Class: Oober::CefLogger

Inherits:

Hashie::Dash

• Object
• Hashie::Dash
• Oober::CefLogger

Defined in:

lib/oober/cef_logger.rb

Instance Method Summary

• #cef ⇒ Object
• #event_defaults ⇒ Object
• #extract_blocks(blocks = get_blocks) ⇒ Object
• #extractor_pipeline(blocks = get_blocks) ⇒ Object
• #get_blocks ⇒ Object
• #poll_messages ⇒ Object
• #request_message ⇒ Object
• #taxii ⇒ Object
• #transform_extracts(events = extract_blocks) ⇒ Object

Instance Method Details

#cef ⇒ Object

# File 'lib/oober/cef_logger.rb', line 26

def cef
  @cef ||= CEF.logger(export_config)
end

#event_defaults ⇒ Object

# File 'lib/oober/cef_logger.rb', line 17

def event_defaults
  @event_defaults ||= {
    name: self.feed_name,
    deviceProduct: self.class.name,
    deviceVersion: Oober::VERSION,
    receiptTime: Time.new
  }
end

#extract_blocks(blocks = get_blocks) ⇒ Object

# File 'lib/oober/cef_logger.rb', line 45

def extract_blocks(blocks=get_blocks)
  extractor_pipeline(blocks).flat_map(&:extract)
                            .map {|extracted| extracted.merge(event_defaults)}
end

#extractor_pipeline(blocks = get_blocks) ⇒ Object

# File 'lib/oober/cef_logger.rb', line 38

def extractor_pipeline(blocks=get_blocks)
  extractors = blocks.flat_map do |block|
    extractor_configs.map { |conf| extractor.new(conf.merge(data: block)) }
  end
  extractors.reject {|ext| ext.selected.empty? }
end

#get_blocks ⇒ Object

# File 'lib/oober/cef_logger.rb', line 34

def get_blocks
  taxii.get_content_blocks(self.request_message)
end

#poll_messages ⇒ Object

# File 'lib/oober/cef_logger.rb', line 54

def poll_messages
  transform_extracts(extract_blocks).each do |transformed_event|
    cef.emit(transformed_event)
  end
end

#request_message ⇒ Object

# File 'lib/oober/cef_logger.rb', line 60

def request_message
  full_results = Taxii::Messages::Parameters::Poll.new(response_type: 'FULL')
  req = Taxii::Messages::PollRequest.new(collection_name: feed_name, poll_parameters: full_results)
  req.to_xml
end

#taxii ⇒ Object

# File 'lib/oober/cef_logger.rb', line 30

def taxii
  @taxii ||= Taxii::PollClient.new(taxii_config)
end

#transform_extracts(events = extract_blocks) ⇒ Object

# File 'lib/oober/cef_logger.rb', line 50

def transform_extracts(events=extract_blocks)
  events.map {|event| CEF::Event.new(event) }
end