public DataSet getIDPSSignaturesCategory(int idpsId)
{
ids auxIDPS = new ids();
idsBus oIDPSBus = new idsBus();
DataSet dtsResult = new DataSet();
string sqlQuery;
auxIDPS = oIDPSBus.idsGetById(idpsId);
if (auxIDPS != null)
{
switch (auxIDPS.IdsId)
{
case 1: //ossec
sqlQuery = "SELECT cat_id as SignatureCategoryId, "
+ " cat_name as SignatureCategoryName "
+ " FROM Category "
+ " ORDER by cat_id; ";
dtsResult = ExecQueryMySQL(auxIDPS.DatabaseHost,
auxIDPS.DatabaseName,
auxIDPS.DatabaseUser,
auxIDPS.DatabasePass,
sqlQuery);
break;
case 2: //snort
case 3: //suricata
sqlQuery = "SELECT sig_class_id as SignatureCategoryId, "
+ " sig_class_name as SignatureCategoryName "
+ " FROM sig_class "
+ " ORDER by sig_class_id; ";
dtsResult = ExecQueryMySQL(auxIDPS.DatabaseHost,
auxIDPS.DatabaseName,
auxIDPS.DatabaseUser,
auxIDPS.DatabasePass,
sqlQuery);
break;
case 4: //bro
//TODO
break;
}
}
return(dtsResult);
}
public DataTable getIDPSData()
{
DataSet dtsResult = new DataSet();
DataTable dttResult = new DataTable();
dttResult.Columns.Add(new DataColumn("IDPSId", System.Type.GetType("System.Int32")));
dttResult.Columns.Add(new DataColumn("EventsAlarmId", System.Type.GetType("System.Int32")));
dttResult.Columns.Add(new DataColumn("IDPSEventId", System.Type.GetType("System.Int32")));
dttResult.Columns.Add(new DataColumn("datetime ", System.Type.GetType("System.String")));
dttResult.Columns.Add(new DataColumn("description", System.Type.GetType("System.String")));
dttResult.Columns.Add(new DataColumn("source ", System.Type.GetType("System.String")));
List <eventsalarm> lstEventsAlarm = new List <eventsalarm>();
eventsalarmBus oEventsAlarm = new eventsalarmBus();
ids auxIDPS = new ids();
idsBus oIDPSBus = new idsBus();
lstEventsAlarm = oEventsAlarm.eventsalarmGetAll();
if (lstEventsAlarm.Count > 0)
{
foreach (eventsalarm row in lstEventsAlarm)
{
switch (row.IdsId)
{
case 1: //ossec
auxIDPS = oIDPSBus.idsGetById(row.IdsId);
dtsResult = requestOSSECEvents(auxIDPS.DatabaseHost,
auxIDPS.DatabaseName,
auxIDPS.DatabaseUser,
auxIDPS.DatabasePass,
row.IdsSignatureCategoryId);
if (dtsResult.Tables[0].Rows.Count > 0)
{
foreach (DataRow rowResult in dtsResult.Tables[0].Rows)
{
dttResult.Rows.Add(row.IdsId,
row.EventsAlarmId,
Convert.ToInt32(rowResult[0].ToString()),
rowResult[1].ToString(),
rowResult[2].ToString(),
rowResult[3].ToString());
}
}
break;
case 2: //snort
case 3: //suricata
auxIDPS = oIDPSBus.idsGetById(row.IdsId);
dtsResult = requestbarnyard2Events(auxIDPS.DatabaseHost,
auxIDPS.DatabaseName,
auxIDPS.DatabaseUser,
auxIDPS.DatabasePass,
row.IdsSignatureCategoryId);
if (dtsResult.Tables[0].Rows.Count > 0)
{
foreach (DataRow rowResult in dtsResult.Tables[0].Rows)
{
dttResult.Rows.Add(row.IdsId,
row.EventsAlarmId,
Convert.ToInt32(rowResult[0].ToString()),
rowResult[1].ToString(),
rowResult[2].ToString(),
rowResult[3].ToString());
}
}
break;
case 4: //bro
auxIDPS = oIDPSBus.idsGetById(row.IdsId);
dtsResult = requestBroEvents(auxIDPS.DatabaseHost,
auxIDPS.DatabaseName,
auxIDPS.DatabaseUser,
auxIDPS.DatabasePass,
row.IdsSignatureCategoryId);
if (dtsResult.Tables[0].Rows.Count > 0)
{
foreach (DataRow rowResult in dtsResult.Tables[0].Rows)
{
dttResult.Rows.Add(row.IdsId,
row.EventsAlarmId,
Convert.ToInt32(rowResult[0].ToString()),
rowResult[1].ToString(),
