SPL File CyberSecTypes.spl
Specialized toolkits - release 4.3.1.0-prod20190605 > com.ibm.streams.cybersecurity 2.1.1 > com.ibm.streams.cybersecurity.types > CyberSecTypes.spl
Content
- Types
-
- BWListAction_e: Action Type for dynamically updating the BWListTagger operator
- BWListTag_e: Tag type for the BWListTagger operator.
- BWListType_e: This enum type contains the valid output values of the BWListTagger operator.
- BWListUpdate_t: Type for dynamically updating the BWListTagger operator
- DNSTunnelingInput_t: DNS Tunneling input type
- DNSTunnelingResult_t: DNS Tunneling result type
- DPDNSResponseMessage_t: Domain Profiling
- DPFeatureVector_t: This type is part of the DomainProfilingAnalysisInput_t type.
- DomainProfilingAnalysisInput_t: Domain Profiling Analysis input type
- DomainProfilingInput_t: This type should be used as the input type of the DomainProfiling operator.
- DomainProfilingResult_t: This type should be used as the output type of the DomainProfiling operator.
- HPDNSResponseMessage_t: Host Profiling
- HPFeatureVector_t: This type is part of the HostProfilingAnalysisInput_t type.
- HostProfilingAnalysisInput_t: Host Profiling input type
- HostProfilingInput_t: This type should be used as the input type of the HostProfiling operator.
- HostProfilingResult_t: This type should be used as the output type of the HostProfiling operator.
- PBDNSResponseMessage_t: This type is part of the PBFeatureExtractorInput_t type.
- PBFeatureExtractorInput_t: This type should be used the input type of the PredictiveBlacklistingFE operator.
- PBFeatureVector_t: This type is part of the PredictiveBlacklisting_t type.
- PredictiveBlacklisting_t: This type should be used as the output type of the PredictiveBlacklistingFE operator and the input and output type of the PredictiveBlacklisting operator.
- ProfilingDNSResponseMessageBase_t: This type is part of the DPDNSResponseMessage_t type.
Types
PBDNSResponseMessage_t
This type is part of the PBFeatureExtractorInput_t type.
PBDNSResponseMessage_t = uint32 dstAddress, rstring questionName, list<rstring> answerData, list<rstring> nameserverData, list<rstring> additionalData, list<uint16> answerTypes, list<uint16> nameserverTypes, list<uint16> additionalTypes, list<uint32> answerTTLs, list<uint32> nameserverTTLs, list<uint32> additionalTTLs, uint8 responseCode;
PBFeatureExtractorInput_t
This type should be used the input type of the PredictiveBlacklistingFE operator.
Contains the set of attributes that are needed by the PredictiveBlacklistingFE operator. These attributes are populated by the following operators:
- com.ibm.streamsx.network::DNSMessageParser
- com.ibm.streamsx.network::IPSpatialEnricher
- com.ibm.streamsx.network::IPASNEnricher
- com.ibm.streams.cybersecurity.tagging::BWListTagger
PBFeatureExtractorInput_t = PBDNSResponseMessage_t, tuple<BWListTag_e bwTag, list<IPLocation_t> answerSpatialInfo, list<IPLocation_t> additionalSpatialInfo, list<IPASNInfo_t> answerASNInfo, list<IPASNInfo_t> additionalASNInfo>;
PBFeatureVector_t
This type is part of the PredictiveBlacklisting_t type.
PBFeatureVector_t = list<float64>;
PredictiveBlacklisting_t
This type should be used as the output type of the PredictiveBlacklistingFE operator and the input and output type of the PredictiveBlacklisting operator.
PredictiveBlacklisting_t = PBFeatureVector_t featureVector, rstring domain, rstring predictedClass, float64 confidence;
ProfilingDNSResponseMessageBase_t
This type is part of the DPDNSResponseMessage_t type.
ProfilingDNSResponseMessageBase_t = timestamp captureTime, uint32 dstAddress, rstring questionName, uint8 responseCode;
DPDNSResponseMessage_t
Domain Profiling
DPDNSResponseMessage_t = ProfilingDNSResponseMessageBase_t;
DPFeatureVector_t
This type is part of the DomainProfilingAnalysisInput_t type.
DPFeatureVector_t = list<float64>;
DomainProfilingInput_t
This type should be used as the input type of the DomainProfiling operator.
Contains the set of attributes that are needed by the DomainProfiling operator. These attributes are populated by the following operators:
- com.ibm.streamsx.network::DNSMessageParser
- com.ibm.streams.cybersecurity.tagging::BWListTagger
DomainProfilingInput_t = ProfilingDNSResponseMessageBase_t, tuple<BWListTag_e bwTag>;
DomainProfilingAnalysisInput_t
Domain Profiling Analysis input type
DomainProfilingAnalysisInput_t = DPFeatureVector_t featureVector, timestamp profileLastUpdate, rstring questionName;
DomainProfilingResult_t
This type should be used as the output type of the DomainProfiling operator.
DomainProfilingResult_t = DPFeatureVector_t featureVector, rstring domain, timestamp profileLastUpdate, rstring predictedClass;
HPDNSResponseMessage_t
Host Profiling
HPDNSResponseMessage_t = ProfilingDNSResponseMessageBase_t;
HPFeatureVector_t
This type is part of the HostProfilingAnalysisInput_t type.
HPFeatureVector_t = list<float64>;
HostProfilingInput_t
This type should be used as the input type of the HostProfiling operator.
Contains the set of attributes that are needed by the HostProfiling operator. These attributes are populated by the following operators:
- com.ibm.streamsx.network::DNSMessageParser
- com.ibm.streams.cybersecurity.tagging::BWListTagger
HostProfilingInput_t = ProfilingDNSResponseMessageBase_t, tuple<BWListTag_e bwTag>;
HostProfilingAnalysisInput_t
Host Profiling input type
HostProfilingAnalysisInput_t = HPFeatureVector_t featureVector, timestamp profileLastUpdate, uint32 dstAddress;
HostProfilingResult_t
This type should be used as the output type of the HostProfiling operator.
HostProfilingResult_t = HPFeatureVector_t featureVector, rstring host, timestamp profileLastUpdate, rstring predictedClass;
DNSTunnelingInput_t
DNS Tunneling input type
DNSTunnelingInput_t = rstring questionName, uint16 questionType, list<rstring> answerData, list<uint16> answerTypes;
DNSTunnelingResult_t
DNS Tunneling result type
DNSTunnelingResult_t = rstring predictedClass, list<rstring> predictedClasses, list<rstring> suspiciousText, list<rstring> benignText, uint64 suspiciousCount, uint64 benignCount;
BWListType_e
This enum type contains the valid output values of the BWListTagger operator.
BWListType_e = enum { domain, ip };
BWListTag_e
Tag type for the BWListTagger operator.
BWListTag_e = enum { nonMatched, whiteList, blackList };
BWListAction_e
Action Type for dynamically updating the BWListTagger operator
BWListAction_e = enum { add, remove };
BWListUpdate_t
Type for dynamically updating the BWListTagger operator
BWListUpdate_t = rstring domainIP, BWListAction_e action, BWListTag_e listTag;