public static string AverageDetectionsPerMonth() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { return(db.v_DetectionAverages.Select(x => x.Monthly).FirstOrDefault().Value.ToString()); } }
public List <Detection> GetList() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { return(db.Detections.ToList()); } }
public ActionResult Index(ScheduleViewModel[] schedules) { if (ModelState.IsValid) { try { FalconOrchestratorDB db = new FalconOrchestratorDB(); foreach (var line in schedules) { ResponderSchedule row = db.ResponderSchedules.Find(line.ScheduleId); row.ResponderId = line.ResponderId != null ? (int?)Convert.ToInt32(line.ResponderId) : null; db.Entry(row).State = System.Data.Entity.EntityState.Modified; } db.SaveChanges(); return(PartialView("_Success", "Schedule has been updated")); } catch (Exception e) { return(PartialView("_Error", e.Message)); } } List <string> errors = ModelState.Where(x => x.Value.Errors.Count > 0).SelectMany(x => x.Value.Errors).Select(x => x.ErrorMessage).ToList(); return(PartialView("_ValidationError", errors)); }
public static Responder GetAssignedResponder(string dayOfWeek) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { return(db.ResponderSchedules.Where(x => x.DayOfWeek.Equals(dayOfWeek)).Select(x => x.Responder).FirstOrDefault()); } }
public override bool Exists() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { return(db.Detections.Any(x => x.Offset.Equals(Metadata.Offset))); } }
private int GetDetectionDeviceId() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { int detectDeviceId; if (db.Devices.Any(x => x.Hostname.Equals(data.ComputerName))) { int deviceId = db.Devices.Where(x => x.Hostname.Equals(data.ComputerName)).Select(x => x.DeviceId).Single(); DetectionDevice detectDevice = new DetectionDevice(); detectDevice.DeviceId = deviceId; detectDevice.IPAddress = data.IPAddress; db.DetectionDevices.Add(detectDevice); db.SaveChanges(); detectDeviceId = detectDevice.DetectionDeviceId; } else { Device device = new Device(); device.Hostname = data.ComputerName; device.SensorId = data.SensorId; device.Domain = data.MachineDomain; db.Devices.Add(device); DetectionDevice detectDevice = new DetectionDevice(); detectDevice.DeviceId = device.DeviceId; db.DetectionDevices.Add(detectDevice); db.SaveChanges(); detectDeviceId = detectDevice.DetectionDeviceId; } return(detectDeviceId); } }
public override bool Match() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { return(db.Whitelists.ToList().Any(x => Regex.IsMatch(model.Data.CommandLine, Regex.Replace(x.Value, @"\\", @"\\")))); } }
protected void CheckTaxonomy(string taxonomyTypeString, List <string> modelProperty) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { List <Taxonomy> patterns = db.Taxonomies.Where(x => x.TaxonomyType.Type.Equals(taxonomyTypeString)).ToList(); model.Data.TaxonomyIds = new List <int>(); foreach (Taxonomy p in patterns) { foreach (string line in modelProperty) { if (Regex.IsMatch(line, p.Value)) { log.Debug("[" + model.Metadata.Offset + "]" + " detection matched a taxonomy rule " + p.Description); if (p.Critical.Equals(true)) { log.Debug("[" + model.Metadata.Offset + "]" + " detection matched a critical taxonomy rule " + p.Description); model.Data.Severity = 5; model.Data.SeverityName = "Critical"; } ; model.Data.TaxonomyIds.Add(p.TaxonomyId); } } } } }
public ActionResult Create() { FalconOrchestratorDB db = new FalconOrchestratorDB(); ViewBag.TypeId = new SelectList(db.TaxonomyTypes, "TaxTypeId", "Type", String.Empty); return(View(new TaxonomyViewModel())); }
public ActionResult Create() { FalconOrchestratorDB db = new FalconOrchestratorDB(); ViewBag.TypeId = new SelectList(db.WhitelistTypes, "WhitelistTypeId", "Type", String.Empty); return(View()); }
