RubyGems - vectra - Versions diffs - 0.0.3 → 0.1.0 - Mend

vectra 0.0.3 → 0.1.0

Files changed (11) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7050b5ad1402a964cd1a1b18304627a7e2442161
-  data.tar.gz: 3544fc85fedf115d85e43f14b30ee7fd6b923770
+  metadata.gz: 53de84b919e4f477a7dacbe8066df6d7ba62f457
+  data.tar.gz: c3a59be8da5e83badb23f3a034a2fccae4d8044b
 SHA512:
-  metadata.gz: 8f86cc1f0615836dcedc545eb461f605f390fe0e872d14e012caea1cb50b446cdbd5b8a3631718ae177f72665173014661d7db5abcc8f6162d648fd267d68317
-  data.tar.gz: 41222a3f6227dd84524d5003e217b3cc8b866d573cfb1b49c62a17d7772d5a9b5fa427dd1f2b4a587b27b161f73d2a44d93232bafb9496c50efcc0f2c7acb7ae
+  metadata.gz: 35ba198580d653156a267523b8ae48fd8da81179fd39f49ac14a9fffabaff6a9444a0042ffb09603004688140661ba584a160a21179735f98e77dc28399cc12d
+  data.tar.gz: 4c0a5c10633dbfd9acd06c794d5c9aad9d1d88210a8663287e6586085f44539f2a51e34717c6763df3ca80b16c9bff54f12715efee78c0e67db2a48babebddae

data/README.md CHANGED

@@ -14,30 +14,47 @@ gem install vectra
 Basic Block Configuration:
-    Vectra.configure do |config|
-      config.endpoint = @endpoint_url # https://vectra/api/
-      config.username = @username
-      config.password = @password
-    end
+```ruby
+Vectra.configure do |config|
+  config.endpoint = @endpoint_url
+  config.username = @username
+  config.password = @password
+end
+```
+**endpoint** should be your Vectra box URL, no need to add the `/api` suffix. If you include it, it won't break things either.
 ## Detections
-    Vectra::Detections.all
+To get all detections, use `#all`:
-or by ID
+```ruby
+Vectra::Detections.all
+```
-    Vectra::Detections.get(1)
+You can also get a detection by ID or by referencing the detection URL:
+```ruby
+Vectra::Detections.get(1)
+Vectra::Detections.get('https://vectra/detection/1')
+```
 ## Hosts
-    Vectra::Hosts.all
+Do not use `::Hosts.all` if you are in production. This will be very costly if you have more than 5,000 discovered hosts.
+Instead, pass a Host ID or URL:
+```ruby
+Vectra::Hosts.get(1)
+```
-or by ID
+## Notes
-    Vectra::Hosts.get(1)
+Vectra uses a `next` parameter in their responses for pagination. Default pagination is `50`. This API client will follow the `next` pages.
+Currently, all responses which contain arrays (hosts and detections) will be sorted in ASC order by ID.
-# Features
+## Credit
-  - Supports Hosts and Detections
+[Mike Mackintosh](http://www.mikemackintosh.com)

data/lib/vectra.rb CHANGED

@@ -23,7 +23,7 @@ module Vectra
           "Please add it to the Vectra.configure block"
       end
     end
   end
   alias_method :config, :configure
 end

