Class: Threatstack::Events::EnvironmentEvent

Inherits:

BaseEvent

• Object
• BaseEvent
• Threatstack::Events::EnvironmentEvent

Includes:

Constants

Defined in:

lib/events/models/environment_event.rb

Overview

Environment event model that inherits the common attributes and adds its own specifics

Constant Summary

Constants included from Constants

Constants::AGENT_ID, Constants::AGENT_INSTANCE_ID, Constants::AGENT_NAME, Constants::AGENT_VERSION, Constants::APPSEC_BASE_URL, Constants::APPSEC_EVENTS_URL, Constants::ATTACK, Constants::AWS_METADATA_URL, Constants::BLOCK_PATH_TRAVERSAL, Constants::BLOCK_SQLI, Constants::BLOCK_XSS, Constants::CGI_VARIABLES, Constants::DEPENDENCIES, Constants::DETECTED_NOT_BLOCKED, Constants::DETECT_ATTACKS_ONLY, Constants::DETECT_PATH_TRAVERSAL, Constants::DISABLED, Constants::DROP_FIELDS, Constants::ENVIRONMENT, Constants::EVENTS_PER_REQ, Constants::FILTER_BY_PATH, Constants::INSTRUMENTATION, Constants::IPV4, Constants::IPV6, Constants::JOB_INTERVAL, Constants::LOG_COLORS, Constants::LOG_LEVEL, Constants::MANUAL_INIT, Constants::MAX_QUEUED_EVENTS, Constants::PATH_TRAVERSAL, Constants::REDACTED, Constants::REQUEST_BLOCKED, Constants::ROOT_DIR, Constants::RUBY, Constants::SQLI, Constants::TRUTHY, Constants::XSS

Instance Attribute Summary

• #hostname ⇒ Object

  Returns the value of attribute hostname.

• #interfaces ⇒ Object

  Returns the value of attribute interfaces.

• #metadata ⇒ Object

  Returns the value of attribute metadata.

• #os_arch ⇒ Object

  Returns the value of attribute os_arch.

• #os_platform ⇒ Object

  Returns the value of attribute os_platform.

• #os_type ⇒ Object

  Returns the value of attribute os_type.

• #versions ⇒ Object

  Returns the value of attribute versions.

Attributes inherited from BaseEvent

#agent_type, #event_id, #event_type, #timestamp

Instance Method Summary

• #initialize(args = {}) ⇒ EnvironmentEvent constructor

  A new instance of EnvironmentEvent.

• #to_hash ⇒ Object

Methods included from Constants

app_root_dir, env, is_truthy

Methods inherited from BaseEvent

#to_core_hash, #to_json_string

Constructor Details

#initialize(args = {}) ⇒ EnvironmentEvent

Returns a new instance of EnvironmentEvent.

Parameters:

• args (Hash) (defaults to: {}) —

  String

  args.event_id

  String

  args.timestamp

# File 'lib/events/models/environment_event.rb', line 30

def initialize(args = {})
  logger = Threatstack::Utils::TSLogger.create 'EnvironmentEvent'
  logger.debug 'Creating environment event...'
  args[:event_type] = ENVIRONMENT
  @os_type = Platform::IMPL.to_s
  @os_platform = Platform::OS.to_s
  @os_arch = Platform::ARCH.to_s
  @hostname = Socket.gethostname
  @versions = { :ruby => RUBY_VERSION }
  @metadata = Threatstack::Utils::Aws.instance.get_aws_metadata
  # interface type constants
  af_link = NetworkInterface::AF_LINK
  af_inet = NetworkInterface::AF_INET
  af_inet6 = NetworkInterface::AF_INET6
  # build interface hash
  @interfaces = NetworkInterface.interfaces.each_with_object({}) do |iname, hash|
    addresses = NetworkInterface.addresses(iname)
    to_keep = []
    mac = nil
    # get mac address if any
    if addresses[af_link] && !addresses[af_link].empty?
      addr = addresses[af_link][0]
      mac = addr['addr'] if !addr['addr'].nil? && !addr['addr'].empty?
    end
    # get IPv4 addresses if any
    if addresses[af_inet] && !addresses[af_inet].empty?
      addresses[af_inet].each do |addr|
        next unless addr['addr'] && !addr['addr'].empty?

        to_keep.push(:address => addr['addr'], :netmask => addr['netmask'], :family => IPV4, :mac => mac)
      end
    end
    # get IPv6 addresses if any
    if addresses[af_inet6] && !addresses[af_inet6].empty?
      addresses[af_inet6].each do |addr|
        next unless addr['addr'] && !addr['addr'].empty?

        to_keep.push(:address => addr['addr'], :netmask => addr['netmask'], :family => IPV6, :mac => mac)
      end
    end
    # add interface entry unless no addresses were found
    hash[iname] = to_keep unless to_keep.empty?
  end
  super args
end

Instance Attribute Details

#hostname ⇒ Object

Returns the value of attribute hostname.

# File 'lib/events/models/environment_event.rb', line 22

def hostname
  @hostname
end

#interfaces ⇒ Object

Returns the value of attribute interfaces.

# File 'lib/events/models/environment_event.rb', line 24

def interfaces
  @interfaces
end

#metadata ⇒ Object

Returns the value of attribute metadata.

# File 'lib/events/models/environment_event.rb', line 23

def metadata
  @metadata
end

#os_arch ⇒ Object

Returns the value of attribute os_arch.

# File 'lib/events/models/environment_event.rb', line 21

def os_arch
  @os_arch
end

#os_platform ⇒ Object

Returns the value of attribute os_platform.

# File 'lib/events/models/environment_event.rb', line 20

def os_platform
  @os_platform
end

#os_type ⇒ Object

Returns the value of attribute os_type.

# File 'lib/events/models/environment_event.rb', line 19

def os_type
  @os_type
end

#versions ⇒ Object

Returns the value of attribute versions.

# File 'lib/events/models/environment_event.rb', line 25

def versions
  @versions
end

Instance Method Details

#to_hash ⇒ Object

# File 'lib/events/models/environment_event.rb', line 76

def to_hash
  hash = to_core_hash
  hash[:module_name] = AGENT_NAME
  hash[:payload] = {
    :hostname => @hostname,
    :os => {
      :platform => @os_platform, :type => @os_type, :arch => @os_arch
    },
    :aws => @metadata,
    :versions => @versions,
    :network => @interfaces
  }
  hash
end