public ActionResult DataTableHandler(JQueryDataTablesModel parameters) { FalconOrchestratorDB db = new FalconOrchestratorDB(); List <Detection> model = HttpContext.Application["Detections"] as List <Detection>; if (!String.IsNullOrEmpty(parameters.sSearch)) { model = model.Where(x => x.DetectionDevice.Device.Hostname.Contains(parameters.sSearch.ToLower()) || x.Account.AccountName.ToLower().Contains(parameters.sSearch.ToLower()) || x.Name.ToLower().Contains(parameters.sSearch.ToLower()) || x.FileName.ToLower().Contains(parameters.sSearch.ToLower())).ToList(); } int sortingColumnIndex = parameters.iSortCol_0; string sortDirection = parameters.sSortDir_0; Func <Detection, string> orderingFunction = (x => sortingColumnIndex == 0 ? x.ProcessStartTime.Value.ToLocalTime().ToString("yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture) : sortingColumnIndex == 1 ? x.Severity.SeverityType : sortingColumnIndex == 2 ? x.Name : sortingColumnIndex == 3 ? x.DetectionDevice.Device.Hostname : sortingColumnIndex == 4 ? x.Account.AccountName : sortingColumnIndex == 5 ? x.FileName : sortingColumnIndex == 6 ? x.Status.StatusType : x.Responder != null ? x.Responder.FirstName + " " + x.Responder.LastName : null); if (sortDirection == "asc") { model = model.OrderBy(orderingFunction).ToList(); } if (sortDirection == "desc") { model = model.OrderByDescending(orderingFunction).ToList(); } var filteredModel = model.Skip(parameters.iDisplayStart) .Take(parameters.iDisplayLength).ToList(); var data = filteredModel.Select(x => new DetectionListViewModel { DT_RowId = x.DetectionId, DetectionName = x.Name, FileName = x.FileName, Responder = x.Responder != null ? x.Responder.FirstName + " " + x.Responder.LastName : null, Hostname = x.DetectionDevice.Device.Domain != x.DetectionDevice.Device.Hostname ? x.DetectionDevice.Device.Domain + "\\" + x.DetectionDevice.Device.Hostname : x.DetectionDevice.Device.Hostname, Severity = x.Severity.SeverityType, Status = x.Status.StatusType, Timestamp = x.ProcessStartTime.Value.ToLocalTime().ToString("yyyy-MM-dd HH:mm:ss", CultureInfo.InvariantCulture), Username = x.Account.AccountName }); return(Json(new { sEcho = parameters.sEcho, iTotalRecords = model.Count, iTotalDisplayRecords = model.Count, aaData = data }, JsonRequestBehavior.AllowGet)); }
private int GetAccountId() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { int accountId; if (db.Accounts.Any(x => x.AccountName.Equals(data.UserName))) { accountId = db.Accounts.Where(x => x.AccountName.Equals(data.UserName)).Select(x => x.AccountId).FirstOrDefault(); } else { Account user = new Account(); user.AccountName = data.UserName; user.Timestamp = DateTime.UtcNow; db.Accounts.Add(user); db.SaveChanges(); accountId = user.AccountId; if (data.AccountModel != null) { user.City = data.AccountModel.City; user.Country = data.AccountModel.Country; user.Department = data.AccountModel.Department; user.EmailAddress = data.AccountModel.EmailAddress; user.FirstName = data.AccountModel.FirstName; user.JobTitle = data.AccountModel.JobTitle; user.LastLogon = data.AccountModel.LastLogon != DateTime.MinValue ? data.AccountModel.LastLogon : null; user.LastName = data.AccountModel.LastName; user.Manager = data.AccountModel.Manager; user.PhoneNumber = data.AccountModel.PhoneNumber; user.StateProvince = data.AccountModel.StateProvince; user.StreetAddress = data.AccountModel.StreetAddress; user.OrganizationalUnit = data.AccountModel.OrganizationalUnit; if (data.AccountModel.Groups != null) { foreach (string line in data.AccountModel.Groups) { int groupId = GetGroupId(line); AccountGroup accountGroup = new AccountGroup(); accountGroup.AccountId = accountId; accountGroup.GroupId = groupId; db.AccountGroups.Add(accountGroup); } } db.Entry(user).State = System.Data.Entity.EntityState.Modified; db.SaveChanges(); } } return(accountId); } }
public void Update(TaxonomyViewModel model) { CheckADObjectExists(model); using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Taxonomy rule = db.Taxonomies.Find(model.TaxonomyId); rule.Description = model.Description; db.SaveChanges(); } }
public static StackedColumnChartData[] DetectionsByHandlerAndStatus() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { StackedColumnChartData[] model = db.Detections .GroupBy(x => new { FullName = x.Responder.Equals(null) ? "Unassigned" : x.Responder.FirstName + " " + x.Responder.LastName, x.Status.StatusType }) .Select(y => new StackedColumnChartData { xValue = y.Key.FullName, seriesName = y.Key.StatusType, count = y.Count() }).ToArray(); return(model); } }
