private void GenerateIndicatorPanelDetail(RiskModelCategory category, RuleBase <HealthcheckData> hcrule)
{
string safeRuleId = hcrule.RiskId.Replace("$", "dollar");
object[] frameworks;
string prefix = string.Empty;
frameworks = hcrule.GetType().GetCustomAttributes(typeof(RuleMitreAttackMitigationAttribute), true);
if (frameworks != null && frameworks.Length > 0)
{
prefix += "[M]";
}
frameworks = hcrule.GetType().GetCustomAttributes(typeof(RuleMitreAttackTechniqueAttribute), true);
if (frameworks != null && frameworks.Length > 0)
{
prefix += "[T]";
}
GenerateAccordionDetail("rules" + safeRuleId, "rules" + category.ToString(), prefix + hcrule.Title + " (" + hcrule.RiskId + ")", null,
() =>
{
Add("<h3>");
Add(hcrule.Title);
Add("</h3>\r\n<strong>Rule ID:</strong><p class=\"text-justify\">");
Add(hcrule.RiskId);
Add("</p>\r\n<strong>Description:</strong><p class=\"text-justify\">");
Add(NewLineToBR(hcrule.Description));
Add("</p>\r\n<strong>Technical explanation:</strong><p class=\"text-justify\">");
Add(NewLineToBR(hcrule.TechnicalExplanation));
Add("</p>\r\n<strong>Advised solution:</strong><p class=\"text-justify\">");
Add(NewLineToBR(hcrule.Solution));
Add(@"</p>");
object[] models = hcrule.GetType().GetCustomAttributes(typeof(RuleIntroducedInAttribute), true);
if (models != null && models.Length != 0)
{
var model = (PingCastle.Rules.RuleIntroducedInAttribute)models[0];
Add("<strong>Introduced in:</strong>");
Add("<p class=\"text-justify\">");
Add(model.Version.ToString());
Add(@"</p>");
}
Add("<strong>Points:</strong><p>");
Add(NewLineToBR(hcrule.GetComputationModelString()));
Add("</p>\r\n");
if (!String.IsNullOrEmpty(hcrule.Documentation))
{
Add("<strong>Documentation:</strong><p>");
Add(hcrule.Documentation);
Add("</p>");
}
});
}
public RuleModelAttribute(string Id, RiskRuleCategory Category, RiskModelCategory Model)
{
this.Id = Id;
this.Category = Category;
this.Model = Model;
}
protected void GenerateRiskModelPanel(List <HealthcheckRiskRule> rules, int numberOfDomain = 1)
{
Add(@"
<div class=""row d-print-none""><div class=""col-lg-12"">
<a data-toggle=""collapse"" data-target=""#riskModel"">
<h2>Risk model</h2>
</a>
</div></div>
<div class=""row collapse show d-print-none"" id=""riskModel"">
<div class=""col-md-12 table-responsive"">
<table class=""model_table"">
<thead><tr><th>Stale Objects</th><th>Privileged accounts</th><th>Trusts</th><th>Anomalies</th></tr></thead>
<tbody>
");
var riskmodel = new Dictionary <RiskRuleCategory, List <RiskModelCategory> >();
foreach (RiskRuleCategory category in Enum.GetValues(typeof(RiskRuleCategory)))
{
riskmodel[category] = new List <RiskModelCategory>();
}
for (int j = 0; j < 4; j++)
{
for (int i = 0; ; i++)
{
int id = (1000 * j + 1000 + i);
if (Enum.IsDefined(typeof(RiskModelCategory), id))
{
riskmodel[(RiskRuleCategory)j].Add((RiskModelCategory)id);
}
else
{
break;
}
}
}
foreach (RiskRuleCategory category in Enum.GetValues(typeof(RiskRuleCategory)))
{
riskmodel[category].Sort(
(RiskModelCategory a, RiskModelCategory b) =>
{
return(string.Compare(ReportHelper.GetEnumDescription(a), ReportHelper.GetEnumDescription(b)));
});
}
for (int i = 0; ; i++)
{
string line = "<tr>";
bool HasValue = false;
foreach (RiskRuleCategory category in Enum.GetValues(typeof(RiskRuleCategory)))
{
if (i < riskmodel[category].Count)
{
HasValue = true;
RiskModelCategory model = riskmodel[category][i];
int score = 0;
int numrules = 0;
List <HealthcheckRiskRule> rulematched = new List <HealthcheckRiskRule>();
foreach (HealthcheckRiskRule rule in rules)
{
if (rule.Model == model)
{
numrules++;
score += rule.Points;
rulematched.Add(rule);
}
}
string tdclass = "";
if (numrules == 0)
{
tdclass = "model_good";
}
else if (score == 0)
{
tdclass = "model_info";
}
else if (score <= 10 * numberOfDomain)
{
tdclass = "model_toimprove";
}
else if (score <= 30 * numberOfDomain)
{
tdclass = "model_warning";
}
else
{
tdclass = "model_danger";
}
string tooltip = "Rules: " + numrules + " Score: " + (numberOfDomain == 0 ? 100 : score / numberOfDomain);
string tooltipdetail = null;
string modelstring = ReportHelper.GetEnumDescription(model);
rulematched.Sort((HealthcheckRiskRule a, HealthcheckRiskRule b)
=>
{
