RubyGems - vectra - Versions diffs - 0.0.3 → 0.1.0 - Mend

vectra 0.0.3 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7050b5ad1402a964cd1a1b18304627a7e2442161
-  data.tar.gz: 3544fc85fedf115d85e43f14b30ee7fd6b923770
+  metadata.gz: 53de84b919e4f477a7dacbe8066df6d7ba62f457
+  data.tar.gz: c3a59be8da5e83badb23f3a034a2fccae4d8044b
 SHA512:
-  metadata.gz: 8f86cc1f0615836dcedc545eb461f605f390fe0e872d14e012caea1cb50b446cdbd5b8a3631718ae177f72665173014661d7db5abcc8f6162d648fd267d68317
-  data.tar.gz: 41222a3f6227dd84524d5003e217b3cc8b866d573cfb1b49c62a17d7772d5a9b5fa427dd1f2b4a587b27b161f73d2a44d93232bafb9496c50efcc0f2c7acb7ae
+  metadata.gz: 35ba198580d653156a267523b8ae48fd8da81179fd39f49ac14a9fffabaff6a9444a0042ffb09603004688140661ba584a160a21179735f98e77dc28399cc12d
+  data.tar.gz: 4c0a5c10633dbfd9acd06c794d5c9aad9d1d88210a8663287e6586085f44539f2a51e34717c6763df3ca80b16c9bff54f12715efee78c0e67db2a48babebddae

data/README.md CHANGED

@@ -14,30 +14,47 @@ gem install vectra
 Basic Block Configuration:
-    Vectra.configure do |config|
-      config.endpoint = @endpoint_url # https://vectra/api/
-      config.username = @username
-      config.password = @password
-    end
+```ruby
+Vectra.configure do |config|
+  config.endpoint = @endpoint_url
+  config.username = @username
+  config.password = @password
+end
+```
+**endpoint** should be your Vectra box URL, no need to add the `/api` suffix. If you include it, it won't break things either.
 ## Detections
-    Vectra::Detections.all
+To get all detections, use `#all`:
-or by ID
+```ruby
+Vectra::Detections.all
+```
-    Vectra::Detections.get(1)
+You can also get a detection by ID or by referencing the detection URL:
+```ruby
+Vectra::Detections.get(1)
+Vectra::Detections.get('https://vectra/detection/1')
+```
 ## Hosts
-    Vectra::Hosts.all
+Do not use `::Hosts.all` if you are in production. This will be very costly if you have more than 5,000 discovered hosts.
+Instead, pass a Host ID or URL:
+```ruby
+Vectra::Hosts.get(1)
+```
-or by ID
+## Notes
-    Vectra::Hosts.get(1)
+Vectra uses a `next` parameter in their responses for pagination. Default pagination is `50`. This API client will follow the `next` pages.
+Currently, all responses which contain arrays (hosts and detections) will be sorted in ASC order by ID.
-# Features
+## Credit
-  - Supports Hosts and Detections
+[Mike Mackintosh](http://www.mikemackintosh.com)

data/lib/vectra.rb CHANGED

@@ -23,7 +23,7 @@ module Vectra
           "Please add it to the Vectra.configure block"
       end
     end
   end
   alias_method :config, :configure
 end

