org.thales.punch.libraries.punchlang.operator

Class CefOperator

java.lang.Object

org.thales.punch.libraries.punchlang.operator.CefOperator

public class CefOperator
extends Object

The CefOperator transform a CEF compliant string into a Json tuple.

 
 Tuple tuple;
 cef().on("CEF:0|security|threatmanager|1.0|100|worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2 spt=1232")
 .into(tuple);
 print(tuple);
 
 

produces

 
 {
 "SignatureId": "100",
 "Extension": {
 "dst": "2.1.2.2",
 "src": "10.0.0.1",
 "spt": "1232"
 },
 "DeviceProduct": "threatmanager",
 "Severity": "10",
 "DeviceVersion": "1.0",
 "DeviceVendor": "security",
 "Name": "worm successfully stopped"
 }
 

Constructor Summary

Constructors

Constructor and Description
CefOperator() Create a CefOperator.

Method Summary

Modifier and Type	Method and Description
boolean	into(Tuple tuple) Fire the operator and put the result inside a destination tuple
CefOperator	on(String input) Make the operator work on an input String
CefOperator	on(Tuple input) Make the operator work on an input Tuple.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CefOperator

public CefOperator()

Create a CefOperator.

Method Detail

on

public CefOperator on(String input)

Make the operator work on an input String

Parameters:

input - the input String

Returns:

this operator

on

public CefOperator on(Tuple input)

Make the operator work on an input Tuple. The Tuple must contain a String leaf value.

Parameters:

input - the input Tuple

Returns:

this operator

into

public boolean into(Tuple tuple)

Fire the operator and put the result inside a destination tuple

Parameters:

tuple - the destination tuple

Returns:

true if a valid CEF message was extracted.