private static void UpdateMachineToDB(FidoReturnValues lFidoReturnValues, string row)
{
var db = new SqLiteDB();
try
{
if (lFidoReturnValues.Landesk != null)
{
var data = new Dictionary <String, String>
{
{ "hostname", lFidoReturnValues.Hostname.ToLower() },
{ "os", lFidoReturnValues.Landesk.OSName.ToLower() },
{ "domain", lFidoReturnValues.Landesk.Domain.ToLower() },
{ "patches_critical", lFidoReturnValues.Landesk.Patches[1].ToString(CultureInfo.InvariantCulture) },
{ "patches_high", lFidoReturnValues.Landesk.Patches[2].ToString(CultureInfo.InvariantCulture) },
{ "patches_low", lFidoReturnValues.Landesk.Patches[3].ToString(CultureInfo.InvariantCulture) },
{ "av_installed", lFidoReturnValues.Landesk.Product.ToLower() },
{ "av_running", lFidoReturnValues.Landesk.AgentRunning.ToLower() },
{ "av_def_ver", lFidoReturnValues.Landesk.DefInstallDate.ToLower() },
{ "bit9_installed", lFidoReturnValues.Landesk.Bit9Version },
{ "bit9_running", lFidoReturnValues.Landesk.Bit9Running.ToLower() },
{ "machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture) }
};
db.Update("event_machine", data, "primkey = " + row);
}
else if (lFidoReturnValues.Jamf != null)
{
var data = new Dictionary <String, String>
{
{ "hostname", lFidoReturnValues.Hostname.ToLower() },
{ "os", lFidoReturnValues.Jamf.OSName.ToLower() },
{ "domain", string.Empty },
{ "patches_critical", string.Empty },
{ "patches_high", string.Empty },
{ "patches_low", string.Empty },
{ "av_installed", string.Empty },
{ "av_running", string.Empty },
{ "av_def_ver", string.Empty },
{ "bit9_installed", lFidoReturnValues.Jamf.Bit9Version },
{ "bit9_running", string.Empty },
{ "machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture) }
};
db.Update("event_machine", data, "primkey = " + row);
}
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error",
"Fido Failed: {0} Exception caught in update machine area of fidodb:" + e);
}
}
private static void UpdateUserToDB(FidoReturnValues lFidoReturnValues, string row)
{
var db = new SqLiteDB();
var data = new Dictionary <String, String>
{
{ "username", lFidoReturnValues.Username.ToLower() },
{ "fullname", lFidoReturnValues.UserInfo.Username.ToLower() },
{ "email", lFidoReturnValues.UserInfo.UserEmail.ToLower() },
{ "title", lFidoReturnValues.UserInfo.Title.ToLower() },
{ "dept", lFidoReturnValues.UserInfo.Department.ToLower() },
{ "emp_type", lFidoReturnValues.UserInfo.EmployeeType.ToLower() },
{ "emp_phone", lFidoReturnValues.UserInfo.MobileNumber },
{ "cube", lFidoReturnValues.UserInfo.CubeLocation.ToLower() },
{ "city_state", lFidoReturnValues.UserInfo.City.ToLower() + "\\" + lFidoReturnValues.UserInfo.State.ToLower() },
{ "manager", lFidoReturnValues.UserInfo.ManagerName.ToLower() },
{ "manager_title", lFidoReturnValues.UserInfo.ManagerTitle.ToLower() },
{ "manager_email", lFidoReturnValues.UserInfo.ManagerMail.ToLower() },
{ "manager_phone", lFidoReturnValues.UserInfo.MobileNumber },
{ "user_score", lFidoReturnValues.UserScore.ToString(CultureInfo.InvariantCulture) }
};
try
{
db.Update("event_user", data, "primkey = " + row);
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in update user area of fidodb:" + e);
}
}
private static void UpdateThreatToDB(FidoReturnValues lFidoReturnValues, string row)
{
var db = new SqLiteDB();
var detector = lFidoReturnValues.CurrentDetector;
var data = new Dictionary <String, String>
{
{ "threat_dst_ip", lFidoReturnValues.DstIP },
{ "threat_name", lFidoReturnValues.MalwareType.ToLower() },
{ "threat_score", lFidoReturnValues.ThreatScore.ToString(CultureInfo.InvariantCulture) },
{ "detector", lFidoReturnValues.CurrentDetector.ToLower() },
{ "threat_url", lFidoReturnValues.BadUrLs.ToString(CultureInfo.InvariantCulture) },
{ "threat_hash", lFidoReturnValues.BadHashs.ToString(CultureInfo.InvariantCulture) }
};
switch (detector)
{
case "mps":
data.Add("time_occurred", lFidoReturnValues.FireEye.EventTime);
break;
case "bit9":
//todo: Fido.db does not have a column for filename... legacy? still needed?