data/lib/vectra/api.rb CHANGED

@@ -1,48 +1,51 @@
 module Vectra
-  class Api
+  class API
     class InvalidResponse < RuntimeError ; end
+    include HTTParty
-    include HTTParty
+    def self.pull(url)
-    def self.send(url, args="", decode)
-      results = []
+      # Set the endpoint
+      unless Vectra::Config.endpoint.include? "/api"
+        Vectra::Config.endpoint = "#{Vectra::Config.endpoint}/api"
+      end
+      base_uri Vectra::Config.endpoint
+      # Right now, they don't support signed Certs
+      default_options.update(verify: false)
+      # Set basic auth
+      default_options.update(basic_auth: {username: Vectra::Config.username, password: Vectra::Config.password})
+      # Default the result set
+      results = []
       # Send the request
-      response = HTTParty.get(
-        "#{url}#{args}?page_size=100000",
-        :verify => false, # Vectra doesnt accept real certs yet
-        :basic_auth => {
-          :username => Vectra::Config.username,
-          :password => Vectra::Config.password
-      })
+      response = get(url)
+      # Check the response
       if !response.code.eql?(200)
-        raise Vectra::Api::InvalidResponse, "Invalid Response Received"
+        raise Vectra::API::InvalidResponse, "Invalid Response Received"
       end
-      # Decode the response
-      response = JSON.parse response.body
+      #response = response.response_parse
+      if response.parsed_response.has_key? "next"
+        unless response.parsed_response["next"].nil?
+          results.concat(self.pull(response.parsed_response["next"]))
+        end
+      end
-      # Check if we should decode this response
-      if decode
-        # Map responses
-        response['results'].map{|r| results.push(r)}
+      # Merge the results into results
+      if response.parsed_response.has_key? "results"
+        results.concat(response.parsed_response["results"])
       else
-        results = response
+        return response.parsed_response
       end
-      # If there is a next, respect it
-      #unless response['next'].nil?
-      #  puts self.send(response['next']).inspect
-      #end
-      results
-    end
+      # Sort the results and spit them out
+      results.sort!{|a,b| a['id']<=>b['id']}
-    def self.request(args="", decode=true)
-      r = self.send("#{Vectra::Config.endpoint}#{self.target}", args, decode)
-      r
     end
   end

data/lib/vectra/detections.rb CHANGED

@@ -1,18 +1,25 @@
 module Vectra
-  class Detections < Api
+  class Detections
-    attr_reader :id
-    def self.target
-      "detections?page_size=50000"
-    end
+    attr_accessor :target
+    @target = "/detections"
     def self.all
-      request
+      Vectra::API.pull(@target)
     end
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end
     def self.get(id)
-      request("/#{id}", false)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+      Vectra::API.pull("#{@target}/#{id}")
     end
   end

data/lib/vectra/hosts.rb CHANGED

@@ -1,18 +1,25 @@
 module Vectra
-  class Hosts < Api
+  class Hosts
-    attr_reader :name
-    def self.target
-      "hosts?page_size=50000"
-    end
+    attr_accessor :target
+    @target = "/hosts"
     def self.all
-      request
+      Vectra::API.pull(@target)
     end
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end
     def self.get(id)
-      request("/#{id}", false)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+      Vectra::API.pull("#{@target}/#{id}")
     end
   end

data/lib/vectra/rules.rb CHANGED

@@ -1,6 +1,6 @@
 module Vectra
-  class Rules < Api
+  class Rules
     attr_reader :id
     def self.target

data/lib/vectra/sensors.rb CHANGED

@@ -1,5 +1,5 @@
 module Vectra
-  class Sensors < Api
+  class Sensors
     attr_reader :id

data/lib/vectra/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Vectra
-  VERSION = '0.0.3'
+  VERSION = '0.1.0'
 end

data/spec/vectra/vectra_spec.rb CHANGED

@@ -1,6 +1,6 @@
 require File.join(File.dirname(__FILE__), '..', 'spec_helper')
-describe Vectra::Api, 'Configure' do
+describe Vectra::API, 'Configure' do
   include_context "shared environment"
   it 'configures correctly' do
@@ -11,12 +11,18 @@ describe Vectra::Api, 'Configure' do
     end
   end
-  it 'gets all hosts' do
-    puts Vectra::Hosts.all
-  end
+  # This WILL be costly
+  #it 'gets all hosts' do
+  #  hosts = Vectra::Hosts.all
+  #  puts hosts.count
+  #end
   it 'gets host by id' do
-    puts Vectra::Hosts.get(1)
+    puts Vectra::Hosts.get(1).inspect
+  end
+  it 'gets host by link' do
+    puts Vectra::Hosts.get("http://blah/api/hosts/1").inspect
   end
   it 'gets all detections' do
@@ -27,4 +33,8 @@ describe Vectra::Api, 'Configure' do
     puts Vectra::Detections.get(95)
   end
+  it 'gets detection by id' do
+    puts Vectra::Detections.get("http://blah/api/detections/2").inspect
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vectra
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Mike Mackintosh