C# (CSharp) epidigitalogy.Classes Feed Examples

Programming Language: C# (CSharp)

Namespace/Package Name: epidigitalogy.Classes

Class/Type: Feed

Examples at hotexamples.com: 6

C# (CSharp) epidigitalogy.Classes Feed - 6 examples found. These are the top rated real world C# (CSharp) examples of epidigitalogy.Classes.Feed extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

0

Show file

File: Symantec.cs Project: CrossRoadsHackerSpace/epidigitalogy

        public Feed getUpdateDetail(string id, DateTime startDate, DateTime endDate)
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();
            SqlDataReader rdr = null;

            Feed feed = new Feed();
            feed.name = "Virus Updates";

            string sql = @"
                SELECT	DATEADD(SECOND, l.EVENT_TIME/1000, '1970-01-01') AS ed,
                        l.EVENT_DESC AS description
                FROM	V_AGENT_SYSTEM_LOG l
                        INNER JOIN SEM_COMPUTER c ON c.COMPUTER_ID = l.COMPUTER_ID
                WHERE	EVENT_SOURCE = 'SYLINK'
                        AND EVENT_DESC LIKE 'Downloaded%'
                        AND c.COMPUTER_ID = @Id
                        AND dateadd(second, l.EVENT_TIME/1000, '1970-01-01') BETWEEN @StartDate AND @EndDate";

            try {
                conn.ConnectionString = this.sqlConnectionString;
                conn.Open();

                cmd = new SqlCommand(sql, conn);
                cmd.CommandType = System.Data.CommandType.Text;

                cmd.Parameters.Add(new SqlParameter("@Id", SqlDbType.VarChar, 32)).Value = id;
                cmd.Parameters.Add(new SqlParameter("@StartDate", SqlDbType.DateTime)).Value = startDate;
                cmd.Parameters.Add(new SqlParameter("@EndDate", SqlDbType.DateTime)).Value = endDate;
                rdr = cmd.ExecuteReader();

                while (rdr.Read()) {
                    Event e = new Event();
                    e.feed = feed.name;
                    e.ed = (DateTime)rdr["ed"];
                    e.description = rdr["description"] == DBNull.Value ? null : (string)rdr["description"];
                    e.et = "Virus Definition Update";

                    feed.events.Add(e);

                    if ((DateTime)rdr["ed"] < mindt) {
                        mindt = (DateTime)rdr["ed"];
                    }

                    if ((DateTime)rdr["ed"] > maxdt) {
                        maxdt = (DateTime)rdr["ed"];
                    }
                }
            } catch (Exception e) {
                feed.error = e.Message;
            } finally {
                rdr.Close();
                rdr.Dispose();
                cmd.Dispose();
                conn.Close();
                conn.Dispose();
            }

            return feed;
        }

Example #2

0

Show file

File: Symantec.cs Project: CrossRoadsHackerSpace/epidigitalogy

        public Feed getHostUserControlDetail(string id, DateTime startDate, DateTime endDate)
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();
            SqlDataReader rdr = null;

            Feed feed = new Feed();
            feed.name = "User Control";

            string sql = @"
                SELECT	dateadd(second,[EVENT_TIME]/1000, '1970-01-01') AS ed,
                        dateadd(second,[BEGIN_TIME]/1000, '1970-01-01') AS begin_time,
                        dateadd(second,[END_TIME]/1000, '1970-01-01') AS end_time,
                        (SELECT
                            CASE [EVENT_ID]
                                WHEN 501 THEN 'Application Control Driver'
                                WHEN 502 THEN 'Application Control Rules'
                                WHEN 999 THEN 'Tamper Protection'
                            END) AS event_type,
                        severity,
                        (SELECT
                            CASE [ACTION]
                                WHEN 0 THEN 'allow'
                                WHEN 1 THEN 'block'
                                WHEN 2 THEN 'ask'
                                WHEN 3 THEN 'continue'
                                WHEN 4 THEN 'terminate'
                            END) AS action,
                        description,
                        rule_name,
                        caller_process_name,
                        parameter,
                        alert,
                        user_name,
                        domain_name
                FROM	v_agent_behavior_log l
                            INNER JOIN identity_map m ON l.[GROUP_ID] = m.[ID]
                WHERE	caller_process_name != 'SysPlant' AND
                        COMPUTER_ID = @Id AND
                        dateadd(second,[BEGIN_TIME]/1000, '1970-01-01')  BETWEEN @StartDate AND @EndDate
                ORDER	BY l.EVENT_TIME";

