/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(
DatabaseThreatDetectionPolicyModel model)
{
model = base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Disabled;
return model;
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
ExcludedDetectionType = Util.ProcessExcludedDetectionTypes(ExcludedDetectionType);
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = ExcludedDetectionType.Select(s => SecurityConstants.ExcludedDetectionToExcludedDetectionTypes[s]).ToArray();
}
ValidateInput(model);
return model;
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
}
model.ValidateContent();
return model;
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
/// <param name="model">The SecurityAlert model object</param>
/// <returns>The communication model object</returns>
private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model)
{
var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
var properties = PopulatePolicyProperties(model, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties;
updateParameters.Properties = properties;
return updateParameters;
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, string clientId)
{
if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled)
{
if (!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName, clientId))
{
throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
}
// Check that auditing is turned on:
DatabaseAuditingPolicyModel databaseAuditingPolicyModel;
AuditingAdapter.GetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, out databaseAuditingPolicyModel);
AuditStateType auditingState = databaseAuditingPolicyModel.AuditState;
if (databaseAuditingPolicyModel.UseServerDefault == UseServerDefaultOptions.Enabled)
{
ServerAuditingPolicyModel serverAuditingPolicyModel;
AuditingAdapter.GetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, clientId, out serverAuditingPolicyModel);
auditingState = serverAuditingPolicyModel.AuditState;
}
if (auditingState != AuditStateType.Enabled)
{
throw new Exception(Properties.Resources.AuditingIsTurnedOff);
}
}
var databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model);
ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, databaseSecurityAlertPolicyParameters);
}
/// <summary>
/// No sending is needed as this is a Get cmdlet
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override DatabaseThreatDetectionPolicyModel PersistChanges(DatabaseThreatDetectionPolicyModel model)
{
return null;
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
/// <param name="model">The SecurityAlert model object</param>
/// <returns>The communication model object</returns>
private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model)
{
DatabaseSecurityAlertPolicyCreateOrUpdateParameters updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
DatabaseSecurityAlertPolicyProperties properties = new DatabaseSecurityAlertPolicyProperties();
updateParameters.Properties = properties;
properties.State = PolicizeThreatDetectionState(model.ThreatDetectionState);
properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
properties.EmailAccountAdmins = model.EmailAdmins
? SecurityConstants.ThreatDetectionEndpoint.Enabled
: SecurityConstants.ThreatDetectionEndpoint.Disabled;
properties.DisabledAlerts = ExtractExcludedDetectionType(model);
return updateParameters;
}
/// <summary>
/// Updates the given model with all the disabled alerts information
/// </summary>
private void ModelizeDisabledAlerts(DatabaseThreatDetectionPolicyModel model, string disabledAlerts)
{
List<string> disabledAlertsArray = disabledAlerts.Split(';').Select(p => p.Trim()).ToList();
HashSet<DetectionType> detectionTypes = new HashSet<DetectionType>();
if (disabledAlertsArray.Contains(SecurityConstants.Sql_Injection)) detectionTypes.Add(DetectionType.Sql_Injection);
if (disabledAlertsArray.Contains(SecurityConstants.Sql_Injection_Vulnerability)) detectionTypes.Add(DetectionType.Sql_Injection_Vulnerability);
if (disabledAlertsArray.Contains(SecurityConstants.Access_Anomaly)) detectionTypes.Add(DetectionType.Access_Anomaly);
if (disabledAlertsArray.Contains(SecurityConstants.Usage_Anomaly)) detectionTypes.Add(DetectionType.Usage_Anomaly);
model.ExcludedDetectionTypes = detectionTypes.ToArray();
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private DatabaseThreatDetectionPolicyModel ModelizeDatabaseThreatDetectionPolicy(DatabaseSecurityAlertPolicy threatDetectionPolicy)
{
DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = new DatabaseThreatDetectionPolicyModel();
DatabaseSecurityAlertPolicyProperties threatDetectionProperties = threatDetectionPolicy.Properties;
databaseThreatDetectionPolicyModel.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
databaseThreatDetectionPolicyModel.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
databaseThreatDetectionPolicyModel.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeDisabledAlerts(databaseThreatDetectionPolicyModel, threatDetectionProperties.DisabledAlerts);
return databaseThreatDetectionPolicyModel;
}
/// <summary>
/// Preforms validity checks
/// </summary>
/// <param name="model">The model</param>
private void ValidateInput(DatabaseThreatDetectionPolicyModel model)
{
// Validity checks:
// 1. Check that EmailAddresses are in correct format
bool areEmailAddressesInCorrectFormat = AreEmailAddressesInCorrectFormat(model.NotificationRecipientsEmails);
if (!areEmailAddressesInCorrectFormat)
{
throw new Exception(Properties.Resources.EmailsAreNotValid);
}
// 2. check that EmailAdmins is not False and NotificationRecipientsEmails is not empty
if (!model.EmailAdmins && string.IsNullOrEmpty(model.NotificationRecipientsEmails))
{
throw new Exception(Properties.Resources.NeedToProvideEmail);
}
}
/// <summary>
/// Updates the given model with all the disabled alerts information
/// </summary>
private void ModelizeDisabledAlerts(DatabaseThreatDetectionPolicyModel model, string disabledAlerts)
{
HashSet<DetectionType> detectionTypes = new HashSet<DetectionType>();
if (disabledAlerts.IndexOf(SecurityConstants.Successful_SQLi) != -1) detectionTypes.Add(DetectionType.Successful_SQLi);
if (disabledAlerts.IndexOf(SecurityConstants.Attempted_SQLi) != -1) detectionTypes.Add(DetectionType.Attempted_SQLi);
if (disabledAlerts.IndexOf(SecurityConstants.Client_GEO_Anomaly) != -1) detectionTypes.Add(DetectionType.Client_GEO_Anomaly);
if (disabledAlerts.IndexOf(SecurityConstants.Failed_Logins_Anomaly) != -1) detectionTypes.Add(DetectionType.Failed_Logins_Anomaly);
if (disabledAlerts.IndexOf(SecurityConstants.Failed_Queries_Anomaly) != -1) detectionTypes.Add(DetectionType.Failed_Queries_Anomaly);
if (disabledAlerts.IndexOf(SecurityConstants.Data_Extraction_Anomaly) != -1) detectionTypes.Add(DetectionType.Data_Extraction_Anomaly);
if (disabledAlerts.IndexOf(SecurityConstants.Data_Alteration_Anomaly) != -1) detectionTypes.Add(DetectionType.Data_Alteration_Anomaly);
model.ExcludedDetectionTypes = detectionTypes.ToArray();
}
