sdee 0.0.6 → 0.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/examples/simple.rb +9 -6
- data/lib/sdee.rb +2 -3
- data/lib/sdee/client.rb +40 -0
- data/lib/sdee/event.rb +7 -0
- data/lib/sdee/poller.rb +19 -21
- data/sdee.gemspec +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b64a66ed43dbff1fd7ad802fd21a3cd60f8074ca
|
4
|
+
data.tar.gz: ed1877bf55562f7045ac1c6c6a51a587236840ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4cc254eaa1d958d1e5eb5e37c866fe1e9c2e1f2f637a65bf55693209a346b941286e2a1835e0319099caa20c29defb895fe46dab26e4aa2684c2ccc93b5cff84
|
7
|
+
data.tar.gz: d1f4b2eae092ed76a6959cfb28e6d4c18c0162ec964f0e1f059c2c491a9308c5d7e2158ac96554f3a98ff60e2a44db9e88e91b4939760eb00eb718d140ba62bb
|
data/examples/simple.rb
CHANGED
@@ -1,10 +1,13 @@
|
|
1
|
-
|
1
|
+
$LOAD_PATH << './lib'
|
2
|
+
require './lib/sdee'
|
2
3
|
|
3
4
|
# create new SDEE connection
|
4
|
-
|
5
|
+
client = SDEE::Client.new(
|
6
|
+
host: 'localhost',
|
7
|
+
user: 'user',
|
8
|
+
password: 'pass')
|
5
9
|
|
6
|
-
|
7
|
-
poller.login
|
10
|
+
puts "client initialized"
|
8
11
|
|
9
|
-
#
|
10
|
-
|
12
|
+
# start polling
|
13
|
+
client.start_polling
|
data/lib/sdee.rb
CHANGED
data/lib/sdee/client.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
require 'sdee/poller'
|
2
|
+
require 'sdee/alert'
|
3
|
+
|
4
|
+
module SDEE
|
5
|
+
class Client
|
6
|
+
def initialize(options={})
|
7
|
+
@options = options
|
8
|
+
|
9
|
+
# buffer to retain alerts, threads
|
10
|
+
@events = @threads = []
|
11
|
+
end
|
12
|
+
|
13
|
+
def start_polling(num_threads=5)
|
14
|
+
stop_polling unless @threads.empty?
|
15
|
+
|
16
|
+
num_threads.times do
|
17
|
+
@threads << Thread.new do
|
18
|
+
poller = Poller.new(@options)
|
19
|
+
poller.poll
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
@threads.each { |t| t.join }
|
24
|
+
end
|
25
|
+
|
26
|
+
def stop_polling
|
27
|
+
@threads.each { |thread| thread.terminate }
|
28
|
+
end
|
29
|
+
|
30
|
+
# Removes events from buffer
|
31
|
+
def pop
|
32
|
+
@events.delete
|
33
|
+
end
|
34
|
+
|
35
|
+
# Retrieves but doesn't remove events from buffer
|
36
|
+
def get
|
37
|
+
@events
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/sdee/event.rb
ADDED
data/lib/sdee/poller.rb
CHANGED
@@ -6,12 +6,17 @@ require 'nokogiri'
|
|
6
6
|
|
7
7
|
module SDEE
|
8
8
|
class Poller
|
9
|
-
|
10
|
-
|
11
|
-
@path = '/cgi-bin/sdee-server'
|
12
|
-
@proto = 'https://'
|
9
|
+
attr_accessor :authenticated, :host, :path, :scheme, :user, :password,
|
10
|
+
:verify_ssl, :ssl_version
|
13
11
|
|
14
|
-
|
12
|
+
def initialize(options = {})
|
13
|
+
@host = options[:host] || 'localhost'
|
14
|
+
@path = options[:path] || '/cgi-bin/sdee-server'
|
15
|
+
@scheme = options[:scheme] || 'https://'
|
16
|
+
@user = options[:user]
|
17
|
+
@password = options[:password]
|
18
|
+
@verify_ssl = options[:verify_ssl]
|
19
|
+
@ssl_version = options[:ssl_version] || :SSLv3
|
15
20
|
end
|
16
21
|
|
17
22
|
def login
|
@@ -34,15 +39,15 @@ module SDEE
|
|
34
39
|
response
|
35
40
|
end
|
36
41
|
|
37
|
-
def
|
42
|
+
def poll(sleep_time=5)
|
38
43
|
while true do
|
39
|
-
get_events
|
44
|
+
puts get_events
|
40
45
|
sleep sleep_time
|
41
46
|
end
|
42
47
|
end
|
43
48
|
|
44
49
|
def get_events
|
45
|
-
|
50
|
+
login unless @subscription_id
|
46
51
|
|
47
52
|
params = {
|
48
53
|
action: 'get',
|
@@ -53,28 +58,21 @@ module SDEE
|
|
53
58
|
sessionId: @session_id
|
54
59
|
}
|
55
60
|
|
56
|
-
|
57
|
-
doc
|
58
|
-
|
59
|
-
xml_alerts = doc.xpath("//sd:evIdsAlert")
|
60
|
-
hash_alerts = xml_alerts.collect {|x| Alert.new(x.to_s).to_hash }.uniq
|
61
|
-
|
62
|
-
hash_alerts.each {|h| puts h.to_json }
|
63
|
-
|
64
|
-
hash_alerts
|
61
|
+
doc = Nokogiri::XML(request(params).body)
|
62
|
+
doc.xpath("//sd:evIdsAlert").collect {|x| Alert.new(x).to_hash }.uniq
|
65
63
|
end
|
66
64
|
|
67
65
|
def request(params)
|
68
66
|
http = Net::HTTP.new(@host, 443)
|
69
67
|
http.use_ssl = true
|
70
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
71
|
-
http.ssl_version =
|
68
|
+
http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless @verify_ssl
|
69
|
+
http.ssl_version = @ssl_version
|
72
70
|
|
73
|
-
uri = URI(@
|
71
|
+
uri = URI(@scheme + @host + @path)
|
74
72
|
uri.query = URI.encode_www_form(params)
|
75
73
|
|
76
74
|
req = Net::HTTP::Get.new(uri)
|
77
|
-
req
|
75
|
+
req.basic_auth @user, @password
|
78
76
|
|
79
77
|
http.request(req)
|
80
78
|
end
|
data/sdee.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'sdee'
|
3
|
-
s.version = '0.0.
|
3
|
+
s.version = '0.0.7'
|
4
4
|
s.summary = 'Simple Ruby SDEE Poller'
|
5
5
|
s.description = 'Secure Device Event Exchange (SDEE) is a simple HTTP-based protocol used by security appliances to exchange events and alerts. Results are returned in XML. This is a very bare-bones ruby implementation to get SDEE events from a Cisco IPS in JSON format.'
|
6
6
|
s.authors = ['Jamil Bou Kheir']
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sdee
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jamil Bou Kheir
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-12-
|
11
|
+
date: 2013-12-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nokogiri
|
@@ -76,6 +76,8 @@ files:
|
|
76
76
|
- examples/simple.rb
|
77
77
|
- lib/sdee.rb
|
78
78
|
- lib/sdee/alert.rb
|
79
|
+
- lib/sdee/client.rb
|
80
|
+
- lib/sdee/event.rb
|
79
81
|
- lib/sdee/poller.rb
|
80
82
|
- sdee.gemspec
|
81
83
|
- spec/alert_spec.rb
|