            try {
                conn.ConnectionString = this.sqlConnectionString;
                conn.Open();

                cmd = new SqlCommand(sql, conn);
                cmd.CommandType = System.Data.CommandType.Text;

                cmd.Parameters.Add(new SqlParameter("@Id", SqlDbType.VarChar, 32)).Value = id;
                cmd.Parameters.Add(new SqlParameter("@StartDate", SqlDbType.DateTime)).Value = startDate;
                cmd.Parameters.Add(new SqlParameter("@EndDate", SqlDbType.DateTime)).Value = endDate;
                rdr = cmd.ExecuteReader();

                while (rdr.Read()) {
                    UserControlEvent e = new UserControlEvent();
                    e.feed = feed.name;
                    e.ed = (DateTime)rdr["begin_time"];
                    e.et = rdr["event_type"] == DBNull.Value ? null : (string)rdr["event_type"];
                    e.severity = (int)rdr["severity"];
                    e.action_taken = rdr["action"] == DBNull.Value ? null : (string)rdr["action"];
                    e.description = rdr["description"] == DBNull.Value ? null : (string)rdr["description"];
                    e.rule_name = rdr["rule_name"] == DBNull.Value ? null : (string)rdr["rule_name"];
                    e.caller_process = rdr["caller_process_name"] == DBNull.Value ? null : (string)rdr["caller_process_name"];
                    e.parameter = rdr["parameter"] == DBNull.Value ? null : (string)rdr["parameter"];
                    if (rdr["alert"] != DBNull.Value && (int)rdr["alert"] == 1) {
                        e.alert = true;
                    }
                    e.user_name = rdr["user_name"] == DBNull.Value ? null : (string)rdr["user_name"];
                    e.domain_name = rdr["domain_name"] == DBNull.Value ? null : (string)rdr["domain_name"];

                    feed.events.Add(e);

                    if ((DateTime)rdr["ed"] < mindt) {
                        mindt = (DateTime)rdr["ed"];
                    }

                    if ((DateTime)rdr["ed"] > maxdt) {
                        maxdt = (DateTime)rdr["ed"];
                    }
                }
            } catch (Exception e) {
                feed.error = e.Message;
            } finally {
                rdr.Close();
                rdr.Dispose();
                cmd.Dispose();
                conn.Close();
                conn.Dispose();
            }

            return feed;
        }

Example #3

0

Show file

File: Symantec.cs Project: CrossRoadsHackerSpace/epidigitalogy

        public Feed getHostIPSDetail(string id, DateTime startDate, DateTime endDate)
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();
            SqlDataReader rdr = null;

            Feed feed = new Feed();
            feed.name = "IPS";

            string sql = @"
                SELECT	DATEADD(second, EVENT_TIME / 1000, '1970-01-01') AS ed,
                        (SELECT CASE [EVENT_ID]
                            WHEN 301 THEN 'TCP Initiated'
                            WHEN 302 THEN 'UDP datagram'
                            WHEN 303 THEN 'Ping request'
                            WHEN 304 THEN 'TCP Completed'
                            WHEN 305 THEN 'Traffic (other)'
                            WHEN 306 THEN 'ICMP packet'
                            WHEN 307 THEN 'Ethernet packet'
                            WHEN 308 THEN 'IP Packet' END) AS traffic_type,
                        SEVERITY,
                        LOCAL_HOST_IP AS local_ip,
                        REMOTE_HOST_IP AS remote_ip,
                        REMOTE_HOST_NAME AS remote_hostname,
                        LOCAL_PORT,
                        REMOTE_PORT,
                        (SELECT CASE TRAFFIC_DIRECTION
                            WHEN 0 THEN 'Unknown'
                            WHEN 1 THEN 'Inbound'
                            WHEN 2 THEN 'Outbound'
                        END) AS direction,
                        REPETITION,
                        (SELECT CASE NETWORK_PROTOCOL
                            WHEN 1 THEN 'Others'
                            WHEN 2 THEN 'TCP'
                            WHEN 3 THEN 'UDP' END) AS protocol,
                        HACK_TYPE,
                        BEGIN_TIME,
                        EVENT_DESC AS description,
                        APP_NAME,
                        ALERT,
                        LOCATION_NAME AS location,
                        INTRUSION_URL AS intrusion_url,
                        INTRUSION_PAYLOAD_URL AS intrusion_payload_url
                FROM	V_AGENT_SECURITY_LOG
                WHERE	COMPUTER_ID = @Id
                        AND DATEADD(second, EVENT_TIME / 1000, '1970-01-01') BETWEEN @StartDate AND @EndDate
            ";

