+ # Removes events from buffer
31
+ def pop
32
+ @events.delete
33
+ end
34
+
35
+ # Retrieves but doesn't remove events from buffer
36
+ def get
37
+ @events
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,7 @@
1
+ # Not implemented yet
2
+ require 'json'
3
+
4
+ module SDEE
5
+ class Event
6
+ end
7
+ end
@@ -6,12 +6,17 @@ require 'nokogiri'
6
6
 
7
7
  module SDEE
8
8
  class Poller
9
- def initialize(options = {})
10
- @host = options[:host]
11
- @path = '/cgi-bin/sdee-server'
12
- @proto = 'https://'
9
+ attr_accessor :authenticated, :host, :path, :scheme, :user, :password,
10
+ :verify_ssl, :ssl_version
13
11
 
14
- @creds = Base64.encode64("#{options[:user]}:#{options[:pass]}")
12
+ def initialize(options = {})
13
+ @host = options[:host] || 'localhost'
14
+ @path = options[:path] || '/cgi-bin/sdee-server'
15
+ @scheme = options[:scheme] || 'https://'
16
+ @user = options[:user]
17
+ @password = options[:password]
18
+ @verify_ssl = options[:verify_ssl]
19
+ @ssl_version = options[:ssl_version] || :SSLv3
15
20
  end
16
21
 
17
22
  def login
@@ -34,15 +39,15 @@ module SDEE
34
39
  response
35
40
  end
36
41
 
37
- def poll_events(sleep_time=5)
42
+ def poll(sleep_time=5)
38
43
  while true do
39
- get_events
44
+ puts get_events
40
45
  sleep sleep_time
41
46
  end
42
47
  end
43
48
 
44
49
  def get_events
45
- puts "Please login first" unless @subscription_id
50
+ login unless @subscription_id
46
51
 
47
52
  params = {
48
53
  action: 'get',
@@ -53,28 +58,21 @@ module SDEE
53
58
  sessionId: @session_id
54
59
  }
55
60
 
56
- res = request params
57
- doc = Nokogiri::XML(res.body)
58
-
59
- xml_alerts = doc.xpath("//sd:evIdsAlert")
60
- hash_alerts = xml_alerts.collect {|x| Alert.new(x.to_s).to_hash }.uniq
61
-
62
- hash_alerts.each {|h| puts h.to_json }
63
-
64
- hash_alerts
61
+ doc = Nokogiri::XML(request(params).body)
62
+ doc.xpath("//sd:evIdsAlert").collect {|x| Alert.new(x).to_hash }.uniq
65
63
  end
66
64
 
67
65
  def request(params)
68
66
  http = Net::HTTP.new(@host, 443)
69
67
  http.use_ssl = true
70
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE
71
- http.ssl_version = :SSLv3
68
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless @verify_ssl
69
+ http.ssl_version = @ssl_version
72
70
 
73
- uri = URI(@proto + @host + @path)
71
+ uri = URI(@scheme + @host + @path)
74
72
  uri.query = URI.encode_www_form(params)
75
73
 
76
74
  req = Net::HTTP::Get.new(uri)
77
- req['Authorization'] = "BASIC #{@creds}"
75
+ req.basic_auth @user, @password
78
76
 
79
77
  http.request(req)
80
78
  end
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'sdee'
3
- s.version = '0.0.6'
3
+ s.version = '0.0.7'
4
4
  s.summary = 'Simple Ruby SDEE Poller'
5
5
  s.description = 'Secure Device Event Exchange (SDEE) is a simple HTTP-based protocol used by security appliances to exchange events and alerts. Results are returned in XML. This is a very bare-bones ruby implementation to get SDEE events from a Cisco IPS in JSON format.'
6
6
  s.authors = ['Jamil Bou Kheir']
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sdee
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.6
4
+ version: 0.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jamil Bou Kheir
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-12-02 00:00:00.000000000 Z
11
+ date: 2013-12-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nokogiri
@@ -76,6 +76,8 @@ files:
76
76
  - examples/simple.rb
77
77
  - lib/sdee.rb
78
78
  - lib/sdee/alert.rb
79
+ - lib/sdee/client.rb
80
+ - lib/sdee/event.rb
79
81
  - lib/sdee/poller.rb
80
82
  - sdee.gemspec
81
83
  - spec/alert_spec.rb