class SDEE::Alert
Attributes
alert_time[RW]
attacker[RW]
attacker_locality[RW]
attacker_port[RW]
event_id[RW]
originator[RW]
protocol[RW]
risk_rating[RW]
severity[RW]
sig_detail[RW]
sig_id[RW]
sig_version[RW]
subsig_id[RW]
target_locality[RW]
target_port[RW]
targets[RW]
threat_rating[RW]
Public Class Methods
new(xml_doc)
click to toggle source
# File lib/sdee/alert.rb, line 10 def initialize(xml_doc) @alert_xml = xml_doc build_alert build_sig build_participants end
Public Instance Methods
to_hash()
click to toggle source
# File lib/sdee/alert.rb, line 18 def to_hash vars = {} instance_variables.reject {|var| var == :@alert_xml }.each do |var| vars[var.to_s[1..-1]] = instance_variable_get(var) end vars end
to_json()
click to toggle source
# File lib/sdee/alert.rb, line 28 def to_json to_hash.to_json end
Private Instance Methods
build_alert()
click to toggle source
# File lib/sdee/alert.rb, line 34 def build_alert @event_id = @alert_xml.attribute('eventId').value @severity = @alert_xml.attribute('severity').value @originator = @alert_xml.xpath('.//sd:originator').first. xpath('sd:hostId').first.text @alert_time = @alert_xml.xpath('.//sd:time').first.text @risk_rating = @alert_xml.xpath('.//cid:riskRatingValue').first.text @threat_rating = @alert_xml.xpath('.//cid:threatRatingValue').first.text @protocol = @alert_xml.xpath('.//cid:protocol').first.text end
build_participants()
click to toggle source
# File lib/sdee/alert.rb, line 59 def build_participants @targets = [] attacker = @alert_xml.xpath('.//sd:attacker').first attacker_addr = attacker.xpath('.//sd:addr').first @attacker_locality = attacker_addr.attribute('locality').value @attacker = attacker_addr.text begin @attacker_port = attacker.xpath('.//sd:port').first.text rescue @attacker_port = '0' end target_list = @alert_xml.xpath('.//sd:target') target_list.each do |target| data = {} target_addr = target.xpath('.//sd:addr').first data['target'] = target_addr.text data['target_locality'] = target_addr.attribute('locality').value begin data['target_port'] = target.xpath('.//sd:port').first.text rescue data['target_port'] = '0' end @targets << data end end
build_sig()
click to toggle source
# File lib/sdee/alert.rb, line 45 def build_sig sig = @alert_xml.xpath('.//sd:signature').first @sig_id = sig.attribute('id').value @sig_version = sig.attribute('version').value @subsig_id = sig.xpath('.//cid:subsigId').first.text begin @sig_detail = sig.xpath('.//cid:sigDetails').first.text rescue @sig_detail = sig.attribute('description').value end end