            try {
                conn.ConnectionString = this.sqlConnectionString;
                conn.Open();

                cmd = new SqlCommand(sql, conn);
                cmd.CommandType = System.Data.CommandType.Text;

                cmd.Parameters.Add(new SqlParameter("@Id", SqlDbType.VarChar, 32)).Value = id;
                cmd.Parameters.Add(new SqlParameter("@StartDate", SqlDbType.DateTime)).Value = startDate;
                cmd.Parameters.Add(new SqlParameter("@EndDate", SqlDbType.DateTime)).Value = endDate;
                rdr = cmd.ExecuteReader();

                while (rdr.Read()) {
                    IPSEvent e = new IPSEvent();
                    e.feed = feed.name;
                    e.id = id;
                    e.ed = (DateTime)rdr["ed"];
                    e.traffic_type = rdr["traffic_type"] == DBNull.Value ? null : (string)rdr["traffic_type"];
                    e.severity = (int)rdr["severity"];
                    if (rdr["local_ip"] != DBNull.Value) {
                        if (Type.GetTypeCode(rdr.GetFieldType(rdr.GetOrdinal("local_ip"))) == TypeCode.String) {
                            e.local_ip = Util.IP2Long((string)rdr["local_ip"]);
                        } else {
                            e.local_ip = (long)rdr["local_ip"];
                        }
                    }
                    if (rdr["remote_ip"] != DBNull.Value) {
                        if (Type.GetTypeCode(rdr.GetFieldType(rdr.GetOrdinal("remote_ip"))) == TypeCode.String) {
                            e.remote_ip = Util.IP2Long((string)rdr["remote_ip"]);
                        } else {
                            e.remote_ip = (long)rdr["remote_ip"];
                        }
                    }
                    e.remote_hostname = rdr["remote_hostname"] == DBNull.Value ? null : (string)rdr["remote_hostname"];
                    e.local_port = (int)rdr["local_port"];
                    e.remote_port = (int)rdr["remote_port"];
                    e.direction = rdr["direction"] == DBNull.Value ? null : (string)rdr["direction"];
                    e.repetition = (int)rdr["repetition"];
                    e.protocol = rdr["protocol"] == DBNull.Value ? null : (string)rdr["protocol"];
                    e.app_name = rdr["app_name"] == DBNull.Value ? null : (string)rdr["app_name"];

                    if (rdr["alert"] != DBNull.Value && (byte)rdr["alert"] == 1) {
                        e.alert = true;
                    }
                    e.location = rdr["location"] == DBNull.Value ? null : (string)rdr["location"];
                    e.intrusion_url = rdr["intrusion_url"] == DBNull.Value ? null : (string)rdr["intrusion_url"];
                    e.intrusion_payload_url = rdr["intrusion_payload_url"] == DBNull.Value ? null : (string)rdr["intrusion_payload_url"];
                    e.description = rdr["description"] == DBNull.Value ? null : (string)rdr["description"];

                    feed.events.Add(e);

                    if ((DateTime)rdr["ed"] < mindt) {
                        mindt = (DateTime)rdr["ed"];
                    }

                    if ((DateTime)rdr["ed"] > maxdt) {
                        maxdt = (DateTime)rdr["ed"];
                    }
                }
            } catch (Exception e) {
                feed.error = e.Message;
            } finally {
                rdr.Close();
                rdr.Dispose();
                cmd.Dispose();
                conn.Close();
                conn.Dispose();
            }

            return feed;
        }

Example #4

0

Show file

File: Symantec.cs Project: CrossRoadsHackerSpace/epidigitalogy

        public Feed getHostFirewallDetail(string id, DateTime startDate, DateTime endDate)
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();
            SqlDataReader rdr = null;

