コード例 #1
0
 /// <summary>
 /// Updates the given model element with the cmdlet specific operation 
 /// </summary>
 /// <param name="model">A model object</param>
 protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(
     DatabaseThreatDetectionPolicyModel model)
 {
     model = base.ApplyUserInputToModel(model);
     model.ThreatDetectionState = ThreatDetectionStateType.Disabled;
     return model;
 }
コード例 #2
0
        /// <summary>
        /// Updates the given model element with the cmdlet specific operation 
        /// </summary>
        /// <param name="model">A model object</param>
        protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
        {
            base.ApplyUserInputToModel(model);

            model.ThreatDetectionState = ThreatDetectionStateType.Enabled;

            if (NotificationRecipientsEmails != null)
            {
                model.NotificationRecipientsEmails = NotificationRecipientsEmails;
            }

            if (EmailAdmins != null)
            {
                model.EmailAdmins = (bool)EmailAdmins;
            }

            ExcludedDetectionType = Util.ProcessExcludedDetectionTypes(ExcludedDetectionType);

            if (ExcludedDetectionType != null)
            {
                model.ExcludedDetectionTypes = ExcludedDetectionType.Select(s => SecurityConstants.ExcludedDetectionToExcludedDetectionTypes[s]).ToArray();
            }

            ValidateInput(model);

            return model;
        }
コード例 #3
0
        /// <summary>
        /// Updates the given model element with the cmdlet specific operation 
        /// </summary>
        /// <param name="model">A model object</param>
        protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
        {
            base.ApplyUserInputToModel(model);

            model.ThreatDetectionState = ThreatDetectionStateType.Enabled;

            if (NotificationRecipientsEmails != null)
            {
                model.NotificationRecipientsEmails = NotificationRecipientsEmails;
            }

            if (EmailAdmins != null)
            {
                model.EmailAdmins = (bool)EmailAdmins;
            }

            ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);

            if (ExcludedDetectionType != null)
            {
                model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
            }
            model.ValidateContent();
            return model;
        }
コード例 #4
0
 /// <summary>
 /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
 /// </summary>
 /// <param name="model">The SecurityAlert model object</param>
 /// <returns>The communication model object</returns>
 private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model)
 {
     var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
     var properties = PopulatePolicyProperties(model, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties;
     updateParameters.Properties = properties;
     return updateParameters;
 }
コード例 #5
0
        /// <summary>
        /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
        /// </summary>
        public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, string clientId)
        {
            if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled)
            {
                if (!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName, clientId))
                {
                    throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
                }

                // Check that auditing is turned on:
                DatabaseAuditingPolicyModel databaseAuditingPolicyModel;
                AuditingAdapter.GetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, out databaseAuditingPolicyModel);
                AuditStateType auditingState = databaseAuditingPolicyModel.AuditState;
                if (databaseAuditingPolicyModel.UseServerDefault == UseServerDefaultOptions.Enabled)
                {
                    ServerAuditingPolicyModel serverAuditingPolicyModel;
                    AuditingAdapter.GetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, clientId, out serverAuditingPolicyModel);
                    auditingState = serverAuditingPolicyModel.AuditState;
                }
                if (auditingState != AuditStateType.Enabled)
                {
                    throw new Exception(Properties.Resources.AuditingIsTurnedOff);
                }
            }

            var databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model);
            ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, databaseSecurityAlertPolicyParameters);
        }
 /// <summary>
 /// No sending is needed as this is a Get cmdlet
 /// </summary>
 /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
 protected override DatabaseThreatDetectionPolicyModel PersistChanges(DatabaseThreatDetectionPolicyModel model)
 {
     return null;
 }
コード例 #7
0
 /// <summary>
 /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
 /// </summary>
 /// <param name="model">The SecurityAlert model object</param>
 /// <returns>The communication model object</returns>
 private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model)
 {
     DatabaseSecurityAlertPolicyCreateOrUpdateParameters updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
     DatabaseSecurityAlertPolicyProperties properties = new DatabaseSecurityAlertPolicyProperties();
     updateParameters.Properties = properties;
     properties.State = PolicizeThreatDetectionState(model.ThreatDetectionState);
     properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
     properties.EmailAccountAdmins = model.EmailAdmins
         ? SecurityConstants.ThreatDetectionEndpoint.Enabled
         : SecurityConstants.ThreatDetectionEndpoint.Disabled;
     properties.DisabledAlerts = ExtractExcludedDetectionType(model);
     return updateParameters;
 }
コード例 #8
0
        /// <summary>
        /// Updates the given model with all the disabled alerts information
        /// </summary>
        private void ModelizeDisabledAlerts(DatabaseThreatDetectionPolicyModel model, string disabledAlerts)
        {
            List<string> disabledAlertsArray = disabledAlerts.Split(';').Select(p => p.Trim()).ToList();

