Esempio n. 1
0
        /// <summary>
        /// AuditedEventDTO to SyslogMessage formatter for the Version Promotion operation family.
        /// </summary>
        /// <param name="auditedEvent">The AuditedEventDTO instance to format</param>
        /// <returns>SyslogMessage representation of the event</returns>
        private SyslogMessage VersionPromotionMapper(AuditedEventDTO auditedEvent)
        {
            var    severity = Severity.Informational;
            string detail;

            if (auditedEvent.EventType == AuditEventType.OperationFailed)
            {
                severity = Severity.Warning;
                detail   = $"- {auditedEvent.Details}";
            }
            else
            {
                var av = JsonConvert.DeserializeObject <ApplicationVersionDto>(auditedEvent.Details);
                detail = $"{av.Name} ({av.Alias}) {av.Stage}";
            }

            var message = $"{auditedEvent.Operation} {auditedEvent.EventTypeDescription()} {detail}";

            return(new SyslogMessage(
                       auditedEvent.Timestamp,
                       Facility.UserLevelMessages,
                       severity,
                       auditedEvent.SourceIP,
                       "ApprendaCloudPlatform",
                       message: message.StripNewLines(),
                       procId: "-",
                       structuredDataElements: new StructuredDataElement[0],
                       msgId: "-"));
        }
Esempio n. 2
0
        /// <summary>
        /// Formats an AuditedEventDTO that contains a ReportCard in the Details field.
        /// </summary>
        /// <param name="auditedEvent">The audited event to format</param>
        /// <returns>SyslogMessage representing the provided event</returns>
        public static SyslogMessage DefaultReportCardFormatter(AuditedEventDTO auditedEvent)
        {
            if (auditedEvent == null)
            {
                return(null);
            }

            var details       = JsonConvert.DeserializeObject <DetailsObject>(auditedEvent.Details);
            var messageDetail = string.Empty;
            var reportCard    = JsonConvert.DeserializeObject <ReportCard>(details.Details, new JsonSerializerSettings
            {
                Error = (unused, discarded) => messageDetail = $"{details.Details}",
            });

            if (reportCard != null)
            {
                messageDetail = $" {string.Join(";", reportCard.ErrorMessages.ToArray())}";
            }

            return(FromEventDTO(auditedEvent, $"{auditedEvent.Operation} {auditedEvent.EventTypeDescription()}{messageDetail}"));
        }
Esempio n. 3
0
        /// <summary>
        /// Formats an AuditedEventDTO that contains a ReportCard in the Details field.
        /// </summary>
        /// <param name="auditedEvent">The audited event to format</param>
        /// <returns>SyslogMessage representing the provided event</returns>
        protected SyslogMessage DefaultReportCardCefFormatter(AuditedEventDTO auditedEvent)
        {
            if (auditedEvent == null)
            {
                return(null);
            }

            var details       = JsonConvert.DeserializeObject <DetailsObject>(auditedEvent.Details);
            var messageDetail = string.Empty;
            var reportCard    = JsonConvert.DeserializeObject <ReportCard>(details.Details, new JsonSerializerSettings
            {
                Error = (unused, discarded) => messageDetail = $"{details.Details}",
            });

            if (reportCard != null)
            {
                messageDetail = $" {string.Join(";", reportCard.ErrorMessages.ToArray())}";
            }

            return(auditedEvent.ToSyslogMessage($"CEF:0|Apprenda|CloudPlatform|{PlatformVersion}|-|{auditedEvent.Operation}|Unknown|outcome={auditedEvent.EventTypeDescription()} {messageDetail}"));
        }
Esempio n. 4
0
        private SyslogMessage RegistrySetValueDetailFormatter(AuditedEventDTO auditedEvent)
        {
            if (auditedEvent == null)
            {
                return(null);
            }

            var details = JsonConvert.DeserializeObject <DetailsObject>(auditedEvent.Details);

            var detail  = $"cs1={details.OriginalValue.StripNewLines()} cs2={details.NewValue.StripNewLines()}";
            var message = $"CEF:0|Apprenda|CloudPlatform|{PlatformVersion}|-|{auditedEvent.Operation}|PR1|outcome={auditedEvent.EventTypeDescription()} {detail}";

            return(auditedEvent.ToSyslogMessage(message));
        }
Esempio n. 5
0
 /// <summary>
 /// Default formatter for AuditedEventDTO whose EventType is not encoded in the message and which has a non-empty Results body to include.
 /// </summary>
 /// <param name="auditedEvent">The audited event</param>
 /// <returns>Syslos Message representing the event</returns>
 public SyslogMessage DefaultOpResultFormatter(AuditedEventDTO auditedEvent) => auditedEvent == null ? null : FromEventDTO(auditedEvent, Facility.LogAudit, Severity.Informational, $"{auditedEvent.Operation} {auditedEvent.EventTypeDescription()} {auditedEvent.Details.StripNewLines()}");
Esempio n. 6
0
        /// <summary>
        /// Formatter to handle Login Failure events.
        /// </summary>
        /// <param name="auditedEvent">The audited event</param>
        /// <returns>SyslogMessage representing the event.</returns>
        private SyslogMessage LoginFailureFormatter(AuditedEventDTO auditedEvent)
        {
            var loginDetails = FormatLoginFailureDto(auditedEvent.Details);
            var message      =
                $"CEF:0|Apprenda|CloudPlatform|{PlatformVersion}|-|{auditedEvent.Operation}|CIT3|outcome={auditedEvent.EventTypeDescription()} {loginDetails}";

            return(auditedEvent.ToSyslogMessage(Facility.SecurityOrAuthorizationMessages1, Severity.Notice, message));
        }