Class: DeepSecurity::DPIRule

Inherits:
TransportObject show all
Defined in:
lib/deepsecurity/transport_objects/dpi_rule.rb

Overview

Represents a DPI Rule that can be accessed to read, update, or when creating new DPI Rules. Creating and updating DPI Rules is considered advanced and not a routine or repetitive operation. Changing some configuration options, such as includePacketData or raiseAlert are reasonable; however, creating a new DPI rule from scratch programmatically should only be done if full testing of the ruleXML content has been performed prior.

When creating a new rule, if possible it is recommended that an existing base rule is retrieved first, then modified to reflect the new rule, and saved as the new rule.

Once a new rule has been created and saved, the returned transport object from the save rule method should be used for all subsequent configuration operations for the life of the object. The reason for this is that the Manager will populate some fields during the save operation, such as rule ID, and these fields will not be present if you do not use the returned version after saving.

Constant Summary

Constants inherited from SavonHelper::MappingObject

SavonHelper::MappingObject::BLACK_LIST

Instance Attribute Summary collapse

Attributes inherited from SavonHelper::MappingObject

#interface

Attributes included from SavonHelper::DSL

#alias_accessor

Instance Method Summary collapse

Methods inherited from TransportObject

#manager

Methods inherited from SavonHelper::CachingObject

all_cache_aspects, #cachable?, #cache, cache_aspects, cache_by_aspect, cache_key, #cache_key, from_savon, #store_in_cache

Methods inherited from SavonHelper::MappingObject

all_type_mappings, defined_attributes, from_savon, has_attribute_chain, #initialize, #to_json, #to_s, #to_savon, type_mappings

Methods included from SavonHelper::DSL

#array_boolean_accessor, #array_datetime_accessor, #array_double_accessor, #array_enum_accessor, #array_float__accessor, #array_integer_accessor, #array_ip_address_accessor, #array_object_accessor, #array_string_accessor, #attr_boolean_accessor, #attr_datetime_accessor, #attr_double_accessor, #attr_enum_accessor, #attr_float_accessor, #attr_integer_accessor, #attr_ip_address_accessor, #attr_object_accessor, #attr_string_accessor, #hint_object_accessor

Constructor Details

This class inherits a constructor from SavonHelper::MappingObject

Instance Attribute Details

#application_type_idint

ApplicationTypeTransport ID this rule is assigned to

Returns:

  • (int) 


25
26
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 25

attr_integer_accessor :application_type_id,
"ApplicationTypeTransport ID this rule is assigned to"

#authoritativeBoolean

Whether the rule is an internal read only Trend Micro rule

Returns:

  • (Boolean) 


27
28
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 27

attr_boolean_accessor :authoritative,
"Whether the rule is an internal read only Trend Micro rule"

#cvss_scorefloat

Final calculated CVSS score of the vulnerability information. A rule may resolve multiple vulnerabilities, so this will always be the highest CVSS score.

Returns:

  • (float) 


29
30
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 29

attr_double_accessor :cvss_score,
"Final calculated CVSS score of the vulnerability information. A rule may resolve multiple vulnerabilities, so this will always be the highest CVSS score."

#descriptionString

Description

Returns:



21
22
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 21

attr_string_accessor :description,
"Description"

#detect_onlyBoolean

Whether the rule is detect only

Returns:

  • (Boolean) 


31
32
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 31

attr_boolean_accessor :detect_only,
"Whether the rule is detect only"

#disable_eventBoolean

Whether the rule is disabled

Returns:

  • (Boolean) 


33
34
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 33

attr_boolean_accessor :disable_event,
"Whether the rule is disabled"

#event_on_packet_dropBoolean

Whether the rule should trigger an event when the connection is dropped

Returns:

  • (Boolean) 


35
36
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 35

attr_boolean_accessor :event_on_packet_drop,
"Whether the rule should trigger an event when the connection is dropped"

#event_on_packet_modifyBoolean

Whether the rule should trigger an event when a packet is modified by a rule (uncommon)

Returns:

  • (Boolean) 


37
38
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 37

attr_boolean_accessor :event_on_packet_modify,
"Whether the rule should trigger an event when a packet is modified by a rule (uncommon)"

#idint

ID

Returns:

  • (int) 


17
18
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 17

attr_integer_accessor :id,
"ID"

#identifierString

Public identifier of the filter used by Trend Micro to track filters

Returns:



39
40
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 39

attr_string_accessor :identifier,
"Public identifier of the filter used by Trend Micro to track filters"

#ignore_recommendationsBoolean

Whether the Recommendation Engine should ignore this rule

Returns:

  • (Boolean) 


41
42
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 41

attr_boolean_accessor :ignore_recommendations,
"Whether the Recommendation Engine should ignore this rule"

#include_packet_dataBoolean

Whether this rule events should include packet data

Returns:

  • (Boolean) 


43
44
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 43

attr_boolean_accessor :include_packet_data,
"Whether this rule events should include packet data"