            Feed feed = new Feed();
            feed.name = "Firewall";

            string sql = @"
                SELECT	DATEADD(second, [EVENT_TIME] / 1000, '1970-01-01') AS ed,
                        NULL AS protocol,
                        (SELECT CASE [EVENT_ID]
                            WHEN 301 THEN 'TCP Initiated'
                            WHEN 302 THEN 'UDP datagram'
                            WHEN 303 THEN 'Ping request'
                            WHEN 304 THEN 'TCP Completed'
                            WHEN 305 THEN 'Traffic (other)'
                            WHEN 306 THEN 'ICMP packet'
                            WHEN 307 THEN 'Ethernet packet'
                            WHEN 308 THEN 'IP Packet' END) AS traffic_type,
                        LOCAL_HOST_IP AS local_ip,
                        REMOTE_HOST_IP AS remote_ip,
                        REMOTE_HOST_NAME AS remote_hostname,
                        LOCAL_PORT AS local_port,
                        REMOTE_PORT AS remote_port,
                        (SELECT CASE TRAFFIC_DIRECTION
                            WHEN 0 THEN 'Unknown'
                            WHEN 1 THEN 'Inbound'
                            WHEN 2 THEN 'Outbound'
                        END) AS direction,
                        NULL AS severity,
                        NULL AS severity_string,
                        BLOCKED AS blocked,
                        APP_NAME AS app_name,
                        ALERT AS Alert,
                        RULE_NAME AS rule_name,
                        NULL AS location,
                        null AS repetition
                FROM	v_agent_packet_log l
                WHERE	l.COMPUTER_ID = @Id
                        AND l.BLOCKED = 1
                        AND DATEADD(second, l.[EVENT_TIME] / 1000, '1970-01-01') BETWEEN @StartDate AND @EndDate

                UNION

                SELECT	DATEADD(second, [EVENT_TIME] / 1000, '1970-01-01') AS ed,
                        (SELECT CASE [NETWORK_PROTOCOL]
                            WHEN 1 THEN 'Others'
                            WHEN 2 THEN 'TCP'
                            WHEN 3 THEN 'UDP' END) AS protocol,
                        (SELECT CASE [EVENT_ID]
                            WHEN 301 THEN 'TCP Initiated'
                            WHEN 302 THEN 'UDP datagram'
                            WHEN 303 THEN 'Ping request'
                            WHEN 304 THEN 'TCP Completed'
                            WHEN 305 THEN 'Traffic (other)'
                            WHEN 306 THEN 'ICMP packet'
                            WHEN 307 THEN 'Ethernet packet'
                            WHEN 308 THEN 'IP Packet' END) AS traffic_type,
                        LOCAL_HOST_IP AS local_ip,
                        REMOTE_HOST_IP AS remote_ip,
                        [REMOTE_HOST_NAME] AS remote_hostname,
                        [LOCAL_PORT] AS local_port,
                        [REMOTE_PORT] AS remote_port,
                        (SELECT CASE TRAFFIC_DIRECTION
                            WHEN 0 THEN 'Unknown'
                            WHEN 1 THEN 'Inbound'
                            WHEN 2 THEN 'Outbound'
                        END) AS direction,
                        [SEVERITY],	-- 0 to 15, lower is worse
                        (SELECT CASE [SEVERITY]
                            WHEN 0 THEN 'Critical'
                            WHEN 1 THEN 'Critical'
                            WHEN 2 THEN 'Critical'
                            WHEN 3 THEN 'Critical'
                            WHEN 4 THEN 'Major'
                            WHEN 5 THEN 'Major'
                            WHEN 6 THEN 'Major'
                            WHEN 7 THEN 'Major'
                            WHEN 8 THEN 'Minor'
                            WHEN 9 THEN 'Minor'
                            WHEN 10 THEN 'Minor'
                            WHEN 11 THEN 'Minor'
                            WHEN 12 THEN 'Info'
                            WHEN 13 THEN 'Info'
                            WHEN 14 THEN 'Info'
                            WHEN 15 THEN 'Info'
                            END) AS Severity_String,
                        [BLOCKED],
                        [APP_NAME],
                        [ALERT],
                        [RULE_NAME],
                        [LOCATION_NAME],
                        [REPETITION]
                FROM	v_agent_traffic_log l
                WHERE	l.COMPUTER_ID = @Id
                        AND l.BLOCKED = 1
                        AND DATEADD(second, l.[EVENT_TIME] / 1000, '1970-01-01') BETWEEN @StartDate AND @EndDate";

            try {
                conn.ConnectionString = this.sqlConnectionString;
                conn.Open();

                cmd = new SqlCommand(sql, conn);
                cmd.CommandType = System.Data.CommandType.Text;