public override void Save() { try { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { AuthenticationLog model = new AuthenticationLog(); model.Timestamp = Data.FormattedTimestamp; model.Offset = Metadata.Offset; model.OperationName = Data.OperationName; model.ServiceName = Data.ServiceName; model.Success = Data.Success; model.UserId = Data.UserId; model.UserIp = Data.UserIp; model.CustomerId = Persistence.GetCustomerId(Metadata.CustomerIdString); if (Data.AuditKeyValues != null) { model.TargetName = Data.AuditKeyValues.Where(x => x.Key.Equals("target_name")).Select(x => x.ValueString).FirstOrDefault(); model.Entitlement = Data.AuditKeyValues.Where(x => x.Key.Equals("entitlement")).Select(x => x.ValueString).FirstOrDefault(); model.EntitlementGroup = Data.AuditKeyValues.Where(x => x.Key.Equals("entitlementGroup")).Select(x => x.ValueString).FirstOrDefault(); } else { model.TargetName = null; model.Entitlement = null; model.EntitlementGroup = null; } db.AuthenticationLogs.Add(model); db.SaveChanges(); AppConfiguration.FALCON_STREAM_LAST_OFFSET = Metadata.Offset; log.Debug("[" + Metadata.Offset + "] Authentication audit event saved to database"); } } catch (System.Data.Entity.Validation.DbEntityValidationException ex) { var errorMessages = ex.EntityValidationErrors .SelectMany(x => x.ValidationErrors) .Select(x => x.ErrorMessage); var fullErrorMessage = string.Join("; ", errorMessages); var exceptionMessage = string.Concat(ex.Message, " The validation errors are: ", fullErrorMessage); throw new DbEntityValidationException(exceptionMessage, ex.EntityValidationErrors); } catch (Exception e) { log.Fatal("[" + Metadata.Offset + "] Error occured while trying to save authentication activity audit event to database", e); System.Environment.Exit(1); } }
public void Update(WhitelistingViewModel model) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Whitelist rule = db.Whitelists.Find(model.WhitelistId); rule.Creator = model.Creator; rule.Reason = model.Reason; rule.Value = model.Value; rule.WhitelistTypeId = model.TypeId; db.SaveChanges(); } }
public Notification(Ticket _ticket, TicketViewModel model) { config = new AppConfiguration(System.Configuration.ConfigurationManager.AppSettings["CryptoKey"]); ticket = _ticket; //Severity and TicketRecipient navigation properties are not being loaded properly, this is a temp workaround FalconOrchestratorDB db = new FalconOrchestratorDB(); severity = db.Severities.Where(x => x.SeverityId == ticket.SeverityId).Select(y => y.SeverityType).Single(); recipientAddress = db.TicketRecipients.Where(x => x.TicketRecipientId == ticket.TicketRecipientId).Select(y => y.EmailAddress).Single(); db.Dispose(); }
public ActionResult Edit(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } FalconOrchestratorDB db = new FalconOrchestratorDB(); TaxonomyViewModel model = repo.Get(id); ViewBag.TypeId = new SelectList(db.TaxonomyTypes, "TaxTypeId", "Type", model.TypeId); return(View(model)); }
public static List <BarChartData> DetectionsByTaxonomy() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { List <BarChartData> model = db.DetectionTaxonomies .GroupBy(x => x.Taxonomy.Description) .Select(y => new BarChartData { field = y.Key, count = y.Count() }) .OrderByDescending(z => z.count).ToList(); return(model); } }
public void Delete(int?whitelistId) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Whitelist rule = new Whitelist() { WhitelistId = (int)whitelistId }; db.Whitelists.Attach(rule); db.Whitelists.Remove(rule); db.SaveChanges(); } }
public static List <BarChartMultiSeriesData> DetectionsByUserJobTitle() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { List <BarChartMultiSeriesData> model = db.Detections .GroupBy(x => x.Account.JobTitle) .Select(y => new BarChartMultiSeriesData { field = y.Key, count = y.Count(), count2 = y.Select(x => x.AccountId).Distinct().Count() }) .Where(z => z.field != null) .OrderByDescending(z => z.count).ToList(); return(model); } }
