private void MapGovernanceControlsByMaturityLevel(List <GovernanceControlEntity> governanceControlEntities, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Type = "pie",
Name = "Maturity Level"
};
var governanceControlGroups = governanceControlEntities.OrderBy(gc => gc.CmmiStatusId).GroupBy(gc => CmmiStatus.LookupByValue(gc.CmmiStatusId)).ToList();
foreach (var governanceControlGroup in governanceControlGroups)
{
var data = new Data
{
Name = governanceControlGroup.Key.Name,
Value = governanceControlGroup.Count(),
Color = governanceControlGroup.Key.Color
};
series.Data.Add(data);
}
highchart.Series.Add(series);
dashboard.GovernanceControlsByMaturityLevel = highchart;
}
private void MapTopRiskByScore(List <RiskEntity> riskEntities, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Name = "Risks"
};
var risksByScoreDescending = riskEntities.OrderByDescending(r => r.FinalScore).ThenBy(r => Decrypt <string>(r.NameBytes)).ToList();
for (var index = 0; index < risksByScoreDescending.Count; index++)
{
var riskEntity = risksByScoreDescending[index];
var data = new Data
{
Id = riskEntity.Id.ToString(),
Name = $"{index + 1}. {Decrypt<string>(riskEntity.NameBytes)}", //include index so that duplicate names will be displayed
Value = riskEntity.FinalScore.GetValueOrDefault(),
Color = ThreatLevel.LookupByValue(riskEntity.FinalScore).Color,
SeverityName = ThreatLevel.LookupByValue(riskEntity.FinalScore).Name
};
series.Data.Add(data);
}
highchart.Series.Add(series);
dashboard.TopRiskByScore = highchart;
}
private void MapComplianceByMaturityLevel(List <ComplianceEntity> complianceEntities, ComplianceSchemeEntity scheme, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Type = "pie",
Name = "Maturity Level"
};
var maturityLevelGroups = complianceEntities.OrderBy(x => x.CmmiStatusId).GroupBy(gc => CmmiStatus.LookupByValue(gc.CmmiStatusId)).ToList();
foreach (var maturityLevelGroup in maturityLevelGroups)
{
var data = new Data
{
Name = maturityLevelGroup.Key.Name,
Value = maturityLevelGroup.Count(),
Color = maturityLevelGroup.Key.Color
};
series.Data.Add(data);
}
highchart.Series.Add(series);
dashboard.ComplianceByMaturityLevel[scheme.Id] = highchart;
}
private void MapComplianceByGapReview(List <ComplianceEntity> complianceEntities, ComplianceSchemeEntity scheme, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Type = "pie",
Name = "Compliance"
};
var gapReviewGroups = complianceEntities.OrderBy(x => x.CompliantStatusId).GroupBy(x => CompliantStatus.LookupByValue(x.CompliantStatusId) ?? CompliantStatus.Unknown).ToList();
foreach (var gapReviewGroup in gapReviewGroups)
{
var data = new Data
{
Name = gapReviewGroup.Key.Name,
Value = gapReviewGroup.Count(),
Color = gapReviewGroup.Key.Color
};
series.Data.Add(data);
}
highchart.Series.Add(series);
dashboard.ComplianceByGapReview[scheme.Id] = highchart;
}
private ActionResult AreaChart(string title, params Series[] dataSeries)
{
var json = new Highchart
{
Chart = new Chart
{
Height = 600,
Type = ChartType.Area
},
Title = title,
XAxis = new Axis(AxisType.Datetime, new Title()),
YAxis = new Axis
{
Title = "Percentage",
Min = 0
},
Tooltip = new
{
Shared = true,
Crosshairs = true
},
PlotOptions = new PlotOptions
{
Bar = new
{
DataLabels = new
{
Enabled = true
}
},
Area = new PlotOptionsArea
