You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spot.apache.org by le...@apache.org on 2021/09/21 21:06:54 UTC
[incubator-spot] branch spot-odm-dev created (now 78b9216)
This is an automated email from the ASF dual-hosted git repository.
leahy pushed a change to branch spot-odm-dev
in repository https://gitbox.apache.org/repos/asf/incubator-spot.git.
at 78b9216 adding user and email objects
This branch includes the following new commits:
new f9f9b70 creating typeScript project for ODM
new 49c32a4 missed object from previous commit
new 78b9216 adding user and email objects
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[incubator-spot] 03/03: adding user and email objects
Posted by le...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
leahy pushed a commit to branch spot-odm-dev
in repository https://gitbox.apache.org/repos/asf/incubator-spot.git
commit 78b9216ac102f41aafee267a3d92e82b392bdbe3
Author: Austin Leahy <le...@apache.org>
AuthorDate: Mon Sep 20 23:18:49 2021 -0600
adding user and email objects
---
spot-operational-data-model/package/objects/src/email.ts | 4 ++++
spot-operational-data-model/package/objects/src/user.ts | 11 +++++++++++
2 files changed, 15 insertions(+)
diff --git a/spot-operational-data-model/package/objects/src/email.ts b/spot-operational-data-model/package/objects/src/email.ts
new file mode 100644
index 0000000..c09d10e
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/email.ts
@@ -0,0 +1,4 @@
+export interface Email{
+ address: String;
+ domain: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/user.ts b/spot-operational-data-model/package/objects/src/user.ts
new file mode 100644
index 0000000..1dbde8d
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/user.ts
@@ -0,0 +1,11 @@
+import {Email} from "./email";
+
+export interface User {
+ firstName: String;
+ lastName: String;
+ email: Email;
+ address: String;
+ location: String
+ identifier: String;
+ domain: String;
+}
[incubator-spot] 01/03: creating typeScript project for ODM
Posted by le...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
leahy pushed a commit to branch spot-odm-dev
in repository https://gitbox.apache.org/repos/asf/incubator-spot.git
commit f9f9b704ee86417293ea652ab872825bee26a5cd
Author: Austin Leahy <le...@apache.org>
AuthorDate: Mon Sep 20 22:51:20 2021 -0600
creating typeScript project for ODM
Basic strutting of typeScript package layout. most odm sources have been created as objects not all objects are valid at this commit. some objects are commented out copy past from ODM documentation
---
.../package/models/tsconfig.json | 22 +++++++++++
.../package/objects/src/antivirus.ts | 27 ++++++++++++++
.../package/objects/src/application.ts | 7 ++++
.../package/objects/src/device.ts | 12 ++++++
.../package/objects/src/dhcp.ts | 5 +++
.../package/objects/src/dns.ts | 8 ++++
.../package/objects/src/endpoint.ts | 8 ++++
.../package/objects/src/file.ts | 11 ++++++
.../package/objects/src/flow.ts | 10 +++++
.../package/objects/src/ftp.ts | 21 +++++++++++
.../package/objects/src/http.ts | 17 +++++++++
.../package/objects/src/irc.ts | 7 ++++
.../package/objects/src/network.ts | 26 +++++++++++++
.../package/objects/src/proxy.ts | 13 +++++++
.../package/objects/src/signature.ts | 5 +++
.../package/objects/src/smtp.ts | 21 +++++++++++
.../package/objects/src/snmp.ts | 10 +++++
.../package/objects/src/ssh.ts | 11 ++++++
.../package/objects/src/vulnerability.ts | 7 ++++
.../package/objects/tsconfig.json | 21 +++++++++++
.../package/types/tsconfig.json | 20 ++++++++++
spot-operational-data-model/tsconfig.json | 43 ++++++++++++++++++++++
22 files changed, 332 insertions(+)
diff --git a/spot-operational-data-model/package/models/tsconfig.json b/spot-operational-data-model/package/models/tsconfig.json
new file mode 100644
index 0000000..7d1771b
--- /dev/null
+++ b/spot-operational-data-model/package/models/tsconfig.json
@@ -0,0 +1,22 @@
+{
+ "extends": "../../tsconfig.json",
+ "compilerOptions": {
+ "outDir": "../../dist/spot/odm/models",
+ "module": "commonjs",
+ "target": "es5",
+ "sourceMap": true,
+ "declaration": true,
+ "declarationMap": true,
+ "inlineSources": true,
+ "types": [],
+ "lib": [
+ "dom",
+ "es2018"
+ ]
+ },
+ "exclude": [
+ "node_modules"
+ ]
+
