SPL File CyberSecTypes.spl

Specialized toolkits - release 4.3.1.0-prod20190605 > com.ibm.streams.cybersecurity 2.1.1 > com.ibm.streams.cybersecurity.types > CyberSecTypes.spl

This type is part of the PBFeatureExtractorInput_t type.

PBDNSResponseMessage_t = uint32 dstAddress, rstring questionName, list<rstring> answerData, list<rstring> nameserverData, list<rstring> additionalData, list<uint16> answerTypes, list<uint16> nameserverTypes, list<uint16> additionalTypes, list<uint32> answerTTLs, list<uint32> nameserverTTLs, list<uint32> additionalTTLs, uint8 responseCode;

This type should be used the input type of the PredictiveBlacklistingFE operator.

Contains the set of attributes that are needed by the PredictiveBlacklistingFE operator. These attributes are populated by the following operators:

PBFeatureExtractorInput_t = PBDNSResponseMessage_t, tuple<BWListTag_e bwTag, list<IPLocation_t> answerSpatialInfo, list<IPLocation_t> additionalSpatialInfo, list<IPASNInfo_t> answerASNInfo, list<IPASNInfo_t> additionalASNInfo>;

This type is part of the PredictiveBlacklisting_t type.

PBFeatureVector_t = list<float64>;

This type should be used as the output type of the PredictiveBlacklistingFE operator and the input and output type of the PredictiveBlacklisting operator.

PredictiveBlacklisting_t = PBFeatureVector_t featureVector, rstring domain, rstring predictedClass, float64 confidence;

This type is part of the DPDNSResponseMessage_t type.

ProfilingDNSResponseMessageBase_t = timestamp captureTime, uint32 dstAddress, rstring questionName, uint8 responseCode;

Domain Profiling

DPDNSResponseMessage_t = ProfilingDNSResponseMessageBase_t;

This type is part of the DomainProfilingAnalysisInput_t type.

DPFeatureVector_t = list<float64>;

This type should be used as the input type of the DomainProfiling operator.

Contains the set of attributes that are needed by the DomainProfiling operator. These attributes are populated by the following operators:

DomainProfilingInput_t = ProfilingDNSResponseMessageBase_t, tuple<BWListTag_e bwTag>;

Domain Profiling Analysis input type

DomainProfilingAnalysisInput_t = DPFeatureVector_t featureVector, timestamp profileLastUpdate, rstring questionName;

This type should be used as the output type of the DomainProfiling operator.

DomainProfilingResult_t = DPFeatureVector_t featureVector, rstring domain, timestamp profileLastUpdate, rstring predictedClass;

Host Profiling

HPDNSResponseMessage_t = ProfilingDNSResponseMessageBase_t;

This type is part of the HostProfilingAnalysisInput_t type.

HPFeatureVector_t = list<float64>;

This type should be used as the input type of the HostProfiling operator.

Contains the set of attributes that are needed by the HostProfiling operator. These attributes are populated by the following operators:

HostProfilingInput_t = ProfilingDNSResponseMessageBase_t, tuple<BWListTag_e bwTag>;

Host Profiling input type

HostProfilingAnalysisInput_t = HPFeatureVector_t featureVector, timestamp profileLastUpdate, uint32 dstAddress;

This type should be used as the output type of the HostProfiling operator.

HostProfilingResult_t = HPFeatureVector_t featureVector, rstring host, timestamp profileLastUpdate, rstring predictedClass;

DNS Tunneling input type

DNSTunnelingInput_t = rstring questionName, uint16 questionType, list<rstring> answerData, list<uint16> answerTypes;

DNS Tunneling result type

DNSTunnelingResult_t = rstring predictedClass, list<rstring> predictedClasses, list<rstring> suspiciousText, list<rstring> benignText, uint64 suspiciousCount, uint64 benignCount;

This enum type contains the valid output values of the BWListTagger operator.

BWListType_e = enum { domain, ip };

Tag type for the BWListTagger operator.

BWListTag_e = enum { nonMatched, whiteList, blackList };

Action Type for dynamically updating the BWListTagger operator

BWListAction_e = enum { add, remove };

Type for dynamically updating the BWListTagger operator

BWListUpdate_t = rstring domainIP, BWListAction_e action, BWListTag_e listTag;