rowResult[2].ToString(),
rowResult[3].ToString());
}
}
break;
}
}
}
return(dttResult);
}
protected void getEventsDetectionData()
{
DataTable dttEventsDetection = new DataTable();
dttEventsDetection.Columns.Add(new DataColumn("eventsDetectionId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("datetime", System.Type.GetType("System.DateTime")));
dttEventsDetection.Columns.Add(new DataColumn("eventStauts", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("eventStatusDescription", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("IDSId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("IDPS", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("idsName", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("eventsAlarmId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("severityId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("severityDescription", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("SLATimeToResponse", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("TaskId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("IDPSEventId", System.Type.GetType("System.Int32")));
List <eventsdetection> lstEvetnsDetection = new List <eventsdetection>();
eventsdetectionBus oEventsDetection = new eventsdetectionBus();
idsBus oIDPS = new idsBus();
eventsalarmBus oEventsAlarm = new eventsalarmBus();
severityBus oSeverity = new severityBus();
tasksBus oTask = new tasksBus();
taskstatusBus oTaskStatus = new taskstatusBus();
lstEvetnsDetection = oEventsDetection.eventsdetectionGetAll();
if (lstEvetnsDetection.Count > 0)
{
foreach (eventsdetection row in lstEvetnsDetection)
{
if (row.EventStatus == 2 || row.EventStatus == 5) //Closed, Rejected
{
continue;
}
ids auxIDPS = new ids();
eventsalarm auxEventAlarm = new eventsalarm();
severity auxSeverity = new severity();
tasks auxTask = new tasks();
taskstatus auxTaskStatus = new taskstatus();
auxIDPS = oIDPS.idsGetById(row.IdsId);
auxEventAlarm = oEventsAlarm.eventsalarmGetById(row.EventsAlarmId);
auxSeverity = oSeverity.severityGetById(auxEventAlarm.Severity);
auxTask = oTask.tasksGetByEventsDetectionId(row.EventsDetectionId);
auxTaskStatus = oTaskStatus.taskstatusGetById(row.EventStatus);
dttEventsDetection.Rows.Add(row.EventsDetectionId,
row.DateTime,
row.EventStatus,
auxTaskStatus.TaskStatusDescription,
row.IdsId,
auxIDPS.IdsIP,
auxIDPS.idsName,
row.EventsAlarmId,
auxSeverity.SeverityId,
auxSeverity.SeverityDescription,
auxSeverity.SLATimeToResponse,
auxTask.TaskId,
row.IDPSEventId);
}
gvEventsDetection.DataSource = dttEventsDetection;
gvEventsDetection.DataBind();
}
}
protected void gvIDPS_SelectedIndexChanged(object sender, EventArgs e)
{
GridViewRow row = gvIDPS.SelectedRow;
ids auxIDPS = new ids();
idsBus oIDPS = new idsBus();
try
{
ddlIDPSType.SelectedValue = ((Label)row.FindControl("idsTypeId")).Text;
ddlDatabaseType.SelectedValue = ((Label)row.FindControl("databaseTypeId")).Text;
}
catch
{
}
if ((Label)row.FindControl("idsId") != null)
{
txtIDPSId.Text = ((Label)row.FindControl("idsId")).Text;
}
else
{
txtIDPSId.Text = "";
}
if ((Label)row.FindControl("idsName") != null)
{
txtIDPSName.Text = ((Label)row.FindControl("idsName")).Text;
}
else
{
txtIDPSName.Text = "";
}
if ((Label)row.FindControl("idsVersion") != null)
{