                cmd.Parameters.Add(new SqlParameter("@Id", SqlDbType.VarChar, 32)).Value = id;
                cmd.Parameters.Add(new SqlParameter("@StartDate", SqlDbType.DateTime)).Value = startDate;
                cmd.Parameters.Add(new SqlParameter("@EndDate", SqlDbType.DateTime)).Value = endDate;
                rdr = cmd.ExecuteReader();

                while (rdr.Read()) {
                    FirewallEvent e = new FirewallEvent();
                    e.feed = feed.name;
                    e.ed = (DateTime)rdr["ed"];
                    if (rdr["local_ip"] != DBNull.Value) {
                        if (Type.GetTypeCode(rdr.GetFieldType(rdr.GetOrdinal("local_ip"))) == TypeCode.String) {
                            e.local_ip = Util.IP2Long((string)rdr["local_ip"]);
                        } else {
                            e.local_ip = (long)rdr["local_ip"];
                        }
                    }
                    if (rdr["remote_ip"] != DBNull.Value) {
                        if (Type.GetTypeCode(rdr.GetFieldType(rdr.GetOrdinal("remote_ip"))) == TypeCode.String) {
                            e.remote_ip = Util.IP2Long((string)rdr["remote_ip"]);
                        } else {
                            e.remote_ip = (long)rdr["remote_ip"];
                        }
                    }
                    e.protocol = rdr["protocol"] == DBNull.Value ? null : (string)rdr["protocol"];
                    e.traffic_type = rdr["traffic_type"] == DBNull.Value ? null : (string)rdr["traffic_type"];
                    e.remote_hostname = rdr["remote_hostname"] == DBNull.Value ? null : (string)rdr["remote_hostname"];
                    e.local_port = (int)rdr["local_port"];
                    e.remote_port = (int)rdr["remote_port"];
                    e.direction = rdr["direction"] == DBNull.Value ? null : (string)rdr["direction"];
                    e.repetition = (int)rdr["repetition"];
                    if (rdr["blocked"] != DBNull.Value && (byte)rdr["blocked"] == 1) {
                        e.action_taken = "Blocked";
                    }
                    e.app_name = rdr["app_name"] == DBNull.Value ? null : (string)rdr["app_name"];
                    if (rdr["alert"] != DBNull.Value && (int)rdr["alert"] == 1) {
                        e.alert = true;
                    }
                    e.rule_name = rdr["rule_name"] == DBNull.Value ? null : (string)rdr["rule_name"];
                    e.location = rdr["location"] == DBNull.Value ? null : (string)rdr["location"];

                    feed.events.Add(e);

                    if ((DateTime)rdr["ed"] < mindt) {
                        mindt = (DateTime)rdr["ed"];
                    }

                    if ((DateTime)rdr["ed"] > maxdt) {
                        maxdt = (DateTime)rdr["ed"];
                    }
                }
            } catch (Exception e) {
                feed.error = e.Message;
            } finally {
                rdr.Close();
                rdr.Dispose();
                cmd.Dispose();
                conn.Close();
                conn.Dispose();
            }

            return feed;
        }

Example #5

0

Show file

File: Symantec.cs Project: CrossRoadsHackerSpace/epidigitalogy

        public Feed getHostDownloadDetail(string id, DateTime startDate, DateTime endDate)
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();
            SqlDataReader rdr = null;

            Feed feed = new Feed();
            feed.name = "Downloads";

            string sql = @"
                SELECT	dateadd(second, c.TIME_STAMP / 1000, '1970-01-01') AS ed,
                        a.[APPLICATION_NAME] AS app_name,
                        a.[COMPANY_NAME] AS app_company,
                        a.[VERSION] AS app_version,
                        a.[FILE_SIZE] AS filesize,
                        a.[APP_DESCRIPTION] AS description,
                        c.[APP_HASH] AS app_md5,
                        c.[CREATOR_SHA2] AS app_sha2,
                        c.[DOWNLOAD_URL] AS url,
                        a.[SIGNER_NAME] AS signer,
                        a.[LAST_MODIFY_TIME] AS last_modify_time
                FROM	COMPUTER_APPLICATION c
                        LEFT JOIN SEM_APPLICATION a on a.APP_HASH = c.APP_HASH
                WHERE	c.COMPUTER_ID = @Id
                        AND dateadd(second, c.TIME_STAMP / 1000, '1970-01-01') BETWEEN @StartDate AND @EndDate
            ";
            try {
                conn.ConnectionString = this.sqlConnectionString;
                conn.Open();