//data.Add("file_name", lFidoReturnValues.Bit9.FileName);
break;
case "antivirus":
data.Add("time_occurred", lFidoReturnValues.Antivirus.EventTime);
data.Add("action_taken", lFidoReturnValues.Antivirus.ActionTaken);
data.Add("file_name", lFidoReturnValues.Antivirus.FileName);
data.Add("threat_status", lFidoReturnValues.Antivirus.Status);
break;
case "cyphortv2":
data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime);
break;
case "cyphortv3":
data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime);
break;
case "protectwisev1":
data.Add("time_occurred", lFidoReturnValues.ProtectWise.EventTime);
break;
case "panv1":
data.Add("time_occurred", lFidoReturnValues.PaloAlto.EventTime);
break;
case "carbonblackv1":
data.Add("time_occurred", lFidoReturnValues.CB.Alert.EventTime);
break;
}
db.Update("event_threat", data, "primkey = " + row);
}
private static void UpdateUserToDB(FidoReturnValues lFidoReturnValues, string row)
{
var db = new SqLiteDB();
var data = new Dictionary<String, String>
{
{"username", lFidoReturnValues.Username.ToLower()},
{"fullname", lFidoReturnValues.UserInfo.Username.ToLower()},
{"email", lFidoReturnValues.UserInfo.UserEmail.ToLower()},
{"title", lFidoReturnValues.UserInfo.Title.ToLower()},
{"dept", lFidoReturnValues.UserInfo.Department.ToLower()},
{"emp_type", lFidoReturnValues.UserInfo.EmployeeType.ToLower()},
{"emp_phone", lFidoReturnValues.UserInfo.MobileNumber},
{"cube", lFidoReturnValues.UserInfo.CubeLocation.ToLower()},
{"city_state", lFidoReturnValues.UserInfo.City.ToLower() + "\\" + lFidoReturnValues.UserInfo.State.ToLower()},
{"manager", lFidoReturnValues.UserInfo.ManagerName.ToLower()},
{"manager_title", lFidoReturnValues.UserInfo.ManagerTitle.ToLower()},
{"manager_email", lFidoReturnValues.UserInfo.ManagerMail.ToLower()},
{"manager_phone", lFidoReturnValues.UserInfo.MobileNumber},
{"user_score", lFidoReturnValues.UserScore.ToString(CultureInfo.InvariantCulture)}
};
try
{
db.Update("event_user", data, "primkey = " + row);
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in update user area of fidodb:" + e);
}
}
private static void UpdateThreatToDB(FidoReturnValues lFidoReturnValues, string row)
{
var db = new SqLiteDB();
var detector = lFidoReturnValues.CurrentDetector;
var data = new Dictionary<String, String>
{
{"threat_dst_ip", lFidoReturnValues.DstIP},
{"threat_name", lFidoReturnValues.MalwareType.ToLower()},
{"threat_score", lFidoReturnValues.ThreatScore.ToString(CultureInfo.InvariantCulture)},
{"detector", lFidoReturnValues.CurrentDetector.ToLower()},
{"threat_url", lFidoReturnValues.BadUrLs.ToString(CultureInfo.InvariantCulture)},
{"threat_hash", lFidoReturnValues.BadHashs.ToString(CultureInfo.InvariantCulture)}
};
switch (detector)
{
case "mps":
data.Add("time_occurred", lFidoReturnValues.FireEye.EventTime);
break;
case "bit9":
//todo: Fido.db does not have a column for filename... legacy? still needed?
//data.Add("file_name", lFidoReturnValues.Bit9.FileName);
break;
case "antivirus":
data.Add("time_occurred", lFidoReturnValues.Antivirus.EventTime);
data.Add("action_taken", lFidoReturnValues.Antivirus.ActionTaken);
data.Add("file_name", lFidoReturnValues.Antivirus.FileName);
data.Add("threat_status", lFidoReturnValues.Antivirus.Status);
break;
case "cyphortv2":
data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime);
break;
case "cyphortv3":
data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime);
break;
case "protectwisev1":
data.Add("time_occurred", lFidoReturnValues.ProtectWise.EventTime);
break;
case "panv1":
data.Add("time_occurred", lFidoReturnValues.PaloAlto.EventTime);
break;
case "carbonblackv1":
data.Add("time_occurred", lFidoReturnValues.CB.Alert.EventTime);
break;
}
db.Update("event_threat", data, "primkey = " + row);
}
private static void UpdateMachineToDB(FidoReturnValues lFidoReturnValues, string row)
{
var db = new SqLiteDB();
try
{
if (lFidoReturnValues.Landesk != null)
{
var data = new Dictionary<String, String>
{
{"hostname", lFidoReturnValues.Hostname.ToLower()},
{"os", lFidoReturnValues.Landesk.OSName.ToLower()},
{"domain", lFidoReturnValues.Landesk.Domain.ToLower()},
{"patches_critical", lFidoReturnValues.Landesk.Patches[1].ToString(CultureInfo.InvariantCulture)},
{"patches_high", lFidoReturnValues.Landesk.Patches[2].ToString(CultureInfo.InvariantCulture)},
{"patches_low", lFidoReturnValues.Landesk.Patches[3].ToString(CultureInfo.InvariantCulture)},
{"av_installed", lFidoReturnValues.Landesk.Product.ToLower()},
{"av_running", lFidoReturnValues.Landesk.AgentRunning.ToLower()},
{"av_def_ver", lFidoReturnValues.Landesk.DefInstallDate.ToLower()},
{"bit9_installed", lFidoReturnValues.Landesk.Bit9Version},
{"bit9_running", lFidoReturnValues.Landesk.Bit9Running.ToLower()},
{"machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture)}
};
db.Update("event_machine", data, "primkey = " + row);
}
else if (lFidoReturnValues.Jamf != null)
{
var data = new Dictionary<String, String>
{
{"hostname", lFidoReturnValues.Hostname.ToLower()},
{"os", lFidoReturnValues.Jamf.OSName.ToLower()},
{"domain", string.Empty},
{"patches_critical", string.Empty},
{"patches_high", string.Empty},
{"patches_low", string.Empty},
{"av_installed", string.Empty},
{"av_running", string.Empty},
{"av_def_ver", string.Empty},
{"bit9_installed", lFidoReturnValues.Jamf.Bit9Version},
{"bit9_running", string.Empty},
{"machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture)}
};
db.Update("event_machine", data, "primkey = " + row);
}
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error",
"Fido Failed: {0} Exception caught in update machine area of fidodb:" + e);
}
}