txtIDPSVersion.Text = ((Label)row.FindControl("idsVersion")).Text;
}
else
{
txtIDPSVersion.Text = "";
}
if ((Label)row.FindControl("idsIP") != null)
{
txtIP.Text = ((Label)row.FindControl("idsIP")).Text;
}
else
{
txtIP.Text = "";
}
if ((CheckBox)row.FindControl("active") != null)
{
chkActive.Checked = ((CheckBox)row.FindControl("active")).Checked;
}
else
{
chkActive.Checked = false;
}
auxIDPS = oIDPS.idsGetById(Convert.ToInt32(txtIDPSId.Text));
txtUserDataBase.Text = auxIDPS.DatabaseUser;
txtPassDataBase.Text = auxIDPS.DatabasePass;
txtSourceDataBase.Text = auxIDPS.DatabaseName;
txtHostDatabase.Text = auxIDPS.DatabaseHost;
activateFields(true, false);
btnSave.Enabled = true;
}
protected void btnSearch_Click(object sender, EventArgs e)
{
if (!String.IsNullOrEmpty(txtSearch.Text))
{
DataTable dttEventsDetection = new DataTable();
dttEventsDetection.Columns.Add(new DataColumn("eventsDetectionId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("datetime", System.Type.GetType("System.DateTime")));
dttEventsDetection.Columns.Add(new DataColumn("eventStauts", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("eventStatusDescription", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("IDSId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("IDPS", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("idsName", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("eventsAlarmId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("severityId", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("severityDescription", System.Type.GetType("System.String")));
dttEventsDetection.Columns.Add(new DataColumn("SLATimeToResponse", System.Type.GetType("System.Int32")));
dttEventsDetection.Columns.Add(new DataColumn("TaskId", System.Type.GetType("System.Int32")));
eventsdetection auxEvetnsDetection = new eventsdetection();
eventsdetectionBus oEventsDetection = new eventsdetectionBus();
idsBus oIDPS = new idsBus();
eventsalarmBus oEventsAlarm = new eventsalarmBus();
severityBus oSeverity = new severityBus();
tasksBus oTask = new tasksBus();
auxEvetnsDetection = oEventsDetection.eventsdetectionGetById(Convert.ToInt32(txtSearch.Text));
if (auxEvetnsDetection != null)
{
string strStatus = "";
ids auxIDPS = new ids();
eventsalarm auxEventAlarm = new eventsalarm();
severity auxSeverity = new severity();
tasks auxTask = new tasks();
switch (auxEvetnsDetection.EventStatus)
{
case 1: strStatus = "Pendiente"; break;
case 2: strStatus = "En tratamiento"; break;
case 3: strStatus = "Cerrado"; break;
}
auxIDPS = oIDPS.idsGetById(auxEvetnsDetection.IdsId);
auxEventAlarm = oEventsAlarm.eventsalarmGetById(auxEvetnsDetection.EventsAlarmId);
auxSeverity = oSeverity.severityGetById(auxEventAlarm.Severity);
auxTask = oTask.tasksGetByEventsDetectionId(auxEvetnsDetection.EventsDetectionId);
dttEventsDetection.Rows.Add(auxEvetnsDetection.EventsDetectionId,
auxEvetnsDetection.DateTime,
auxEvetnsDetection.EventStatus,
strStatus,
auxEvetnsDetection.IdsId,
auxIDPS.IdsIP,
auxIDPS.idsName,
auxEvetnsDetection.EventsAlarmId,
auxSeverity.SeverityId,
auxSeverity.SeverityDescription,
auxSeverity.SLATimeToResponse,
auxTask.TaskId);
gvEventsDetection.DataSource = dttEventsDetection;
gvEventsDetection.DataBind();
}
else
{
lblMessage.Text = "Busqueda sin resultados...";
}
}
}