{
Stacking = PlotOptionsAreaStacking.Percent,
LineColor = "#ffffff",
LineWidth = 1,
Marker = new
{
LineWidth = 1,
LineColor = "#ffffff"
}
}
},
Legend = new
{
Layout = "vertical",
Align = "left",
X = 120,
VerticalAlign = "top",
Y = 100,
Floating = true,
BackgroundColor = "#FFFFFF"
},
Series = (
dataSeries
)
};
return(LowercaseJson(json));
}
public HighchartsSetUp(string id)
{
this.Id = id;
this.dataSource = new EmptyDataSource();
this.obj = new Highchart();
this.obj.Chart.RenderTo = this.Id;
}
private void MapRiskByPhase(List <RiskEntity> riskEntities, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Name = "Phases"
};
var riskSeverityGroups = riskEntities.OrderBy(r => r.Phase?.DisplayOrder).GroupBy(r => r.Phase ?? new PhaseEntity {
Name = "Unknown"
}).ToList();
foreach (var riskPhaseGroup in riskSeverityGroups)
{
var data = new Data
{
Name = riskPhaseGroup.Key.Name,
Value = riskPhaseGroup.Count(),
Drilldown = riskPhaseGroup.Key.Name
};
series.Data.Add(data);
//Order By Asc so that the severity levels will be drawn from low to high (left to right)
var riskSeverityPhaseGroups = riskPhaseGroup.OrderBy(r => r.FinalScore).GroupBy(r => ThreatLevel.LookupByValue(r.FinalScore)).ToList();
if (riskSeverityPhaseGroups.Any())
{
var drilldownSeries = new Series
{
Name = riskPhaseGroup.Key.Name,
Id = riskPhaseGroup.Key.Name
};
foreach (var riskSeverityPhaseGroup in riskSeverityPhaseGroups)
{
var drilldownData = new Data
{
Name = riskSeverityPhaseGroup.Key.Name,
Value = riskSeverityPhaseGroup.Count(),
Color = riskSeverityPhaseGroup.Key.Color
};
drilldownSeries.Data.Add(drilldownData);
}
highchart.DrilldownSeries.Add(drilldownSeries);
}
}
highchart.Series.Add(series);
dashboard.RiskByPhase = highchart;
}
private void MapRiskByScore(List <RiskEntity> riskEntities, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Type = "pie",
Name = "Score"
};
var riskSeverityGroups = riskEntities.OrderBy(r => r.FinalScore).GroupBy(r => ThreatLevel.LookupByValue(r.FinalScore)).ToList();
foreach (var riskSeverityGroup in riskSeverityGroups)
{
var data = new Data
{
Name = riskSeverityGroup.Key.Name,
Value = riskSeverityGroup.Count(),
Color = riskSeverityGroup.Key.Color,
Drilldown = riskSeverityGroup.Key.Name
};
series.Data.Add(data);
var riskSeverityPhaseGroups = riskSeverityGroup.OrderBy(r => r.Phase?.DisplayOrder).GroupBy(r => r.Phase ?? new PhaseEntity {
Name = "Unknown"
}).ToList();
if (riskSeverityPhaseGroups.Any())
{
var drilldownSeries = new Series
{
Name = riskSeverityGroup.Key.Name,
Id = riskSeverityGroup.Key.Name
};
foreach (var riskSeverityPhaseGroup in riskSeverityPhaseGroups)
{
var drilldownData = new Data
{
Name = riskSeverityPhaseGroup.Key.Name,
Value = riskSeverityPhaseGroup.Count()
};
drilldownSeries.Data.Add(drilldownData);
}
highchart.DrilldownSeries.Add(drilldownSeries);
}
}
highchart.Series.Add(series);
dashboard.RiskByScore = highchart;
}
private void MapVulnerabilities(List <VulnerabilityEntity> vulnerabilityEntities, Dashboard dashboard)
{
var highchart = new Highchart();
// TODO: Make more efficient? Either filter by importId on the repository level or use Queryable clauses instead of this tedious mapping
List <VulnerabilityEntity> vulnerabilityEntitiesToKeep = new List <VulnerabilityEntity>();
