/// <summary> /// this method checks a DoS attack on a webserver /// </summary> /// <param name="webServerAddress"></param> /// <param name="threshold"></param> /// <param name="analysisWindow"></param> /// <returns></returns> public bool CheckForWebServerDosAttack(string webServerAddress, int threshold, int?analysisWindow) { bool alertRaised = false; //fetch the data to base the decision from the appropriate agent int totalEvents = SensorEventAgent.GetTotalEvents(webServerAddress, 80, analysisWindow); if (totalEvents > threshold) { foreach (IAlertReport alertReport in ReportMethods) { IDMEFMessage alertMessage = IdmefMessageMapper.CreateWebDoSAlert(webServerAddress, analyserId.ToString()); alertReport.ReportAltert(alertMessage, analyserId.ToString()); } alertRaised = true; } return(alertRaised); }
public void ReportAltert(IDMEFMessage alertMessage, string analyzerId) { string altertMessageAsXml = IdmefMessageMapper.GetXml(alertMessage); AnalyserAlertDbAgent.InsertAlert(_connectionString, analyzerId, altertMessageAsXml); }