                cmd = new SqlCommand(sql, conn);
                cmd.CommandType = System.Data.CommandType.Text;

                cmd.Parameters.Add(new SqlParameter("@Id", SqlDbType.VarChar, 32)).Value = id;
                cmd.Parameters.Add(new SqlParameter("@StartDate", SqlDbType.DateTime)).Value = startDate;
                cmd.Parameters.Add(new SqlParameter("@EndDate", SqlDbType.DateTime)).Value = endDate;
                rdr = cmd.ExecuteReader();

                while (rdr.Read()) {
                    DownloadEvent e = new DownloadEvent();
                    e.feed = feed.name;
                    e.id = id;
                    e.ed = (DateTime)rdr["ed"];
                    e.app_name = rdr["app_name"] == DBNull.Value ? null : (string)rdr["app_name"];
                    e.app_company = rdr["app_company"] == DBNull.Value ? null : (string)rdr["app_company"];
                    e.app_version = rdr["app_version"] == DBNull.Value ? null : (string)rdr["app_version"];
                    e.filesize = (long)rdr["filesize"];
                    e.description = rdr["description"] == DBNull.Value ? null : (string)rdr["description"];
                    e.app_md5 = rdr["app_md5"] == DBNull.Value ? null : (string)rdr["app_md5"];
                    e.app_sha2 = rdr["app_sha2"] == DBNull.Value ? null : (string)rdr["app_sha2"];
                    e.url = rdr["url"] == DBNull.Value ? null : (string)rdr["url"];
                    e.signer = rdr["signer"] == DBNull.Value ? null : (string)rdr["signer"];
                    e.last_modify_time = (long)rdr["last_modify_time"];

                    feed.events.Add(e);

                    if ((DateTime)rdr["ed"] < mindt) {
                        mindt = (DateTime)rdr["ed"];
                    }

                    if ((DateTime)rdr["ed"] > maxdt) {
                        maxdt = (DateTime)rdr["ed"];
                    }
                }
            } catch (Exception e) {
                feed.error = e.Message;
            } finally {
                rdr.Close();
                rdr.Dispose();
                cmd.Dispose();
                conn.Close();
                conn.Dispose();
            }

            return feed;
        }

Example #6

0

Show file

File: Symantec.cs Project: CrossRoadsHackerSpace/epidigitalogy

        public Feed getHostAntiVirusDetail(string id, DateTime startDate, DateTime endDate)
        {
            SqlConnection conn = new SqlConnection();
            SqlCommand cmd = new SqlCommand();
            SqlDataReader rdr = null;

            Feed feed = new Feed();
            feed.name = "AV Engine";

            string sql = @"
                SELECT
                        a.[ALERTDATETIME] AS ed,
                        a.[SOURCE] AS source,
                        a.filepath,
                        a.[DESCRIPTION] AS description,
                        (replace([ACTUALACTION].[ACTUALACTION],' ', '_')) AS action_taken,
                        app.APP_NAME AS app_name,
                        app.[COMPANY_NAME] AS app_company,
                        app.[APP_VERSION] AS app_version,
                        app.[FILE_SIZE] AS filesize,
                        app.APP_TYPE AS app_type,
                        v.[VIRUSNAME] AS virus_name,
                        a.[USER_NAME],
                        COALESCE(alerts.[SENSITIVITY], 0) AS sensitivity,
                        COALESCE(alerts.[DETECTION_SCORE], 0) AS detection_score,
                        COALESCE(alerts.[COH_ENGINE_VERSION], '') AS 'truscan_engine_version',
                        COALESCE(alerts.[DIS_SUBMIT], 0) AS submission_recommendation,
                        COALESCE(alerts.[WHITELIST_REASON], 0) AS whitelist_reason,
                        COALESCE(alerts.[DISPOSITION], 0) AS disposition,
                        COALESCE(alerts.[Confidence], 0) AS confidence,
                        COALESCE(alerts.[PREVALENCE], 0) AS prevalence,
                        COALESCE(alerts.[URL], '') AS url,
                        COALESCE(alerts.[WEB_DOMAIN], '') AS web_domain,
                        COALESCE(alerts.[DOWNLOADER], '') AS downloader,
                        COALESCE(alerts.[CIDS_ONOFF], 0) AS cids_onoff,
                        COALESCE(alerts.[RISK_LEVEL], 0) AS risk_level
                FROM	V_ALERTS a
                        LEFT JOIN HPP_APPLICATION app ON a.[HPP_APP_IDX] = app.[APP_IDX]
                        LEFT JOIN IDENTITY_MAP g ON a.[CLIENTGROUP_IDX] = g.[ID]
                        LEFT JOIN [V_SEM_COMPUTER] ON a.[COMPUTER_IDX]= [V_SEM_COMPUTER].[COMPUTER_ID]
                        LEFT JOIN V_VIRUS v ON v.[VIRUSNAME_IDX] = a.VIRUSNAME_IDX
                        LEFT JOIN [ACTUALACTION] on a.[ACTUALACTION_IDX] = [ACTUALACTION].[ACTUALACTION_IDX]
                        LEFT JOIN [HPP_ALERTS] alerts on a.[IDX] = alerts.[IDX]
                WHERE	[V_SEM_COMPUTER].COMPUTER_ID = @Id
            --						AND app_type != -1	 -- Seems to return junk data.
                        AND a.[ALERTDATETIME] BETWEEN @StartDate AND @EndDate
                ORDER	BY g.[NAME],
                        a.[ALERTDATETIME],
                        v.[VIRUSNAME]";