foreach (var vulnerabilityEntity in vulnerabilityEntities)
{
var vulnerability = _vulnerabilityMapper.Map(vulnerabilityEntity);
List <HostVulnerabilityEntity> hostVulnerabilitiesToKeep = new List <HostVulnerabilityEntity>();
foreach (var hostVulnerability in vulnerabilityEntity.HostVulnerabilities)
{
hostVulnerabilitiesToKeep.Add(hostVulnerability);
}
vulnerabilityEntity.HostVulnerabilities = hostVulnerabilitiesToKeep;
vulnerabilityEntitiesToKeep.Add(vulnerabilityEntity);
}
var threatLevelGroups = vulnerabilityEntitiesToKeep
.OrderBy(x => x.CvssScore)
.GroupBy(x => ThreatLevel.LookupByValue(x.CvssScore));
foreach (var threatLevelGroup in threatLevelGroups)
{
var threatLevel = new Series
{
Name = threatLevelGroup.Key.Name,
Color = threatLevelGroup.Key.Color
};
var categories = threatLevelGroup
.OrderBy(v => v.VulnerabilityCategory)
.GroupBy(v => v.VulnerabilityCategory)
.Select(x => new Data
{
Name = x.Key,
Value = x.Count(),
Color = threatLevelGroup.Key.Color
});
threatLevel.Data.AddRange(categories);
highchart.Series.Add(threatLevel);
}
dashboard.Vulnerabilities = highchart;
}
private void MapVulnerabilitiesBySeverity(List <VulnerabilityEntity> vulnerabilityEntities, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Type = "pie",
Name = "Severity"
};
var vulnerabilitySeverityGroups = vulnerabilityEntities.OrderByDescending(v => v.CvssScore).GroupBy(v => ThreatLevel.LookupByValue(v.CvssScore)).ToList();
foreach (var vulnerabilitySeverityGroup in vulnerabilitySeverityGroups)
{
var data = new Data
{
Name = vulnerabilitySeverityGroup.Key.Name,
Value = vulnerabilitySeverityGroup.Count(),
Color = vulnerabilitySeverityGroup.Key.Color,
Drilldown = vulnerabilitySeverityGroup.Key.Name
};
series.Data.Add(data);
var vulnerabilitySeverityCategoryGroups = vulnerabilitySeverityGroup.OrderBy(v => v.VulnerabilityCategory).GroupBy(v => v.VulnerabilityCategory).ToList();
if (vulnerabilitySeverityCategoryGroups.Any())
{
var drilldownSeries = new Series
{
Name = vulnerabilitySeverityGroup.Key.Name,
Id = vulnerabilitySeverityGroup.Key.Name
};
foreach (var vulnerabilitySeverityCategoryGroup in vulnerabilitySeverityCategoryGroups)
{
var drilldownData = new Data
{
Name = vulnerabilitySeverityCategoryGroup.Key,
Value = vulnerabilitySeverityCategoryGroup.Count()
};
drilldownSeries.Data.Add(drilldownData);
}
highchart.DrilldownSeries.Add(drilldownSeries);
}
}
highchart.Series.Add(series);
dashboard.VulnerabilitiesBySeverity = highchart;
}
public Dashboard()
{
VulnerabilitiesBySeverity = new Highchart();
VulnerabilitiesByCategory = new Highchart();
Vulnerabilities = new Highchart();
RiskByImpact = new Highchart();
RiskByScore = new Highchart();
RiskByLikelihood = new Highchart();
RiskByPhase = new Highchart();
TopRiskByScore = new Highchart();
RiskGauge = new Highchart();
GovernanceControlsByRiskLevel = new Highchart();
GovernanceControlsByMaturityLevel = new Highchart();
RiskScoreByPhase = new Highchart();
ComplianceHipaaByGapReview = new Highchart();
ComplianceHipaaByMaturityLevel = new Highchart();
MitigationSummaryRisks = new Dictionary <int, Highchart>();
MitigationSummaryRisksByPhase = new Dictionary <int, Highchart>();
MitigationSummaryRisksAndVulns = new Dictionary <int, Highchart>();
ComplianceByGapReview = new Dictionary <int, Highchart>();
