/// <summary>
///
/// </summary>
/// <param name="filePath">The output file name</param>
public void ExportExcludes(string filePath)
{
if (IsRunning == true)
{
OnExclamation("Already performing an export");
return;
}
IsRunning = true;
new Thread(() =>
{
try
{
List<Exclude> excludes = new List<Exclude>();
using (NPoco.Database dbMySql = new NPoco.Database(Db.GetOpenMySqlConnection()))
{
var data = dbMySql.Fetch<Dictionary<string, object>>(_sql.GetQuery(snorbert.Configs.Sql.Query.SQL_EXCLUDES));
foreach (Dictionary<string, object> temp in data)
{
Exclude exclude = new Exclude();
exclude.Id = long.Parse(temp["id"].ToString());
exclude.SigId = long.Parse(temp["sig_id"].ToString());
exclude.SigSid = long.Parse(temp["sig_sid"].ToString());
exclude.Rule = temp["sig_name"].ToString();
exclude.SourceIpText = temp["ip_src"].ToString();
exclude.DestinationIpText = temp["ip_dst"].ToString();
if (((byte[])temp["fp"])[0] == 48)
{
exclude.FalsePositive = false;
}
else
{
exclude.FalsePositive = true;
}
exclude.Timestamp = DateTime.Parse(temp["timestamp"].ToString());
excludes.Add(exclude);
}
}
CsvConfiguration csvConfiguration = new CsvConfiguration();
csvConfiguration.Delimiter = '\t';
using (FileStream fileStream = new FileStream(filePath, FileMode.Append, FileAccess.Write))
using (StreamWriter streamWriter = new StreamWriter(fileStream))
using (CsvHelper.CsvWriter csvWriter = new CsvHelper.CsvWriter(streamWriter, csvConfiguration))
{
// Write out the file headers
csvWriter.WriteField("Sig. ID");
csvWriter.WriteField("Source IP");
csvWriter.WriteField("Destination IP");
csvWriter.WriteField("FP");
csvWriter.WriteField("Comment");
csvWriter.WriteField("Sig. Name");
csvWriter.WriteField("Timestamp");
csvWriter.WriteField("Sig.");
csvWriter.NextRecord();
foreach (var temp in excludes)
{
csvWriter.WriteField(temp.SigId);
csvWriter.WriteField(temp.SourceIpText);
csvWriter.WriteField(temp.DestinationIpText);
csvWriter.WriteField(temp.FalsePositive);
csvWriter.WriteField(temp.Comment);
csvWriter.WriteField(temp.Rule);
csvWriter.WriteField(temp.Timestamp);
csvWriter.WriteField(temp.Rule);
csvWriter.NextRecord();
}
}
OnComplete();
}
catch (Exception ex)
{
OnError("An error occurred whilst performing the export: " + ex.Message);
}
finally
{
IsRunning = false;
}
}).Start();
}
/// <summary>
///
/// </summary>
private void LoadExcludes()
{
try
{
using (new HourGlass(this))
using (NPoco.Database db = new NPoco.Database(Db.GetOpenMySqlConnection()))
{
listExcludes.ClearObjects();
var data = db.Fetch<Dictionary<string, object>>(_sql.GetQuery(Sql.Query.SQL_EXCLUDES));
List<Exclude> excludes = new List<Exclude>();
foreach (Dictionary<string, object> temp in data)
{
Exclude exclude = new Exclude();
exclude.Id = long.Parse(temp["id"].ToString());
exclude.SigId = long.Parse(temp["sig_id"].ToString());
exclude.SigSid = long.Parse(temp["sig_sid"].ToString());
exclude.Rule = temp["sig_name"].ToString();
exclude.Comment = temp["comment"].ToString();
exclude.SourceIpText = temp["ip_src"].ToString();
exclude.SourcePortText = temp["port_src"].ToString();
exclude.DestinationIpText = temp["ip_dst"].ToString();
exclude.DestinationPortText = temp["port_dst"].ToString();
if (int.Parse(temp["ip_proto"].ToString()) == (int)Global.Protocols.Tcp)
{
exclude.Protocol = Global.Protocols.Tcp.GetEnumDescription();
}
else if (int.Parse(temp["ip_proto"].ToString()) == (int)Global.Protocols.Udp)
{
exclude.Protocol = Global.Protocols.Udp.GetEnumDescription();
}
else if (int.Parse(temp["ip_proto"].ToString()) == (int)Global.Protocols.Icmp)
{
exclude.Protocol = Global.Protocols.Icmp.GetEnumDescription();
}
if (((byte[])temp["fp"])[0] == 48)
{
exclude.FalsePositive = false;
}
else
{
exclude.FalsePositive = true;
}
exclude.Timestamp = DateTime.Parse(temp["timestamp"].ToString());
excludes.Add(exclude);
}
listExcludes.SetObjects(excludes);
if (excludes.Count > 0)
{
listExcludes.SelectedObject = excludes[0];
}
}
ResizeFilterListColumns();
SetButtonState();
}
catch (Exception ex)
{
UserInterface.DisplayErrorMessageBox("An error occurred whilst loading the excludes" + ex.Message);
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void btnOk_Click(object sender, EventArgs e)
{
try
{
using (NPoco.Database db = new NPoco.Database(Db.GetOpenMySqlConnection()))
{
Exclude exclude = new Exclude();
if (chkRule.Checked == true)
{
exclude.SigId = _ruleId;
}
if (chkSourceIp.Checked == true)
{
byte[] ip = _sourceIp.GetAddressBytes();
Array.Reverse(ip);
exclude.SourceIp = BitConverter.ToUInt32(ip, 0);
}
if (chkSrcPort.Checked == true)
{
exclude.SourcePort = ushort.Parse(txtSourcePort.Text);
}
if (chkDestinationIp.Checked == true)
{
byte[] ip = _destinationIp.GetAddressBytes();
Array.Reverse(ip);
exclude.DestinationIp = BitConverter.ToUInt32(ip, 0);
}
if (chkDestPort.Checked == true)
{
exclude.DestinationPort = ushort.Parse(txtDestinationPort.Text);
}
exclude.IpProto = _ipProto;
exclude.Comment = txtComment.Text;
exclude.FalsePositive = chkFalsePositive.Checked;
exclude.Timestamp = DateTime.Now;
db.Insert(exclude);
}
}
catch (Exception ex)
{
UserInterface.DisplayErrorMessageBox("An error occurred whilst adding the exclude: " + ex.Message);
return;
}
this.DialogResult = System.Windows.Forms.DialogResult.OK;
}
