vectra 0.1.1 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3c9a1c188116e3e862f39524b91e6b7a6caa67ac
-  data.tar.gz: e3432222c1f70cb6fe51c36fb487d9deed5868b3
+  metadata.gz: 80a30a2c4a8f5197d069da6bb592a3184a442a08
+  data.tar.gz: cc1e73c9e4091afa26927ef76308e718586ff2e6
 SHA512:
-  metadata.gz: d9a6c36c751bf22194a6f3e48015801d64e5cc8a5a6e408877f4dfec524f5e295ff3c131e130d289d9a052aed694525a7154f47cc837618e0ec624d59e9b2aa3
-  data.tar.gz: 7b68a33208086df1fad9b6602cc30b1b3467b11fb341980ca2e2ee2fea82a8570686642ee0e8f2fc68d0cb3a2e13c373a7c5f6ba84ee34d6a92e8f072897ed7a
+  metadata.gz: 9ab0eb156501023f4b4bdcda61e8ce1ccdbc170d88284f4a82ef2076ac0b2e4c487d4785283d987b910f4b7deecc1ee67389a3a550f174c58324aa9e6ee262ce
+  data.tar.gz: 12c2d1f0dfe8875d314513d17a7e41c524ad75fa2829bf8986842bec4b4508035df472fd97188cfb6589ce2e0d357c21a75a888367b538053511e9640651909c

data/.rock.yml

@@ -2,4 +2,4 @@ runtime: ruby21
 build_gem: |
   rm -rf *.gem
   gem build vectra.gemspec
-push_gem: exec gem push *.gem
+  gem push *.gem

data/README.md

@@ -38,7 +38,48 @@ You can also get a detection by ID or by referencing the detection URL:
 Vectra::Detections.get(1)
 Vectra::Detections.get('https://vectra/detection/1')
 ```
-    
+
+### Detection Details
+
+Within the response of a detection, you may find Detection Details. You can get more details on these like so:
+
+```ruby
+Vectra::Detections.get(1)["detection_detail_set"].each do |d|
+  details = Vectra::DetectionDetails.get(d)
+  puts "--> #{details["destination"]}:#{details["dst_port"]}"
+end
+```
+### Relayed Comms
+
+Another type of detection detail you may see is the following:
+
+```ruby
+Vectra::Detections.get(1)["relayed_comm_set"].each do |r|
+  details = Vectra::RelayComms.get(r)
+  puts "--> #{details['inbound_proto']} #{details["inbound_ip"]}:#{details["inbound_port"]} @ #{details['total_bytes_rcvd']} bytes"
+end
+```  
+
+### DNS
+
+There is also a DNS set:
+
+```ruby
+Vectra::Detections.get(1)["dns_set"].each do |d|
+  details = Vectra::DNS.get(r)
+  puts "--> DNS Server: #{details['dns_ip']} resolved #{details['dns_request']} to #{details['resp']}"
+end
+```   
+### SQL Injection
+
+And lastly, an SQL Injection Set
+
+```ruby
+Vectra::Detections.get(1)["sqli_set"].each do |s|
+  details = Vectra::SQLi.get(s)
+  puts "Injection Attempted: #{details['ngram']} to #{details['destination']}"
+end
+```    
 ## Hosts
 
 Do not use `::Hosts.all` if you are in production. This will be very costly if you have more than 5,000 discovered hosts.

data/lib/vectra.rb

@@ -3,13 +3,22 @@ require 'json'
 require 'fattr'
 require 'cgi'
 
+# Config
 require 'vectra/config'
+
+# Core Functions
 require 'vectra/api'
 require 'vectra/hosts'
 require 'vectra/detections'
 require 'vectra/sensors'
 require 'vectra/rules'
 
+# Detection Sets
+require 'vectra/relayed_comms'
+require 'vectra/detection_details'
+require 'vectra/sqli'
+require 'vectra/dns'
+
 module Vectra
 
   extend self

data/lib/vectra/detection_details.rb

@@ -0,0 +1,27 @@
+module Vectra
+  class DetectionDetails
+
+    attr_accessor :target
+    @target = "/detection_details"
+
+    def self.all
+      Vectra::API.pull(@target)
+    end
+
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end 
+
+    def self.get(id)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+
+      Vectra::API.pull("#{@target}/#{id}")
+    end
+
+  end
+
+end

data/lib/vectra/dns.rb

@@ -0,0 +1,27 @@
+module Vectra
+  class DNS
+
+    attr_accessor :target
+    @target = "/dns"
+
+    def self.all
+      Vectra::API.pull(@target)
+    end
+
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end 
+
+    def self.get(id)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+
+      Vectra::API.pull("#{@target}/#{id}")
+    end
+
+  end
+
+end

data/lib/vectra/relayed_comms.rb

@@ -0,0 +1,27 @@
+module Vectra
+  class RelayedComms
+
+    attr_accessor :target
+    @target = "/relayed_comm"
+
+    def self.all
+      Vectra::API.pull(@target)
+    end
+
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end 
+
+    def self.get(id)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+
+      Vectra::API.pull("#{@target}/#{id}")
+    end
+
+  end
+
+end

data/lib/vectra/sqli.rb

@@ -0,0 +1,27 @@
+module Vectra
+  class SQLi
+
+    attr_accessor :target
+    @target = "/sqli"
+
+    def self.all
+      Vectra::API.pull(@target)
+    end
+
+    def each
+      self.all.each do |host|
+        yield host
+      end
+    end 
+
+    def self.get(id)
+      unless id.is_a? Integer
+        id = id.split("/").last
+      end
+
+      Vectra::API.pull("#{@target}/#{id}")
+    end
+
+  end
+
+end

data/lib/vectra/version.rb

@@ -1,3 +1,3 @@
 module Vectra
-  VERSION = '0.1.1'
+  VERSION = '0.1.3'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vectra
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.3
 platform: ruby
 authors:
 - Mike Mackintosh
@@ -112,10 +112,14 @@ files:
 - lib/vectra.rb
 - lib/vectra/api.rb
 - lib/vectra/config.rb
+- lib/vectra/detection_details.rb
 - lib/vectra/detections.rb
+- lib/vectra/dns.rb
 - lib/vectra/hosts.rb
+- lib/vectra/relayed_comms.rb
 - lib/vectra/rules.rb
 - lib/vectra/sensors.rb
+- lib/vectra/sqli.rb
 - lib/vectra/version.rb
 - spec/spec_helper.rb
 - spec/vectra/vectra_spec.rb