|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface StandardIfmapMetadataFactory
Inteface to create some of the standard metadata specified by IF-MAP 2.0.
Method Summary | |
---|---|
Document |
createArDev()
Create a Document representing access-request-device metadata. |
Document |
createArIp()
Create a Document representing access-request-ip metadata. |
Document |
createArMac()
Create a Document representing access-request-mac metadata. |
Document |
createAuthAs()
Create a Document representing authenticated-as metadata. |
Document |
createAuthBy()
Create a Document representing authenticated-by metadata. |
Document |
createCapability(String name)
Create a Document representing capability metadata. |
Document |
createCapability(String name,
String administrativeDomain)
Create a Document representing capability metadata. |
Document |
createDevAttr(String name)
Create a Document representing device-attribute metadata. |
Document |
createDevChar(String manufacturer,
String model,
String os,
String osVersion,
String deviceType,
String discoveredTime,
String discovererId,
String discoveryMethod)
Create a Document representing device-characteristic metadata. |
Document |
createDevIp()
Create a Document representing device-ip metadata. |
Document |
createDiscoveredBy()
Create a Document representing discovered-by metadata. |
Document |
createEnforcementReport(EnforcementAction enforcementAction,
String otherTypeDefinition,
String enforcementReason)
Create a Document representing enforcement-report metadata. |
Document |
createEvent(String name,
String discoveredTime,
String discovererId,
Integer magnitude,
Integer confidence,
Significance significance,
EventType type,
String otherTypeDefinition,
String information,
String vulnerabilityUri)
Create a Document representing event metadata. |
Document |
createIpMac()
Create a Document representing ip-mac metadata. |
Document |
createIpMac(String startTime,
String endTime,
String dhcpServer)
Create a Document representing ip-mac metadata based on the given
parameters. |
Document |
createLayer2Information(Integer vlan,
String vlanName,
Integer port,
String administrativeDomain)
Create a Document representing layer2-information metadata. |
Document |
createLocation(List<LocationInformation> locationInformation,
String discoveredTime,
String discovererId)
Create a Document representing location metadata. |
Document |
createRequestForInvestigation(String qualifier)
Create a Document representing request-for-investigation metadata. |
Document |
createRole(String name)
Create a Document representing role metadata. |
Document |
createRole(String name,
String administrativeDomain)
Create a Document representing role metadata. |
Document |
createUnexpectedBehavior(String discoveredTime,
String discovererId,
Integer magnitude,
Integer confidence,
Significance significance,
String type)
Create a Document representing unexpected-behavior metadata. |
Document |
createWlanInformation(String ssid,
List<WlanSecurityType> ssidUnicastSecurity,
WlanSecurityType ssidGroupSecurity,
List<WlanSecurityType> ssidManagementSecurity)
Create a Document representing wlan-information metadata. |
Method Detail |
---|
Document createIpMac(String startTime, String endTime, String dhcpServer)
Document
representing ip-mac metadata based on the given
parameters.
ip-mac is link metadata that associates an ip-address identifier with a mac-address identifier and which includes optional DHCP lease information
startTime
- the start-time value or nullendTime
- the end-time value or nulldhcpServer
- the dhcp-server value or null
Document
that represents the metadataDocument createIpMac()
Document
representing ip-mac metadata.
ip-mac is link metadata that associates an ip-address identifier with a mac-address identifier and which includes optional DHCP lease information
Document
that represents the metadataDocument createArMac()
Document
representing access-request-mac metadata.
access-request-mac is link metadata that associates an access-request identifier with a mac-address identifier
Document
that represents the metadataDocument createArDev()
Document
representing access-request-device metadata.
access-request-device is link metadata that associates an access-request identifier with a device identifier
Document
that represents the metadataDocument createArIp()
Document
representing access-request-ip metadata.
access-request-ip is link metadata that associates an access-request identifier with an ip-address identifier
Document
that represents the metadataDocument createAuthAs()
Document
representing authenticated-as metadata.
authenticated-as is link metadata that associates an access-request identifier with an identity identifier
Document
that represents the metadataDocument createAuthBy()
Document
representing authenticated-by metadata.
authenticated-by is link metadata that associates an access-request identifier with the device identifier of the PDP that authenticated the access-request
Document
that represents the metadataDocument createDevIp()
Document
representing device-ip metadata.
device-ip is link metadata that associates a device identifier of a PDP with an IP address which it has authenticated
Document
that represents the metadataDocument createDiscoveredBy()
Document
representing discovered-by metadata.
discovered-by is link metadata that associates an ip-address or mac-address identifier of an endpoint with the device identifier of a MAP Client that has noticed the endpoint on the network
Document
that represents the metadataDocument createRole(String name, String administrativeDomain)
Document
representing role metadata.
role is link metadata that associates an access-request identifier with an identity identifier and which names collections of privileges associated with the end-user
name
- the name of the roleadministrativeDomain
- the administrative-domain or null
Document
that represents the metadataDocument createRole(String name)
Document
representing role metadata.
role is link metadata that associates an access-request identifier with an identity identifier and which names collections of privileges associated with the end-user
name
-
Document
that represents the metadataDocument createDevAttr(String name)
Document
representing device-attribute metadata.
device-attribute is link metadata that associates an access-request identifier with a device identifier and which includes information about the device such as its health
name
- the name of the attribute
Document
that represents the metadataDocument createCapability(String name, String administrativeDomain)
Document
representing capability metadata.