ComplianceByMaturityLevel = new Dictionary <int, Highchart>();
}
public void MapRiskGauge(EngagementEntity engagementEntity, Dashboard dashboard)
{
var highchart = new Highchart();
var series = new Series
{
Type = "pie",
Name = "Severity",
InnerSize = "70%"
};
dashboard.RiskScore = engagementEntity.RiskScore?.ToString("N1") ?? "N/A";
Func <ThreatLevel, decimal?, List <Data> > buildData = (threatLevel, nextThreatLevelValue) =>
{
var dataSlices = new List <Data>();
for (var slice = threatLevel.Value; slice < nextThreatLevelValue; slice += 0.1m)
{
dataSlices.Add(new Data
{
Name = 5 == slice ? ThreatLevel.LookupByValue(engagementEntity.RiskScore).Name : string.Empty,
Color = engagementEntity.RiskScore >= slice ? threatLevel.Color : "#eee",
Value = 0.1m
});
}
return(dataSlices);
};
series.Data.AddRange(buildData(ThreatLevel.VeryLow, ThreatLevel.Low.Value));
series.Data.AddRange(buildData(ThreatLevel.Low, ThreatLevel.Moderate.Value));
series.Data.AddRange(buildData(ThreatLevel.Moderate, ThreatLevel.High.Value));
series.Data.AddRange(buildData(ThreatLevel.High, ThreatLevel.VeryHigh.Value));
series.Data.AddRange(buildData(ThreatLevel.VeryHigh, 10m));
highchart.Series.Add(series);
dashboard.RiskGauge = highchart;
}
private void MapVulnerabilitiesByCategory(List <VulnerabilityEntity> vulnerabilityEntities, Dashboard dashboard, int?importId)
{
var highchart = new Highchart();
var series = new Series
{
Name = "Categories"
};
// TODO: Make more efficient? Either filter by importId on the repository level or use Queryable clauses instead of this tedious mapping
List <VulnerabilityEntity> vulnerabilityEntitiesToKeep = new List <VulnerabilityEntity>();
foreach (var vulnerabilityEntity in vulnerabilityEntities)
{
var vulnerability = _vulnerabilityMapper.Map(vulnerabilityEntity);
List <HostVulnerabilityEntity> hostVulnerabilitiesToKeep = new List <HostVulnerabilityEntity>();
foreach (var hostVulnerability in vulnerabilityEntity.HostVulnerabilities)
{
if (hostVulnerability.ImportId == importId)
{
hostVulnerabilitiesToKeep.Add(hostVulnerability);
}
}
vulnerabilityEntity.HostVulnerabilities = hostVulnerabilitiesToKeep;
if (vulnerabilityEntity.HostVulnerabilities.Count > 0)
{
vulnerabilityEntitiesToKeep.Add(vulnerabilityEntity);
}
}
var vulnerabilityCategoryGroups = vulnerabilityEntitiesToKeep.OrderBy(v => v.VulnerabilityCategory).GroupBy(v => v.VulnerabilityCategory).ToList();
foreach (var vulnerabilityCategoryGroup in vulnerabilityCategoryGroups)
{
var data = new Data
{
Name = vulnerabilityCategoryGroup.Key,
Value = vulnerabilityCategoryGroup.Count(),
Drilldown = vulnerabilityCategoryGroup.Key
};
series.Data.Add(data);
//Order By Asc so that the severity levels will be drawn from low to high (left to right)
var vulnerabilityCategorySeverityGroups = vulnerabilityCategoryGroup.OrderBy(v => v.CvssScore).GroupBy(v => ThreatLevel.LookupByValue(v.CvssScore)).ToList();
if (vulnerabilityCategorySeverityGroups.Any())
{
var drilldownSeries = new Series
{
Name = vulnerabilityCategoryGroup.Key,
Id = vulnerabilityCategoryGroup.Key
};
foreach (var vulnerabilityCategorySeverityGroup in vulnerabilityCategorySeverityGroups)
{
var drilldownData = new Data
{
Name = vulnerabilityCategorySeverityGroup.Key.Name,
Value = vulnerabilityCategorySeverityGroup.Count(),