+ ,"include": ["src/**/*.ts"]
+}
diff --git a/spot-operational-data-model/package/objects/src/antivirus.ts b/spot-operational-data-model/package/objects/src/antivirus.ts
new file mode 100644
index 0000000..23a2720
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/antivirus.ts
@@ -0,0 +1,27 @@
+import {Application} from "./application";
+import {Signature} from "./signature";
+
+export interface Antivirus {
+ riskName: String;
+ actualAction: String;
+ requestedAction: String;
+ secondaryAction: String;
+ downloadSite: String;
+ downloadedBy: String;
+ trackingStatus: String;
+ firstSeen: BigInteger;
+ application: Application
+ categorySet: String;
+ categoryType: String;
+ threatCount: Number;
+ infectedCount: Number;
+ omittedCount: Number;
+ scanId: Number;
+ startMessage: String;
+ stopMessage: String;
+ totalFiles: Number;
+ signature: Signature;
+ intrusionUrl: String;
+ intrusionPayloadUrl: String;
+ objectName: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/application.ts b/spot-operational-data-model/package/objects/src/application.ts
new file mode 100644
index 0000000..b7b6851
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/application.ts
@@ -0,0 +1,7 @@
+export interface Application {
+ hash: String;
+ hashType: String;
+ name: String;
+ version: String;
+ type: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/device.ts b/spot-operational-data-model/package/objects/src/device.ts
new file mode 100644
index 0000000..7cdfc61
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/device.ts
@@ -0,0 +1,12 @@
+export interface Device {
+ // dvc_time long UTC timestamp from device where event/alert originates or is received 1472653952
+ // dvc_ip4/dvc_ip6 long IP address of device Integer representation of 10.1.1.1
+ // dvc_group string Device group label "somestring"
+ // dvc_server string Server label "somestring"
+ // dvc_host string Hostname of device Integer representation of 10.1.1.1
+ // dvc_domain string Domain of dvc "somestring"
+ // dvc_type string Device type that generated the log Unix, Windows, Sonicwall
+ // dvc_vendor string Vendor Microsoft, Fireeye
+ // dvc_fwd_ip4/fwd_ip6 long Forwarded from device Integer representation of 10.1.1.1
+ // dvc_version string Version "3.2.2"
+}
diff --git a/spot-operational-data-model/package/objects/src/dhcp.ts b/spot-operational-data-model/package/objects/src/dhcp.ts
new file mode 100644
index 0000000..8e8f89c
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/dhcp.ts
@@ -0,0 +1,5 @@
+export interface Dhcp {
+ assignedIp: BigInteger;
+ mac: String;
+ leaseTime: BigInteger;
+}
diff --git a/spot-operational-data-model/package/objects/src/dns.ts b/spot-operational-data-model/package/objects/src/dns.ts
new file mode 100644
index 0000000..70dc993
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/dns.ts
@@ -0,0 +1,8 @@
+export interface Dns {
+ // dns_class string DNS class 1
+ // dns_len int DNS frame length 188
+ // dns_query string Requested DNS query test.test.com
+ // dns_response_code string Response code 0x00000001
+ // dns_answers string Response to DNS Query 178.2.1.99
+ // dns_type int DNS query type 1
+}
diff --git a/spot-operational-data-model/package/objects/src/endpoint.ts b/spot-operational-data-model/package/objects/src/endpoint.ts
new file mode 100644
index 0000000..393387b
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/endpoint.ts
@@ -0,0 +1,8 @@
+export interface Endpoint {
+ // end_object string File/Process/Registry File, Registry, Process
+ // end_action string Action taken on object (open/delete/edit) Open, Edit
+ // end_msg string Message (details of action taken on object) Some long string
+ // end_app string Application Microsoft Powerpoint
+ // end_location string Location Atlanta, GA
+ // end_proc string Process SSHD
+}
diff --git a/spot-operational-data-model/package/objects/src/file.ts b/spot-operational-data-model/package/objects/src/file.ts
new file mode 100644
index 0000000..3409d27
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/file.ts
@@ -0,0 +1,11 @@
+export interface File {
+ name: String;
+ path: String;
+ accessTime: Date;
+ acls: String;
+ type: String;
+ size: Number;
+ description: String;
+ hash: String;
+ hashType: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/flow.ts b/spot-operational-data-model/package/objects/src/flow.ts