capability metadata refers to a collection of privileges assigned to an endpoint as a result of an access request.
name
- the name of the capabilityadministrativeDomain
- the administrative-domain or null
Document
that represents the metadataDocument createCapability(String name)
Document
representing capability metadata.
capability metadata refers to a collection of privileges assigned to an endpoint as a result of an access request.
name
- the name of the capability
Document
that represents the metadataDocument createDevChar(String manufacturer, String model, String os, String osVersion, String deviceType, String discoveredTime, String discovererId, String discoveryMethod)
Document
representing device-characteristic metadata.
device-characteristic is metadata assigned to a specific endpoint by a MAP Client (usually a PDP or Sensor) to reflect an inherent characteristic of that endpoint, such as its manufacturer or what operating system it is running, along with what element discovered the information and what method of discovery was used.
manufacturer
- the manufacturer of the endpointmodel
- the model of the endpointos
- the operating system of the endpointosVersion
- the version of the endpoint's operating systemdeviceType
- the type of the endpointdiscoveredTime
- (mandatory) the time at which this
device-characteristic was first detecteddiscovererId
- (mandatory)discoveryMethod
- (mandatory) the element that discovered the characteristic
Document
that represents the metadataDocument createEnforcementReport(EnforcementAction enforcementAction, String otherTypeDefinition, String enforcementReason)
Document
representing enforcement-report metadata.
enforcement-report metadata is attached to a link to associate a specific mac-address identifier or ip-address identifier with a specific device identifier representing a PEP or Flow Controller. A Flow controller may create the association when it takes enforcement action against an endpoint. A PDP may create the association when it instructs a PEP to take enforcement action against an endpoint.
enforcementAction
- the enforcement action that should be takenotherTypeDefinition
- this must not be null if action is
EnforcementAction.block
enforcementReason
- the reason of the enforcement
Document
that represents the metadataDocument createEvent(String name, String discoveredTime, String discovererId, Integer magnitude, Integer confidence, Significance significance, EventType type, String otherTypeDefinition, String information, String vulnerabilityUri)
Document
representing event metadata.
event metadata refers to activity of interest detected on the network. Examples include network traffic that matches the profile of a virus attack, excessive network traffic originating from a particular endpoint, and the use of a specific protocol such as an Instant Messaging protocol.
name
- the name of the eventdiscoveredTime
- the time it was discovereddiscovererId
- the entity that discovered the eventmagnitude
- must be between 0 and 100confidence
- must be between 0 and 100significance
- the significance of the eventtype
- the type of the eventotherTypeDefinition
- must not be null if type is EventType.other
information
- a human readable String
containgin further informationvulnerabilityUri
- must not be null if event is of type EventType.cve
Document
that represents the metadataDocument createLayer2Information(Integer vlan, String vlanName, Integer port, String administrativeDomain)
Document
representing layer2-information metadata.
layer2-information is attached to a link between an access-request and the device identifier of the PEP through which access is occurring. layer2-information includes vlan, which specifies the VLAN assigned to the access request; port, which specifies the port on the layer 2 PEP that the access-request originates from; and an optional administrative-domain, which may be used to distinguish between two instances of the same VLAN number in different parts of a network.
vlan
- the ID of the VLANvlanName
- the name of the VLANport
- the port numberadministrativeDomain
- the administrative domain (may be null)
Document
that represents the metadataDocument createLocation(List<LocationInformation> locationInformation, String discoveredTime, String discovererId)
Document
representing location metadata.
The location metadata element represents a named region of space – usually a region with security import. The region may be contiguous or discontiguous and may have any shape and boundaries as defined by an organization.
locationInformation
- list of all location information elementsdiscoveredTime
- the time the location information was discovereddiscovererId
- the entity that discovered the location information
Document
that represents the metadataDocument createRequestForInvestigation(String qualifier)
Document
representing request-for-investigation metadata.
request-for-investigation metadata indicates that specified device, which may be a PDP or other MAP Client, wants Sensors to publish device-characteristic metadata about the specified MAC or IP address.
qualifier
- indicate what type of investigation should be done
Document
that represents the metadataDocument createWlanInformation(String ssid, List<WlanSecurityType> ssidUnicastSecurity, WlanSecurityType ssidGroupSecurity, List<WlanSecurityType> ssidManagementSecurity)
Document
representing wlan-information metadata.
wlan-information is attached to a link to associate a specific access-request identifier with a specific device identifier representing the PEP through which access is occurring.
ssidUnicastSecurity
- the unicast securityssidGroupSecurity
- the group securityssidManagementSecurity
- the management security
Document
that represents the metadataDocument createUnexpectedBehavior(String discoveredTime, String discovererId, Integer magnitude, Integer confidence, Significance significance, String type)
Document
representing unexpected-behavior metadata.
Unexpected-behavior metadata indicates that an endpoint is behaving in an unauthorized or unexpected manner (e.g. an endpoint previously profiled as a printer that starts sending non-print-related traffic).
discoveredTime
- the time it was discovereddiscovererId
- the entity that discovered itmagnitude
- element indicates how severe the effects of the activity
are. Ranges from 0 to 100.confidence
- indicates how confident the MAP Client that published
the metadata is that it accurately describes the activity of
interest. Ranges from 0 to 100.significance
- indicates how important the unexpected behavior istype
- machine consumable String
indicating the nature of
the unexpected behavior
Document
that represents the metadata
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |