sdee 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d7400ca72437d03e9249f3b91a190fecb02b8a72
-  data.tar.gz: fc34ce94cbd1a08adeb77a30e4941f0bd5e43a35
+  metadata.gz: b64a66ed43dbff1fd7ad802fd21a3cd60f8074ca
+  data.tar.gz: ed1877bf55562f7045ac1c6c6a51a587236840ff
 SHA512:
-  metadata.gz: b83055d523805ae87fb1e28791cb292f4891325550e1d202cee1c8b592ca3c8078af65b41465c6629f0cd084f2b67cc68f53e454275e887c33b1b9b711085825
-  data.tar.gz: 6a21642660cbfbfc27d3ed575d6515fc6d1f5300dd7a436205531340411a7f23ecc8b3685bf5699a6eff1c905b1f9e4e7a648477046f7eceee46764eee28c228
+  metadata.gz: 4cc254eaa1d958d1e5eb5e37c866fe1e9c2e1f2f637a65bf55693209a346b941286e2a1835e0319099caa20c29defb895fe46dab26e4aa2684c2ccc93b5cff84
+  data.tar.gz: d1f4b2eae092ed76a6959cfb28e6d4c18c0162ec964f0e1f059c2c491a9308c5d7e2158ac96554f3a98ff60e2a44db9e88e91b4939760eb00eb718d140ba62bb

data/examples/simple.rb

@@ -1,10 +1,13 @@
-require 'sdee'
+$LOAD_PATH << './lib'
+require './lib/sdee'
 
 # create new SDEE connection
-poller = SDEE::Poller.new(host: '10.122.196.67', user: 'cisco', pass: 'MTD@c1sc0')
+client = SDEE::Client.new(
+  host: 'localhost',
+  user: 'user',
+  password: 'pass')
 
-# login and set subscriptionId, sessionId
-poller.login
+puts "client initialized"
 
-# print events every 1 second in JSON format
-poller.poll_events 1
+# start polling
+client.start_polling

data/lib/sdee.rb

@@ -1,7 +1,6 @@
-require 'sdee/poller'
 require 'sdee/alert'
+require 'sdee/poller'
+require 'sdee/client'
 
 module SDEE
-  class << self
-  end
 end

data/lib/sdee/client.rb

@@ -0,0 +1,40 @@
+require 'sdee/poller'
+require 'sdee/alert'
+
+module SDEE
+  class Client
+    def initialize(options={})
+      @options = options
+
+      # buffer to retain alerts, threads
+      @events = @threads = []
+    end
+
+    def start_polling(num_threads=5)
+      stop_polling unless @threads.empty?
+
+      num_threads.times do
+        @threads << Thread.new do
+          poller = Poller.new(@options)
+          poller.poll
+        end
+      end
+
+      @threads.each { |t| t.join }
+    end
+
+    def stop_polling
+      @threads.each { |thread| thread.terminate }
+    end
+
+    # Removes events from buffer
+    def pop
+      @events.delete
+    end
+
+    # Retrieves but doesn't remove events from buffer
+    def get
+      @events
+    end
+  end
+end

data/lib/sdee/event.rb

@@ -0,0 +1,7 @@
+# Not implemented yet
+require 'json'
+
+module SDEE
+  class Event
+  end
+end

data/lib/sdee/poller.rb

@@ -6,12 +6,17 @@ require 'nokogiri'
 
 module SDEE
   class Poller
-    def initialize(options = {})
-      @host = options[:host]
-      @path = '/cgi-bin/sdee-server'
-      @proto = 'https://'
+    attr_accessor :authenticated, :host, :path, :scheme, :user, :password,
+      :verify_ssl, :ssl_version
 
-      @creds = Base64.encode64("#{options[:user]}:#{options[:pass]}")
+    def initialize(options = {})
+      @host = options[:host] || 'localhost'
+      @path = options[:path] || '/cgi-bin/sdee-server'
+      @scheme = options[:scheme] || 'https://'
+      @user = options[:user]
+      @password = options[:password]
+      @verify_ssl = options[:verify_ssl]
+      @ssl_version = options[:ssl_version] || :SSLv3
     end
 
     def login
@@ -34,15 +39,15 @@ module SDEE
       response
     end
 
-    def poll_events(sleep_time=5)
+    def poll(sleep_time=5)
       while true do
-        get_events
+        puts get_events
         sleep sleep_time
       end
     end
 
     def get_events
-      puts "Please login first" unless @subscription_id
+      login unless @subscription_id
 
       params = {
         action: 'get',
@@ -53,28 +58,21 @@ module SDEE
         sessionId: @session_id
       }
 
-      res = request params
-      doc = Nokogiri::XML(res.body)
-
-      xml_alerts = doc.xpath("//sd:evIdsAlert")
-      hash_alerts = xml_alerts.collect {|x| Alert.new(x.to_s).to_hash }.uniq
-
-      hash_alerts.each {|h| puts h.to_json }
-
-      hash_alerts
+      doc = Nokogiri::XML(request(params).body)
+      doc.xpath("//sd:evIdsAlert").collect {|x| Alert.new(x).to_hash }.uniq
     end
 
     def request(params)
       http = Net::HTTP.new(@host, 443)
       http.use_ssl = true
-      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-      http.ssl_version = :SSLv3
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless @verify_ssl
+      http.ssl_version = @ssl_version
 
-      uri = URI(@proto + @host + @path)
+      uri = URI(@scheme + @host + @path)
       uri.query = URI.encode_www_form(params)
 
       req = Net::HTTP::Get.new(uri)
-      req['Authorization'] = "BASIC #{@creds}"
+      req.basic_auth @user, @password
 
       http.request(req)
     end

data/sdee.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'sdee'
-  s.version       = '0.0.6'
+  s.version       = '0.0.7'
   s.summary       = 'Simple Ruby SDEE Poller'
   s.description   = 'Secure Device Event Exchange (SDEE) is a simple HTTP-based protocol used by security appliances to exchange events and alerts. Results are returned in XML. This is a very bare-bones ruby implementation to get SDEE events from a Cisco IPS in JSON format.'
   s.authors       = ['Jamil Bou Kheir']

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sdee
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Jamil Bou Kheir
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-02 00:00:00.000000000 Z
+date: 2013-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -76,6 +76,8 @@ files:
 - examples/simple.rb
 - lib/sdee.rb
 - lib/sdee/alert.rb
+- lib/sdee/client.rb
+- lib/sdee/event.rb
 - lib/sdee/poller.rb
 - sdee.gemspec
 - spec/alert_spec.rb