new file mode 100644
index 0000000..98561f5
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/flow.ts
@@ -0,0 +1,10 @@
+export interface Flow {
+ packetsIn: Number;
+ packetsOut: Number;
+ connectionState: String;
+ history: String;
+ sourceDscp: String;
+ destinationDscp: String;
+ input: String;
+ output: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/ftp.ts b/spot-operational-data-model/package/objects/src/ftp.ts
new file mode 100644
index 0000000..7d6f572
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/ftp.ts
@@ -0,0 +1,21 @@
+export interface Ftp {
+ // ftp_user_name string Username "somestring"
+ // ftp_password string Password "somestring"
+ // ftp_command string FTP command "somestring"
+ // ftp_arg string Argument "somestring"
+ // ftp_mime_type string Mime type "somestring"
+ // ftp_file_size int File size 1024
+ // ftp_reply_code int Reply code 3
+ // ftp_reply_msg string Reply message "somestring"
+ // ftp_data_channel_passive boolean Passive data channel? 1
+ // ftp_data_channel_rsp_p string "somestring"
+ // ftp_cwd string Current working directory "somestring"
+ // ftp_cmdarg_ts float Coming soon
+ // ftp_cmdarg_cmd string Command "somestring"
+ // ftp_cmdarg_arg string Command argument "somestring"
+ // ftp_cmdarg_seq int Sequence 2
+ // ftp_pending_commands string Pending commands "somestring"
+ // ftp_is_passive boolean Passive mode enabled 0
+ // ftp_fuid string Coming soon "somestring"
+ // ftp_last_auth_requested string Coming soon "somestring"
+}
diff --git a/spot-operational-data-model/package/objects/src/http.ts b/spot-operational-data-model/package/objects/src/http.ts
new file mode 100644
index 0000000..5d46c3f
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/http.ts
@@ -0,0 +1,17 @@
+export interface Http {
+ // http_request_method string HTTP method GET, CONNECT, POST
+ // http_request_uri string Requested URI /wcm/assets/images/imagefileicon.gif
+ // http_request_body_len int Length of request body 98
+ // http_request_user_name string username from event jsmith
+ // http_request_password string Password from event abc123
+ // http_request_proxied string Proxy request label "somestring"
+ // http_request_headers MAP HTTP request headers request_headers['HOST'] request_headers['USER-AGENT'] request_headers['ACCEPT']
+ // http_response_status_code int HTTP response status code 404
+ // http_response_status_msg string HTTP response status message "Not found"
+ // http_response_body_len int Length of response body 98
+ // http_response_info_code int HTTP response info code 100
+ // http_response_info_msg string HTTP response info message "somestring"
+ // http_response_resp_fuids string Response FUIDS "somestring"
+ // http_response_mime_types string Mime types "cgi,bat,exe"
+ // http_response_headers MAP Response headers response_headers['SERVER'] response_headers['SET-COOKIE'] response_headers['DATE']
+}
diff --git a/spot-operational-data-model/package/objects/src/irc.ts b/spot-operational-data-model/package/objects/src/irc.ts
new file mode 100644
index 0000000..e6a6a59
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/irc.ts
@@ -0,0 +1,7 @@
+export interface Irc {
+ user: String;
+ nickname: String;
+ command: String;
+ value: String;
+ additional: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/network.ts b/spot-operational-data-model/package/objects/src/network.ts
new file mode 100644
index 0000000..d7e80d3
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/network.ts
@@ -0,0 +1,26 @@
+export interface Network {
+ // src_ip4/src_ip6 bigint Source ip address of event Integer representation of 10.1.1.1
+ // src_host string Source FQDN of event test.companyA.com
+ // src_domain string Domain name of source address companyA.com
+ // src_port int Source port of event 1025
+ // src_country_code string Source country code cn
+ // src_country_name string Source country name China
+ // src_region string Source region string
+ // src_city string Source city Shenghai
+ // src_lat int Source latitude 90
+ // src_long int Source longitude 90
+ // dst_ip4/dst_ip6 bigint Destination ip address of event Integer representation of 10.1.1.1
+ // dst_host string Destination FQDN of event test.companyA.com
