Class: FIDIUS::PreludeDB::PreludeEvent

Inherits:

Connection

• Object
• ActiveRecord::Base
• Connection
• FIDIUS::PreludeDB::PreludeEvent

Defined in:

lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb

Overview

Represents an IDMEF-Event which is distributed over multiple tables in PreludeManager

Class Method Summary

• .column(name, sql_type = nil, default = nil, null = true) ⇒ Object
• .columns ⇒ Object
• .find(*args) ⇒ Object
• .find_by_sql(query) ⇒ Object
• .total_entries(options = nil) ⇒ Object

Instance Method Summary

• #analyzer_model ⇒ Object
• #dest_ip ⇒ Object
• #dest_port ⇒ Object
• #detect_time ⇒ Object
• #id ⇒ Object
• #initialize(prelude_alert) ⇒ PreludeEvent constructor

  A new instance of PreludeEvent.

• #inspect ⇒ Object
• #messageid ⇒ Object
• #payload ⇒ Object
• #severity ⇒ Object
• #source_ip ⇒ Object
• #source_port ⇒ Object
• #text ⇒ Object
• #to_s ⇒ Object

Constructor Details

#initialize(prelude_alert) ⇒ PreludeEvent

Returns a new instance of PreludeEvent.

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 13

def initialize(prelude_alert)
  @prelude_alert = prelude_alert
end

Class Method Details

.column(name, sql_type = nil, default = nil, null = true) ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 7

def self.column(name, sql_type=nil, default=nil,null=true)
  columns << ActiveRecord::ConnectionAdapters::Column.new(name.to_s,default,sql_type.to_s,null)
end

.columns ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 6

def self.columns() @columns ||= []; end

.find(*args) ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 25

def self.find(*args)
  if args[0].is_a? Numeric
    a = Alert.find(:all, :conditions => [ "_ident = ?", args[0] ])
    return PreludeEvent.new a.first
  else
    case args[0]  
      when :all
        if args[1]
          if(args[1][:conditions] == nil)
            args[1] = args[1].merge({:joins => [:detect_time,]})
            args[1] = args[1].merge({:order => 'time DESC'})
          end
        end
        a = Alert.find(*args)
        result = Array.new
        a.each do |pa|
          result.push PreludeEvent.new pa
        end
        return result
      when :first
        a = Alert.first
        return PreludeEvent.new a
      when :last
        a = Alert.last
        return PreludeEvent.new a
      else  

    end
  end
end

.find_by_sql(query) ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 17

def self.find_by_sql(query)

end

.total_entries(options = nil) ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 21

def self.total_entries(options = nil)
  return Alert.total_entries
end

Instance Method Details

#analyzer_model ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 92

def analyzer_model
  return @prelude_alert.analyzer.name.to_s  unless @prelude_alert.nil?
  return "No Ref"
end

#dest_ip ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 61

def dest_ip
  return @prelude_alert.dest_ip unless @prelude_alert.nil?
  return "No Ref"
end

#dest_port ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 71

def dest_port
  return @prelude_alert.dest_port.port unless @prelude_alert.nil?
  return "No Ref"
end

#detect_time ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 80

def detect_time
 return @prelude_alert.detect_time.time unless @prelude_alert.nil?
 return "No Ref"
end

#id ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 97

def id
  return @prelude_alert._ident  unless @prelude_alert.nil?
  return "No Ref"
end

#inspect ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 102

def inspect
  begin
  return "PreludeEvent id: "+id.to_s+", source_ip: "+source_ip+" dest_ip: "+dest_ip+" severity: "+severity+" text: "+text+" analyzer_model: "+analyzer_model+" detect_time: "+detect_time.to_s+""
  rescue
    puts $!.message+":"+$!.backtrace.to_s
  end
end

#messageid ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 114

def messageid
  return @prelude_alert.messageid unless @prelude_alert.nil?
  return "No Ref"
end

#payload ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 76

def payload
  return @prelude_alert.payload_data unless @prelude_alert.nil?
end

#severity ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 88

def severity
  return @prelude_alert.severity  unless @prelude_alert.nil?
  return "No Ref"
end

#source_ip ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 56

def source_ip
  return @prelude_alert.source_ip unless @prelude_alert.nil?
  return "No Ref"
end

#source_port ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 66

def source_port
  return @prelude_alert.source_port.port unless @prelude_alert.nil?
  return "No Ref"
end

#text ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 84

def text
  return @prelude_alert.classification.text  unless @prelude_alert.nil?
  return "No Ref"
end

#to_s ⇒ Object

# File 'lib/evasion-db/idmef-fetchers/prelude-db/lib/models/prelude_event.rb', line 110

def to_s
  "#{text}: #{source_ip}:#{source_port} -> #{dest_ip}:#{dest_port}"
end