data/lib/vectra/api.rb CHANGED

@@ -1,48 +1,51 @@
 module Vectra
-  class Api
+  class API
     class InvalidResponse < RuntimeError ; end
+    include HTTParty
-    include HTTParty
+    def self.pull(url)
-    def self.send(url, args="", decode)
-      results = []
+      # Set the endpoint
+      unless Vectra::Config.endpoint.include? "/api"
+        Vectra::Config.endpoint = "#{Vectra::Config.endpoint}/api"
+      end
+      base_uri Vectra::Config.endpoint
+      # Right now, they don't support signed Certs
+      default_options.update(verify: false)
+      # Set basic auth
+      default_options.update(basic_auth: {username: Vectra::Config.username, password: Vectra::Config.password})
+      # Default the result set
+      results = []
       # Send the request
-      response = HTTParty.get(
-        "#{url}#{args}?page_size=100000",
-        :verify => false, # Vectra doesnt accept real certs yet
-        :basic_auth => {
-          :username => Vectra::Config.username,
-          :password => Vectra::Config.password
-      })
+      response = get(url)
+      # Check the response
       if !response.code.eql?(200)
-        raise Vectra::Api::InvalidResponse, "Invalid Response Received"
+        raise Vectra::API::InvalidResponse, "Invalid Response Received"
       end
-      # Decode the response
-      response = JSON.parse response.body
+      #response = response.response_parse
+      if response.parsed_response.has_key? "next"
+        unless response.parsed_response["next"].nil?
+          results.concat(self.pull(response.parsed_response["next"]))
+        end
+      end
-      # Check if we should decode this response
-      if decode
-        # Map responses
-        response['results'].map{|r| results.push(r)}
+      # Merge the results into results
+      if response.parsed_response.has_key? "results"
+        results.concat(response.parsed_response["results"])
       else
-        results = response
+        return response.parsed_response
       end
-      # If there is a next, respect it
-      #unless response['next'].nil?
-      #  puts self.send(response['next']).inspect
-      #end
-      results
-    end
+      # Sort the results and spit them out
+      results.sort!{|a,b| a['id']<=>b['id']}
-    def self.request(args="", decode=true)
-      r = self.send("#{Vectra::Config.endpoint}#{self.target}", args, decode)
-      r
     end
   end

data/lib/vectra/detections.rb CHANGED

@@ -1,18 +1,25 @@
 module Vectra
-  class Detections < Api
+  class Detections
-    attr_reader :id
-    def self.target
-      "detections?page_size=50000"
-    end
+    attr_accessor :target
+    @target = "/detections"
     def self.all
-      request
+      Vectra::API.pull(@target)
     end
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end
     def self.get(id)
-      request("/#{id}", false)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+      Vectra::API.pull("#{@target}/#{id}")
     end
   end

data/lib/vectra/hosts.rb CHANGED

@@ -1,18 +1,25 @@
 module Vectra
-  class Hosts < Api
+  class Hosts
-    attr_reader :name
-    def self.target
-      "hosts?page_size=50000"
-    end
+    attr_accessor :target
+    @target = "/hosts"
     def self.all
-      request
+      Vectra::API.pull(@target)
     end
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end
     def self.get(id)
-      request("/#{id}", false)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+      Vectra::API.pull("#{@target}/#{id}")
     end
   end

data/lib/vectra/rules.rb CHANGED

@@ -1,6 +1,6 @@
 module Vectra
-  class Rules < Api
+  class Rules
     attr_reader :id
     def self.target

data/lib/vectra/sensors.rb CHANGED

@@ -1,5 +1,5 @@
 module Vectra
-  class Sensors < Api
+  class Sensors
     attr_reader :id

data/lib/vectra/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Vectra
-  VERSION = '0.0.3'
+  VERSION = '0.1.0'
 end

data/spec/vectra/vectra_spec.rb CHANGED

@@ -1,6 +1,6 @@
 require File.join(File.dirname(__FILE__), '..', 'spec_helper')
-describe Vectra::Api, 'Configure' do
+describe Vectra::API, 'Configure' do
   include_context "shared environment"
   it 'configures correctly' do
@@ -11,12 +11,18 @@ describe Vectra::Api, 'Configure' do
     end
   end
-  it 'gets all hosts' do
-    puts Vectra::Hosts.all
-  end
+  # This WILL be costly
+  #it 'gets all hosts' do
+  #  hosts = Vectra::Hosts.all
+  #  puts hosts.count
+  #end
   it 'gets host by id' do
-    puts Vectra::Hosts.get(1)
+    puts Vectra::Hosts.get(1).inspect
+  end
+  it 'gets host by link' do
+    puts Vectra::Hosts.get("http://blah/api/hosts/1").inspect
   end
   it 'gets all detections' do
@@ -27,4 +33,8 @@ describe Vectra::Api, 'Configure' do
     puts Vectra::Detections.get(95)
   end
+  it 'gets detection by id' do
+    puts Vectra::Detections.get("http://blah/api/detections/2").inspect
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vectra
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Mike Mackintosh