IBM InfoSphere Streams Version 4.1.1

SPL File CyberSecTypes.spl

SPL standard and specialized toolkits > com.ibm.streams.cybersecurity 1.0.0 > com.ibm.streams.cybersecurity.types > CyberSecTypes.spl

Content

Types

Types

PBDNSResponseMessage_t

PBDNSResponseMessage_t = rstring dstAddress, rstring questionName, uint16 answerCount, uint16 nameserverCount, uint16 additionalCount, list<rstring> answerData, list<rstring> nameserverData, list<rstring> additionalData, list<uint16> answerTypes, list<uint16> nameserverTypes, list<uint16> additionalTypes, list<uint32> answerTTLs, list<uint32> nameserverTTLs, list<uint32> additionalTTLs, uint8 responseCode;

PBFeatureExtractorInput_t

This type should be used the input type of the PredictiveBlacklistingFE operator.

Contains the set of attributes that are needed by the PredictiveBlacklistingFE operator. These attributes are populated by the following operators:

  • com.ibm.streamsx.network::DNSMessageParser
  • com.ibm.streamsx.network::IPSpatialEnricher
  • com.ibm.streamsx.network::IPASNEnricher
  • com.ibm.streams.cybersecurity.tagging::BWListTagger

PBFeatureExtractorInput_t = PBDNSResponseMessage_t, tuple<BWListTag_e bwTag, list<IPLocation_t> answerSpatialInfo, list<IPLocation_t> additionalSpatialInfo, list<IPASNInfo_t> answerASNInfo, list<IPASNInfo_t> additionalASNInfo>;

PBFeatureVector_t

PBFeatureVector_t = list<float64>;

PredictiveBlacklisting_t

This type should be used as the output type of the PredictiveBlacklistingFE operator and the input and output type of the PredictiveBlacklisting operator.

PredictiveBlacklisting_t = PBFeatureVector_t featureVector, rstring domain, rstring predictedClass, float64 confidence;

DPDNSResponseMessage_t

DPDNSResponseMessage_t = timestamp captureTime, rstring dstAddress, rstring questionName, uint8 responseCode, list<rstring> answerData, list<rstring> additionalData;

DPFeatureVector_t

DPFeatureVector_t = list<float64>;

DomainProfilingInput_t

This type should be used as the input type of the DomainProfiling operator.

Contains the set of attributes that are needed by the DomainProfiling operator. These attributes are populated by the following operators:

  • com.ibm.streamsx.network::DNSMessageParser
  • com.ibm.streams.cybersecurity.tagging::BWListTagger

DomainProfilingInput_t = DPDNSResponseMessage_t, tuple<BWListTag_e bwTag>;

DomainProfilingResult_t

This type should be used as the output type of the DomainProfiling operator.

DomainProfilingResult_t = DPFeatureVector_t featureVector, rstring domain, timestamp profileLastUpdate, rstring predictedClass;

HPDNSResponseMessage_t

HPDNSResponseMessage_t = timestamp captureTime, rstring dstAddress, rstring questionName, uint8 responseCode, list<rstring> answerData, list<rstring> additionalData;

HPFeatureVector_t

HPFeatureVector_t = list<float64>;

HostProfilingInput_t

This type should be used as the input type of the HostProfiling operator.

Contains the set of attributes that are needed by the HostProfiling operator. These attributes are populated by the following operators:

  • com.ibm.streamsx.network::DNSMessageParser
  • com.ibm.streams.cybersecurity.tagging::BWListTagger

HostProfilingInput_t = HPDNSResponseMessage_t, tuple<BWListTag_e bwTag>;

HostProfilingResult_t

This type should be used as the output type of the HostProfiling operator.

HostProfilingResult_t = HPFeatureVector_t featureVector, rstring host, timestamp profileLastUpdate, rstring predictedClass;

BWListTag_e

This enum type contains the valid output values of the BWListTagger operator.

BWListTag_e = enum { nonMatched, whiteList, blackListIP, blackListDomain };