            try {
                conn.ConnectionString = this.sqlConnectionString;
                conn.Open();

                cmd = new SqlCommand(sql, conn);
                cmd.CommandType = System.Data.CommandType.Text;

                cmd.Parameters.Add(new SqlParameter("@Id", SqlDbType.VarChar, 32)).Value = id;
                cmd.Parameters.Add(new SqlParameter("@StartDate", SqlDbType.DateTime)).Value = startDate;
                cmd.Parameters.Add(new SqlParameter("@EndDate", SqlDbType.DateTime)).Value = endDate;
                rdr = cmd.ExecuteReader();

                while (rdr.Read()) {
                    VirusEvent e = new VirusEvent();
                    e.feed = feed.name;
                    e.id = id;
                    e.ed = (DateTime)rdr["ed"];
                    e.filepath = rdr["filepath"] == DBNull.Value ? null : (string)rdr["filepath"];
                    e.action_taken = rdr["action_taken"] == DBNull.Value ? null : (string)rdr["action_taken"];
                    e.source = rdr["source"] == DBNull.Value ? null : (string)rdr["source"];
                    e.app_name = rdr["app_name"] == DBNull.Value ? null : (string)rdr["app_name"];
                    e.app_company = rdr["app_company"] == DBNull.Value ? null : (string)rdr["app_company"];
                    e.app_version = rdr["app_version"] == DBNull.Value ? null : (string)rdr["app_version"];
                    e.filesize = (long)rdr["filesize"];
                    e.app_type = (int)rdr["app_type"];
                    e.virus_name = rdr["virus_name"] == DBNull.Value ? null : (string)rdr["virus_name"];
                    e.sensitivity = (int)rdr["sensitivity"];
                    e.detection_score = (int)rdr["detection_score"];
                    e.truscan_engine_version = rdr["truscan_engine_version"] == DBNull.Value ? null : (string)rdr["truscan_engine_version"];
                    e.submission_recommendation = (int)rdr["submission_recommendation"];
                    e.whitelist_reason = (int)rdr["whitelist_reason"];
                    e.disposition = (int)rdr["disposition"];	// 127 if there's no data to compare to
                    e.confidence = (int)rdr["confidence"];
                    e.prevalence = (int)rdr["prevalence"];
                    e.url = rdr["url"] == DBNull.Value ? null : (string)rdr["url"].ToString();
                    e.web_domain = rdr["web_domain"] == DBNull.Value ? null : (string)rdr["web_domain"];
                    e.downloader = rdr["downloader"] == DBNull.Value ? null : (string)rdr["downloader"];
                    e.cids_onoff = (int)rdr["cids_onoff"];
                    e.risk_level = (int)rdr["risk_level"];

                    feed.events.Add(e);

                    if ((DateTime)rdr["ed"] < mindt) {
                        mindt = (DateTime)rdr["ed"];
                    }

                    if ((DateTime)rdr["ed"] > maxdt) {
                        maxdt = (DateTime)rdr["ed"];
                    }
                }
            } catch (Exception e) {
                feed.error = e.Message;
            } finally {
                rdr.Close();
                rdr.Dispose();
                cmd.Dispose();
                conn.Close();
                conn.Dispose();
            }

            return feed;
        }