return(a.Points.CompareTo(b.Points));
});
foreach (var rule in rulematched)
{
tooltipdetail += ReportHelper.Encode(rule.Rationale) + "<br>";
var hcrule = RuleSet <T> .GetRuleFromID(rule.RiskId);
if (hcrule != null && !string.IsNullOrEmpty(hcrule.ReportLocation))
{
tooltipdetail += "<small class='text-muted'>" + ReportHelper.Encode(hcrule.ReportLocation) + "</small><br>";
}
}
line += "<td class=\"model_cell " + tdclass + "\"><div class=\"div_model\" placement=\"auto right\" data-toggle=\"popover\" title=\"" +
tooltip + "\" data-html=\"true\" data-content=\"" +
(String.IsNullOrEmpty(tooltipdetail) ? "No rule matched" : "<p>" + tooltipdetail + "</p>") + "\"><span class=\"small\">" + modelstring + "</span></div></td>";
}
else
{
line += "<td class=\"model_empty_cell\"></td>";
}
}
line += "</tr>";
if (HasValue)
{
Add(line);
}
else
{
break;
}
}
Add(@"
</tbody>
</table>
</div>
<div class=""col-md-12"" id=""maturityModel"">
Legend: <br>
<i class=""risk_model_none""> </i> score is 0 - no risk identified but some improvements detected<br>
<i class=""risk_model_low""> </i> score between 1 and 10 - a few actions have been identified<br>
<i class=""risk_model_medium""> </i> score between 10 and 30 - rules should be looked with attention<br>
<i class=""risk_model_high""> </i> score higher than 30 - major risks identified
</div>
</div>" );
}
protected void GenerateRiskModelPanel()
{
Add(@"
<div class=""row""><div class=""col-lg-12"">
<a data-toggle=""collapse"" data-target=""#riskModel"">
<h2>Risk model</h2>
</a>
</div></div>
<div class=""row""><div class=""col-lg-12"">
<p>This model regroup all rules per category. It summarize what checks are performed. Click on a cell to show all rules associated to a category.
</p>
</div></div>
<div class=""row collapse show"" id=""riskModel"">
<div class=""col-md-12 table-responsive"">
<table class=""model_table"">
<thead><tr><th>Stale Objects</th><th>Privileged accounts</th><th>Trusts</th><th>Anomalies</th></tr></thead>
<tbody>
");
var riskmodel = new Dictionary <RiskRuleCategory, List <RiskModelCategory> >();
foreach (RiskRuleCategory category in Enum.GetValues(typeof(RiskRuleCategory)))
{
riskmodel[category] = new List <RiskModelCategory>();
}
for (int j = 0; j < 4; j++)
{
for (int i = 0; ; i++)
{
int id = (1000 * j + 1000 + i);
if (Enum.IsDefined(typeof(RiskModelCategory), id))
{
riskmodel[(RiskRuleCategory)j].Add((RiskModelCategory)id);
}
else
{
break;
}
}
}
foreach (RiskRuleCategory category in Enum.GetValues(typeof(RiskRuleCategory)))
{
riskmodel[category].Sort(
(RiskModelCategory a, RiskModelCategory b) =>
{
return(string.Compare(ReportHelper.GetEnumDescription(a), ReportHelper.GetEnumDescription(b)));
});
}
for (int i = 0; ; i++)
{
string line = "<tr>";
bool HasValue = false;
foreach (RiskRuleCategory category in Enum.GetValues(typeof(RiskRuleCategory)))
{
if (i < riskmodel[category].Count)
{
HasValue = true;
RiskModelCategory model = riskmodel[category][i];
int score = 0;
int numrules = 0;
var rulematched = new List <RuleBase <HealthcheckData> >();
foreach (var rule in RuleSet <HealthcheckData> .Rules)
{
if (rule.Model == model)
{
numrules++;
score += rule.Points;
rulematched.Add(rule);
}
}
string tdclass = "";
tdclass = "model_good";
string modelstring = ReportHelper.GetEnumDescription(model);
string tooltip = modelstring + " [Rules: " + numrules + "]";
string tooltipdetail = null;
rulematched.Sort((RuleBase <HealthcheckData> a, RuleBase <HealthcheckData> b)
=>
{
return(a.Points.CompareTo(b.Points));
});
foreach (var rule in rulematched)
{
tooltipdetail += "<li>" + ReportHelper.Encode(rule.Title) + "</li><br>";
}
line += "<td class=\"model_cell " + tdclass + "\"><div class=\"div_model\" placement=\"auto\" data-toggle=\"popover\" title=\"" +
tooltip + "\" data-html=\"true\" data-content=\"" +
"<p>" + _resourceManager.GetString(model.ToString() + "_Detail") + "</p>" + (String.IsNullOrEmpty(tooltipdetail) ? "No rule matched" : "<p><ul>" + tooltipdetail + "</ul></p>") + "\"><span class=\"small\">" + modelstring + "</span></div></td>";
}
else
{
line += "<td class=\"model_empty_cell\"></td>";
}
}
line += "</tr>";
if (HasValue)
{
Add(line);
}
else
{
break;
}
}
Add(@"
</tbody>
</table>
</div>
</div>" );
}