public WhitelistingViewModel Get(int?whitelistId) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Whitelist rule = db.Whitelists.Find(whitelistId); WhitelistingViewModel model = new WhitelistingViewModel(); model.WhitelistId = rule.WhitelistId; model.Value = rule.Value; model.Type = rule.WhitelistType.Type; model.TypeId = rule.WhitelistTypeId; model.Reason = rule.Reason; return(model); } }
public static List <PieChartData> DetectionsByStatus() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { List <PieChartData> model = db.Detections .GroupBy(x => x.Status.StatusType) .Select(y => new PieChartData { field = y.Key, count = y.Count() }) .OrderByDescending(z => z.count).ToList(); return(model); } }
protected void Application_Start() { ViewEngines.Engines.Clear(); ExtendedRazorViewEngine engine = new ExtendedRazorViewEngine(); ViewEngines.Engines.Add(engine); AreaRegistration.RegisterAllAreas(); FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); RouteConfig.RegisterRoutes(RouteTable.Routes); FalconOrchestratorDB db = new FalconOrchestratorDB(); Application["Detections"] = db.Detections.Include("DetectionDevice").Include("Account").ToList(); }
private void ApplyRetroactively(FalconOrchestratorDB db, WhitelistingViewModel model) { string name = db.WhitelistTypes.Where(x => x.WhitelistTypeId == model.TypeId).Select(x => x.Type).FirstOrDefault(); string prop = name.Replace(" ", String.Empty); System.Reflection.PropertyInfo property = typeof(Detection).GetProperty(prop); List <Detection> matchingDetects = db.Detections.ToList().Where(x => System.Text.RegularExpressions.Regex.IsMatch(property.GetValue(x).ToString(), System.Text.RegularExpressions.Regex.Replace(model.Value, @"\\", @"\\"))).ToList(); foreach (Detection line in matchingDetects) { line.StatusId = 7; line.ClosedDate = DateTime.UtcNow; } db.SaveChanges(); }
public void Create(WhitelistingViewModel model) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Whitelist rule = new Whitelist(); rule.Reason = model.Reason; rule.Creator = model.Creator; rule.Timestamp = DateTime.UtcNow; rule.Value = model.Value; rule.WhitelistTypeId = model.TypeId; db.Whitelists.Add(rule); db.SaveChanges(); ApplyRetroactively(db, model); } }
public TaxonomyViewModel Get(int?id) { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Taxonomy rule = db.Taxonomies.Find(id); TaxonomyViewModel model = new TaxonomyViewModel(); model.TaxonomyId = rule.TaxonomyId; model.Creator = rule.Creator; model.Critical = rule.Critical; model.Description = rule.Description; model.Type = rule.TaxonomyType.Type; model.TypeId = rule.TaxTypeId; model.Value = rule.Value; return(model); } }
public void Create(TaxonomyViewModel model) { CheckADObjectExists(model); using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { Taxonomy rule = new Taxonomy(); rule.Value = model.Value; rule.Timestamp = DateTime.UtcNow; rule.TaxTypeId = model.TypeId; rule.Description = model.Description; rule.Critical = model.Critical; rule.Creator = model.Creator; db.Taxonomies.Add(rule); db.SaveChanges(); ApplyRetoractively(db, model, rule.TaxonomyId); } }
public override void Execute() { using (FalconOrchestratorDB db = new FalconOrchestratorDB()) { string dayOfWeek = model.Data.FormattedProcessStartTime.Value.DayOfWeek.ToString(); Responder responder = Persistence.GetAssignedResponder(dayOfWeek); if (responder != null) { model.Data.ResponderId = responder.ResponderId; log.Debug("Assign responder rule enabled, schedule has " + responder.FirstName + " " + responder.LastName + " assigned for " + dayOfWeek); } else { log.Warn("Assign responder rule enabled, however no responder has been scheduled for " + dayOfWeek); } } }
public ActionResult Index() { FalconOrchestratorDB db = new FalconOrchestratorDB(); List <ResponderSchedule> handlerschedules = db.ResponderSchedules.ToList(); List <ScheduleViewModel> result = new List <ScheduleViewModel>(); foreach (var line in handlerschedules) { ScheduleViewModel model = new ScheduleViewModel(); model.DayOfWeek = line.DayOfWeek; model.ScheduleId = line.ScheduleId; model.FullName = line.Responder != null ? line.Responder.FirstName + " " + line.Responder.LastName : null; model.ResponderId = line.ResponderId != null?line.ResponderId.ToString() : null; result.Add(model); } return(View(result)); }