Color = vulnerabilityCategorySeverityGroup.Key.Color
};
drilldownSeries.Data.Add(drilldownData);
}
highchart.DrilldownSeries.Add(drilldownSeries);
}
}
highchart.Series.Add(series);
dashboard.VulnerabilitiesByCategory = highchart;
}
//TODO: Create dashboard mapper to encapsulate mapping logic
private void MapHostsByOperatingSystem(List <HostEntity> hostEntities, Dashboard dashboard)
{
var highchart = new Highchart();
// TODO: Make more efficient? Either filter on the repository level or use Queryable clauses instead of this tedious mapping
List <HostEntity> hostEntitiesToKeep = new List <HostEntity>();
foreach (var hostEntity in hostEntities)
{
var host = _hostMapper.Map(hostEntity);
List <HostVulnerabilityEntity> hostVulnerabilitiesToKeep = new List <HostVulnerabilityEntity>();
foreach (var hostVulnerability in hostEntity.HostVulnerabilities)
{
hostVulnerabilitiesToKeep.Add(hostVulnerability);
}
hostEntity.HostVulnerabilities = hostVulnerabilitiesToKeep;
hostEntitiesToKeep.Add(hostEntity);
}
Func <HostEntity, ThreatLevel> averageSeverity = v => v.HostVulnerabilities.Any() ? ThreatLevel.LookupByValue(v.HostVulnerabilities.Average(x => x.Vulnerability.CvssScore)) : ThreatLevel.VeryLow;
var hostVulnerabilitySeverityGroups = hostEntitiesToKeep.OrderBy(averageSeverity).GroupBy(averageSeverity).ToList();
foreach (var hostVulnerabilitySeverityGroup in hostVulnerabilitySeverityGroups)
{
var series = new Series
{
Name = hostVulnerabilitySeverityGroup.Key.Name,
Color = hostVulnerabilitySeverityGroup.Key.Color
};
Func <HostEntity, string> operatingSystem = v =>
{
var os = Decrypt <string>(v.OperatingSystemBytes) ?? string.Empty;
return(os.Contains(' ') ? os.Substring(0, os.IndexOf(' ')) : os);
};
var vulnerabilitySeverityOperatingSystemGroups = hostVulnerabilitySeverityGroup.OrderBy(operatingSystem).GroupBy(operatingSystem).ToList();
foreach (var vulnerabilitySeverityOperatingSystemGroup in vulnerabilitySeverityOperatingSystemGroups)
{
var data = new Data
{
Name = vulnerabilitySeverityOperatingSystemGroup.Key,
Value = vulnerabilitySeverityOperatingSystemGroup.Count(),
Color = hostVulnerabilitySeverityGroup.Key.Color,
Drilldown = hostVulnerabilitySeverityGroup.Key.Name + "-" + vulnerabilitySeverityOperatingSystemGroup.Key
};
series.Data.Add(data);
var hostVulnerabilityOperatingSystemGroups = vulnerabilitySeverityOperatingSystemGroup.OrderBy(v => Decrypt <string>(v.OperatingSystemBytes)).GroupBy(v => Decrypt <string>(v.OperatingSystemBytes)).ToList();
if (hostVulnerabilityOperatingSystemGroups.Any())
{
var drilldownSeries = new Series
{
Name = $"{hostVulnerabilitySeverityGroup.Key.Name} ({vulnerabilitySeverityOperatingSystemGroup.Key})",
Id = hostVulnerabilitySeverityGroup.Key.Name + "-" + vulnerabilitySeverityOperatingSystemGroup.Key
};
foreach (var vulnerabilityOperatingSystemGroup in hostVulnerabilityOperatingSystemGroups)
{
var drilldownData = new Data
{
Name = vulnerabilityOperatingSystemGroup.Key,
Value = vulnerabilityOperatingSystemGroup.Select(x => Decrypt <string>(x.IPAddressBytes)).Distinct().Count()
};
drilldownSeries.Data.Add(drilldownData);
}
highchart.DrilldownSeries.Add(drilldownSeries);
}
}
highchart.Series.Add(series);
}
dashboard.HostsByOperatingSystem = highchart;
}
public HighchartsAdapter(Highchart chart)
{
_chart = new Chart(chart);
}