+ // dst_domain string Domain name of destination address companyA.com
+ // dst_port int Destination port of event 80
+ // dst_country_code string Source country code cn
+ // dst_country_name string Source country name China
+ // dst_region string Source region string
+ // dst_city string Source city Shenghai
+ // dst_lat int Source latitude 90
+ // dst_long int Source longitude 90
+ // src_asn int Autonomous system number 33
+ // dst_asn int Autonomous system number 33
+ // net_direction string Direction In, inbound, outbound, ingress, egress
+ // net_flags string TCP flags .AP.SF
+}
diff --git a/spot-operational-data-model/package/objects/src/proxy.ts b/spot-operational-data-model/package/objects/src/proxy.ts
new file mode 100644
index 0000000..1319016
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/proxy.ts
@@ -0,0 +1,13 @@
+export interface Proxy {
+ // prx_category string Event category SG-HTTP-SERVICE
+ // prx_browser string Web browser Internet Explorer
+ // prx_code string Error or response code 404
+ // prx_referrer string Referrer www.usatoday.com
+ // prx_host string Requested URI /wcm/assets/images/imagefileicon.gif
+ // prx_filter_rule string Applied filter or rule Internet, Rule 6
+ // prx_filter_result string Result of applied filter or rule Proxied, Blocked
+ // prx_query string URI query ?func=S_senseHTML&Page=a26815a313504697a126279
+ // prx_action string Action taken on object TCP_HIT, TCP_MISS, TCP_TUNNELED
+ // prx_method string HTTP method GET, CONNECT, POST
+ // prx_type string Type of request image/gif
+}
diff --git a/spot-operational-data-model/package/objects/src/signature.ts b/spot-operational-data-model/package/objects/src/signature.ts
new file mode 100644
index 0000000..5ba90ad
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/signature.ts
@@ -0,0 +1,5 @@
+export interface Signature {
+ id: String;
+ string: String;
+ subId: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/smtp.ts b/spot-operational-data-model/package/objects/src/smtp.ts
new file mode 100644
index 0000000..7d1600b
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/smtp.ts
@@ -0,0 +1,21 @@
+export interface Smtp {
+ // smtp_trans_depth int Depth of email into SMTP exchange 2
+ // smtp_headers_helo string Helo header "somestring"
+ // smtp_headers_mailfrom string Mailfrom header "somestring"
+ // smtp_headers_rcptto string Rcptto header "somestring"
+ // smtp_headers_date string Header date "somestring"
+ // smtp_headers_from string From header "somestring"
+ // smtp_headers_to string To header "somestring"
+ // smtp_headers_reply_to string Reply to header "somestring"
+ // smtp_headers_msg_id string Message ID "somestring"
+ // smtp_headers_in_reply_to string In reply to header "somestring"
+ // smtp_headers_subject string Subject "somestring"
+ // smtp_headers_x_originating_ip4 bigint Originating IP address 1203743731
+ // smtp_headers_first_received string First to receive message "somestring"
+ // smtp_headers_second_received string Second to receive message "somestring"
+ // smtp_last_reply string Last reply in message chain "somestring"
+ // smtp_path string Path of message "somestring"
+ // smtp_user_agent string User agent "somestring"
+ // smtp_tls boolean Indication of TLS use 1
+ // smtp_is_webmail boolean Indication of webmail 0
+}
diff --git a/spot-operational-data-model/package/objects/src/snmp.ts b/spot-operational-data-model/package/objects/src/snmp.ts
new file mode 100644
index 0000000..4c85108
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/snmp.ts
@@ -0,0 +1,10 @@
+export interface Snmp {
+ // snmp_version string Coming soon "somestring"
+ // snmp_community string Coming soon "somestring"
+ // snmp_get_requests int Coming soon Coming soon
+ // snmp_get_bulk_requests int Coming soon Coming soon
+ // snmp_get_responses int Coming soon Coming soon
+ // snmp_set_requests int Coming soon Coming soon
+ // snmp_display_string string Coming soon Coming soon
+ // snmp_up_since float Coming soon Coming soon
+}
diff --git a/spot-operational-data-model/package/objects/src/ssh.ts b/spot-operational-data-model/package/objects/src/ssh.ts
new file mode 100644
index 0000000..897bc52
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/ssh.ts
@@ -0,0 +1,11 @@
