Class: Dsc::AntiMalwareEventCommand

Inherits:

Command

• Object
• Command
• Dsc::AntiMalwareEventCommand

Defined in:

lib/dsc/anti_malware_event_command.rb

Overview

This class defines the arguments, options and implementation for the anti_malware_event command/subcommand.

Fields flag

• .default_fields ⇒ Array<String>

  Default fields if no argument is given.

Command definitions

• .define_commands(command_context) ⇒ void

  Define all commands for this available for this (sub) command_context.

• .define_list_command(command_context) {|list_command| ... } ⇒ void

  Define list command_context.

Command Implementations

• #list_command(options, args) ⇒ void

  list Implementation.

Class Method Summary

• .transport_class ⇒ DeepSecurity::AntiMalwareEvent

  DeepSecurity object covered by this class.

Methods inherited from Command

#api_version_command, #authenticate, command_symbol, #connect, default_fields_string, define_api_version_command, define_debug_flag, define_detail_level_flag, define_fields_flag, define_global_flags, define_manager_flag, define_manager_time_command, define_misc_commands, define_outfile_flag, define_password_flag, define_port_flag, define_progress_bar_option, define_schema_command, define_tenant_flag, define_time_filter_flag, define_time_format_flag, define_username_flag, #initialize, #manager_time_command, #output, #parse_debug_level, #parse_detail_level, #parse_fields, #parse_time_filter, #parse_time_format, schema, #schema_command, #to_display_string, transport_class_name, transport_class_string, valid_debug_levels, valid_debug_levels_string, valid_detail_levels, valid_detail_levels_string, valid_fields, valid_fields_string, valid_time_filters, valid_time_filters_string

Constructor Details

This class inherits a constructor from Dsc::Command

Class Method Details

.default_fields ⇒ Array<String>

Default fields if no argument is given

Returns:

• (Array<String>) —

  Default fields if no argument is given

# File 'lib/dsc/anti_malware_event_command.rb', line 18

def self.default_fields
  [
      # DNS name of system
      :"host.name",


      # fully qualified system node
      :"host.display_name",

      # signature / pattern version used in detection
      # MISSING

      # datetime the event was generated and/or received OS version
      :log_date,
      :start_time,
      :end_time,

      # system domain or system group
      # MISSING

      # account logged on during detection
      # MISSING

      # action taken
      :scan_action1,
      :scan_action2,
      :summary_scan_result,

      # result of action taken
      :scan_result_action1,
      :scan_result_action2,
      # :spyware_items,
      # :"spyware_items.to_json",

      # name of malware/detection
      :malware_name,
      :malware_type,

      # source/path/filename/object of detection
      :infected_file_path,
      :infection_source

  ]
end

.define_commands(command_context) ⇒ void

This method returns an undefined value.

Define all commands for this available for this (sub) command_context

Parameters:

• command_context (CLI::App) —

  The current context of the command.

# File 'lib/dsc/anti_malware_event_command.rb', line 70

def self.define_commands(command_context)
  command_context.desc "Access #{transport_class_string}s"
  command_context.command command_symbol do |anti_malware_event_command|
    define_list_command(anti_malware_event_command)
    define_schema_command(anti_malware_event_command)
  end
end

.define_list_command(command_context) {|list_command| ... } ⇒ void

This method returns an undefined value.

Define list command_context

Parameters:

• command_context (CLI::App) —

  The current context of the command.

Yields:

• (list_command) —

  Gives the list command_context to the block

Yield Parameters:

• list_command (GLI::Command) —

  The just defined list command_context

# File 'lib/dsc/anti_malware_event_command.rb', line 83

def self.define_list_command(command_context)
  super(command_context) do |list|
    define_time_filter_flag(list)
    define_time_format_flag(list)
  end
end

.transport_class ⇒ DeepSecurity::AntiMalwareEvent

DeepSecurity object covered by this class.

Returns:

• (DeepSecurity::AntiMalwareEvent)

# File 'lib/dsc/anti_malware_event_command.rb', line 10

def self.transport_class
  DeepSecurity::AntiMalwareEvent
end

Instance Method Details

#list_command(options, args) ⇒ void

This method returns an undefined value.

list Implementation. List all entries of the transport_class type according to given filter parameters.

Parameters:

• options (Hash<Symbol => Object>) —

  Merged global/local options from GLI

• args (Array<String>) —

  Arguments from GLI

Options Hash (options):

• :fields (String) —

  The fields to display.

• :time_filter (String) —

  Timeframe to request.

# File 'lib/dsc/anti_malware_event_command.rb', line 101

def list_command(options, args)
  fields = parse_fields(options[:fields])
  time_filter = parse_time_filter(options[:time_filter])
  parse_time_format(options[:time_format])
  output do |output|
    authenticate do |manager|
      progressBar = ProgressBar.new("anti_malware_event", 100) if @show_progress_bar
      manager.hosts() # Make sure that hosts are cached
      progressBar.set(10) if @show_progress_bar
      hostFilter = DeepSecurity::HostFilter.all_hosts
      eventIdFilter = DeepSecurity::IDFilter.greater_than(0)
      anti_malware_events = manager.anti_malware_events_by_time_host_event(time_filter, hostFilter, eventIdFilter)
      progressBar.set(25) if @show_progress_bar
      csv = CSV.new(output)
      csv << fields
      anti_malware_events.each do |anti_malware_event|
        progressBar.inc(75/anti_malware_events.size) if @show_progress_bar
        csv << fields.map do |attribute|
          begin
            to_display_string(anti_malware_event.instance_eval(attribute))
          rescue => e
            "ERROR (#{e.message}"
          end
        end
      end
      progressBar.finish if @show_progress_bar
    end
  end
end