Class: Unified2::Extra

Inherits:
Object
  • Object
show all
Defined in:
lib/unified2/extra.rb

Overview

Extra

Constant Summary collapse

EXTRA_TYPES =

Type 1: True-Client-IP/XFF IPv4 address Type 2: True-Client-IP/XFF IPv6 address Type 3: ??? Type 4: HTTP Gzip decompressed data Type 5: SMTP filename Type 6: SMTP MAIL FROM addresses Type 7: SMTP RCPT TO addresses Type 8: SMTP Email headers Type 9: HTTP Request URI Type 10: HTTP Request Hostname Type 11: Packet’s IPv6 Source IP Address Type 12: Packet’s IPv6 Destination IP Address

{
  1 => [
    "EVENT_INFO_XFF_IPV4", 
    "True-Client-IP/XFF IPv4 address"
  ],
  2 => [
    "EVENT_INFO_XFF_IPV6", 
    "True-Client-IP/XFF IPv6 address"
  ],
  3 => [
    "EVENT_INFO_REVIEWED_BY", 
    "EVENT_INFO_REVIEWED_BY"
  ],
  4 => [
    "EVENT_INFO_GZIP_DATA", 
    "HTTP Gzip decompressed data"
  ],
  5 => [
    "EVENT_INFO_SMTP_FILENAME", 
    "SMTP filename"
  ],
  6 => [
    "EVENT_INFO_SMTP_MAILFROM", 
    "SMTP MAIL FROM addresses"
  ],
  7 => [
    "EVENT_INFO_SMTP_RCPTTO", 
    "SMTP RCPT TO addresses"
  ],
  8 => [
    "EVENT_INFO_SMTP_EMAIL_HDRS", 
    "SMTP Email headers"
  ],
  9 => [
    "EVENT_INFO_HTTP_URI", 
    "HTTP Request URI"
  ],
  10 => [
    "EVENT_INFO_HTTP_HOSTNAME", 
    "HTTP Request Hostname"
  ],
  11 => [
    "EVENT_INFO_IPV6_SRC", 
    "Packet's IPv6 Source IP Address"
  ],
  12 => [
    "EVENT_INFO_IPV6_DS", 
    "Packet's IPv6 Destination IP Addres"
  ]
}

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(data) ⇒ Extra

Initialize Extra object

Parameters:

  • data (Hash)

    Extra data hash



85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/unified2/extra.rb', line 85

def initialize(data)
  extra = data[:data]
  @header = extra[:header]
  @data = extra[:data]

  @timestamp = Time.at(@data[:event_second].to_i)
  @value = @data[:blob].to_s
  @length = @data[:blob_length].to_i
  @type_id = @data[:extra_type].to_i
  @data_type = @data[:data_type].to_i
  @type = EXTRA_TYPES[@type_id.to_i]
end

Instance Attribute Details

#dataObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def data
  @data
end

#data_typeObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def data_type
  @data_type
end

#extraObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def extra
  @extra
end

#headerObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def header
  @header
end

#lengthObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def length
  @length
end

#timestampObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def timestamp
  @timestamp
end

#type_idObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def type_id
  @type_id
end

#valueObject (readonly)

Build methods defaults



77
78
79
 
# File 'lib/unified2/extra.rb', line 77

def value
  @value
end

Instance Method Details

#blank?true, false

Blank?

Returns:

  • (true, false)

    Check is extra value is blank



103
104
105
106
 
# File 'lib/unified2/extra.rb', line 103

def blank?
  return true unless @value
  false
end

#descriptionString

Description

Returns:

  • (String)

    Extra data description



113
114
115
 
# File 'lib/unified2/extra.rb', line 113

def description
  @type.last
end

#nameString

Name

Returns:

  • (String)

    Extra data name



122
123
124
 
# File 'lib/unified2/extra.rb', line 122

def name
  @type.first
end

#to_hObject 



126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
 
# File 'lib/unified2/extra.rb', line 126

def to_h
 to_h = {
  :value => value,
  :header => {
    :type => header[:event_type],
    :length => header[:event_length],
  },
  :length => length,
  :name => name,
  :description => description,
  :timestamp => timestamp.to_s,
  :type_id => type_id,
  :data_type => data_type
 }
end