+export interface Ssh {
+ version: String;
+ auth: Boolean;
+ client: String;
+ server: String;
+ cipherAlgorithm: String;
+ macAlgorithm: String;
+ CompressionAlgorithm: String;
+ keyExchangeAlgorithm: String;
+ hostKeyAlgorithm: String;
+}
diff --git a/spot-operational-data-model/package/objects/src/vulnerability.ts b/spot-operational-data-model/package/objects/src/vulnerability.ts
new file mode 100644
index 0000000..319c4d7
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/vulnerability.ts
@@ -0,0 +1,7 @@
+export interface Vulnerability {
+ id: String;
+ type: String;
+ status: String;
+ severity: String;
+ created: Date;
+}
diff --git a/spot-operational-data-model/package/objects/tsconfig.json b/spot-operational-data-model/package/objects/tsconfig.json
new file mode 100644
index 0000000..eb677d7
--- /dev/null
+++ b/spot-operational-data-model/package/objects/tsconfig.json
@@ -0,0 +1,21 @@
+{
+ "extends": "../../tsconfig.json",
+ "compilerOptions": {
+ "outDir": "../../dist/spot/odm/objects",
+ "module": "commonjs",
+ "target": "es5",
+ "sourceMap": true,
+ "declaration": true,
+ "declarationMap": true,
+ "inlineSources": true,
+ "types": [],
+ "lib": [
+ "dom",
+ "es2018"
+ ]
+ },
+ "exclude": [
+ "node_modules"
+ ],
+ "include": ["src/**/*.ts"]
+}
diff --git a/spot-operational-data-model/package/types/tsconfig.json b/spot-operational-data-model/package/types/tsconfig.json
new file mode 100644
index 0000000..51b29fa
--- /dev/null
+++ b/spot-operational-data-model/package/types/tsconfig.json
@@ -0,0 +1,20 @@
+{
+ "extends": "../../tsconfig.json",
+ "compilerOptions": {
+ "outDir": "../../dist/spot/odm/types",
+ "module": "commonjs",
+ "target": "es5",
+ "sourceMap": true,
+ "declaration": true,
+ "declarationMap": true,
+ "inlineSources": true,
+ "types": [],
+ "lib": [
+ "dom",
+ "es2018"
+ ]
+ },
+ "exclude": [
+ "node_modules"
+ ]
+}
diff --git a/spot-operational-data-model/tsconfig.json b/spot-operational-data-model/tsconfig.json
new file mode 100644
index 0000000..53054e7
--- /dev/null
+++ b/spot-operational-data-model/tsconfig.json
@@ -0,0 +1,43 @@
+{
+ "compileOnSave": true,
+ "compilerOptions": {
+ "baseUrl": "./",
+ "outDir": "./dist/spot",
+ "forceConsistentCasingInFileNames": true,
+ "strict": true,
+ "noImplicitReturns": true,
+ "noFallthroughCasesInSwitch": true,
+ "sourceMap": true,
+ "declaration": false,
+ "downlevelIteration": true,
+ "experimentalDecorators": true,
+ "moduleResolution": "node",
+ "paths": {
+ "@spot/types": [
+ "dist/spot/odm/types"
+ ],
+ "@spot/types/*": [
+ "dist/spot/odm/types/*"
+ ],
+ "@spot/objects": [
+ "dist/spot/odm/objects"
+ ],
+ "@spot/objects/*": [
+ "dist/spot/odm/objects/*"
+ ],
+ "@spot/models": [
+ "dist/spot/odm/models"
+ ],
+ "@spot/models/*": [
+ "dist/spot/odm/models/*"
+ ]
+ },
+ "importHelpers": true,
+ "target": "es2017",
+ "module": "es2020",
+ "lib": [
+ "es2018",
+ "dom"
+ ]
+ }
+ }
[incubator-spot] 02/03: missed object from previous commit
Posted by le...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
leahy pushed a commit to branch spot-odm-dev
in repository https://gitbox.apache.org/repos/asf/incubator-spot.git
commit 49c32a4cb1fa5c7176435283d13a6c1f57538388
Author: Austin Leahy <le...@apache.org>
AuthorDate: Mon Sep 20 22:54:09 2021 -0600
missed object from previous commit
---
spot-operational-data-model/package/objects/src/tls.ts | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/spot-operational-data-model/package/objects/src/tls.ts b/spot-operational-data-model/package/objects/src/tls.ts
new file mode 100644
index 0000000..8f1ac81
--- /dev/null
+++ b/spot-operational-data-model/package/objects/src/tls.ts
@@ -0,0 +1,13 @@
+export interface Tls {
+ // tls_version string Coming soon Coming soon
+ // tls_cipher string Coming soon Coming soon
+ // tls_curve string Coming soon Coming soon
+ // tls_server_name string Coming soon Coming soon
+ // tls_resumed boolean Coming soon Coming soon
+ // tls_next_protocol string Coming soon Coming soon
+ // tls_established boolean Coming soon Coming soon
+ // tls_cert_chain_fuids string Coming soon Coming soon
+ // tls_client_cert_chain_fuids string Coming soon Coming soon
+ // tls_subject string Coming soon Coming soon
+ // tls_issuer string Coming soon Coming soon
+}