#issuedDateTime

Date this rule was issued

Returns:

  • (DateTime) 


45
46
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 45

attr_datetime_accessor :issued,
"Date this rule was issued"

#nameString

Name

Returns:



19
20
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 19

attr_string_accessor :name,
"Name"

#pattern_actionEnumDPIRuleAction

Action for START_END_PATTERNS type rule, e.g., DROP_CLOSE, LOG_ONLY

Returns:



47
48
49
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 47

attr_enum_accessor :pattern_action,
EnumDPIRuleAction,
"Action for START_END_PATTERNS type rule, e.g., DROP_CLOSE, LOG_ONLY"

#pattern_case_sensitiveBoolean

Whether a START_END_PATTERNS type rule should consider case sensitivity

Returns:

  • (Boolean) 


50
51
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 50

attr_boolean_accessor :pattern_case_sensitive,
"Whether a START_END_PATTERNS type rule should consider case sensitivity"

#pattern_endString

End pattern

Returns:



52
53
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 52

attr_string_accessor :pattern_end,
"End pattern"

#pattern_ifEnumDPIRuleIf

Trigger if a START_END_PATTERNS type rule meets the criteria, e.g., ALL_PATTERNS_FOUND, ANY_PATTERNS_FOUND, NO_PATTERNS_FOUND

Returns:



54
55
56
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 54

attr_enum_accessor :pattern_if,
EnumDPIRuleIf,
"Trigger if a START_END_PATTERNS type rule meets the criteria, e.g., ALL_PATTERNS_FOUND, ANY_PATTERNS_FOUND, NO_PATTERNS_FOUND"

#pattern_patternsString

A newline separated list of strings which will be used by a START_END_PATTERNS type rule

Returns:



57
58
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 57

attr_string_accessor :pattern_patterns,
"A newline separated list of strings which will be used by a START_END_PATTERNS type rule"

#pattern_startString

Start pattern

Returns:



59
60
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 59

attr_string_accessor :pattern_start,
"Start pattern"

#priorityEnumDPIRulePriority

Rule priority, e.g., HIGHEST, NORMAL, LOWEST

Returns:



61
62
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 61

attr_enum_accessor :priority, EnumDPIRulePriority,
"Rule priority, e.g., HIGHEST, NORMAL, LOWEST"

#raise_alertBoolean

Whether an alert should be raised when the rule triggers

Returns:

  • (Boolean) 


63
64
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 63

attr_boolean_accessor :raise_alert,
"Whether an alert should be raised when the rule triggers"

#rule_xmlString

Rule XML of a CUSTOM_XML type rule. This may not be available for rules that have thirdBrigade set to TRUE

Returns:



65
66
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 65

attr_string_accessor :rule_xml,
"Rule XML of a CUSTOM_XML type rule. This may not be available for rules that have thirdBrigade set to TRUE"

#schedule_idint

ScheduleTransport ID assigned to this rule

Returns:

  • (int) 


67
68
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 67

attr_integer_accessor :schedule_id,
"ScheduleTransport ID assigned to this rule"

#severityEnumDPIRuleSeverity

Severity, e.g., CRITICAL, LOW

Returns:



69
70
71
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 69

attr_enum_accessor :severity,
EnumDPIRuleSeverity,
"Severity, e.g., CRITICAL, LOW"

#signature_actionEnumDPIRuleAction

Action for SIGNATURE type rule, e.g., DROP_CLOSE, LOG_ONLY

Returns:



72
73
74
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 72

attr_enum_accessor :signature_action,
EnumDPIRuleAction,
"Action for SIGNATURE type rule, e.g., DROP_CLOSE, LOG_ONLY"

#signature_case_sensitiveBoolean

Whether a SIGNATURE type rule should consider case sensitivity

Returns:

  • (Boolean) 


75
76
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 75

attr_boolean_accessor :signature_case_sensitive,
"Whether a SIGNATURE type rule should consider case sensitivity"

#signature_signatureString

Signature string which will be used by a SIGNATURE type rule

Returns:



77
78
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 77

attr_string_accessor :signature_signature,
"Signature string which will be used by a SIGNATURE type rule"

#tbuidString

Internal TBUID of a Trend Micro issued DPI Rule

Returns:



23
24
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 23

attr_string_accessor :tbuid,
"Internal TBUID of a Trend Micro issued DPI Rule"

#template_typeEnumDPIRuleTemplateType

Rule Type, e.g., CUSTOM_XML, SIGNATURE, START_END PATTERNS

Returns:



79
80
81
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 79

attr_enum_accessor :template_type,
EnumDPIRuleTemplateType,
"Rule Type, e.g., CUSTOM_XML, SIGNATURE, START_END PATTERNS"

Instance Method Details

#application_typeObject 



85
86
87
 
# File 'lib/deepsecurity/transport_objects/dpi_rule.rb', line 85

def application_type
  @dsm.application_type(@application_type_id)
end