            HashSet<DetectionType> detectionTypes = new HashSet<DetectionType>();
            if (disabledAlertsArray.Contains(SecurityConstants.Sql_Injection)) detectionTypes.Add(DetectionType.Sql_Injection);
            if (disabledAlertsArray.Contains(SecurityConstants.Sql_Injection_Vulnerability)) detectionTypes.Add(DetectionType.Sql_Injection_Vulnerability);
            if (disabledAlertsArray.Contains(SecurityConstants.Access_Anomaly)) detectionTypes.Add(DetectionType.Access_Anomaly);
            if (disabledAlertsArray.Contains(SecurityConstants.Usage_Anomaly)) detectionTypes.Add(DetectionType.Usage_Anomaly);
            model.ExcludedDetectionTypes = detectionTypes.ToArray();
        }
コード例 #9
0
 /// <summary>
 /// Transforms the given database policy object to its cmdlet model representation
 /// </summary>
 private DatabaseThreatDetectionPolicyModel ModelizeDatabaseThreatDetectionPolicy(DatabaseSecurityAlertPolicy threatDetectionPolicy)
 {
     DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = new DatabaseThreatDetectionPolicyModel();
     DatabaseSecurityAlertPolicyProperties threatDetectionProperties = threatDetectionPolicy.Properties;
     databaseThreatDetectionPolicyModel.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
     databaseThreatDetectionPolicyModel.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
     databaseThreatDetectionPolicyModel.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
     ModelizeDisabledAlerts(databaseThreatDetectionPolicyModel, threatDetectionProperties.DisabledAlerts);
     return databaseThreatDetectionPolicyModel;
 }
コード例 #10
0
        /// <summary>
        /// Preforms validity checks
        /// </summary>
        /// <param name="model">The model</param>
        private void ValidateInput(DatabaseThreatDetectionPolicyModel model)
        {
            // Validity checks:
            // 1. Check that EmailAddresses are in correct format 
            bool areEmailAddressesInCorrectFormat = AreEmailAddressesInCorrectFormat(model.NotificationRecipientsEmails);
            if (!areEmailAddressesInCorrectFormat)
            {
                throw new Exception(Properties.Resources.EmailsAreNotValid);
            }

            // 2. check that EmailAdmins is not False and NotificationRecipientsEmails is not empty
            if (!model.EmailAdmins && string.IsNullOrEmpty(model.NotificationRecipientsEmails))
            {
                throw new Exception(Properties.Resources.NeedToProvideEmail);
            }
        }
コード例 #11
0
 /// <summary>
 /// Updates the given model with all the disabled alerts information
 /// </summary>
 private void ModelizeDisabledAlerts(DatabaseThreatDetectionPolicyModel model, string disabledAlerts)
 {
     HashSet<DetectionType> detectionTypes = new HashSet<DetectionType>();
     if (disabledAlerts.IndexOf(SecurityConstants.Successful_SQLi) != -1) detectionTypes.Add(DetectionType.Successful_SQLi);
     if (disabledAlerts.IndexOf(SecurityConstants.Attempted_SQLi) != -1) detectionTypes.Add(DetectionType.Attempted_SQLi);
     if (disabledAlerts.IndexOf(SecurityConstants.Client_GEO_Anomaly) != -1) detectionTypes.Add(DetectionType.Client_GEO_Anomaly);
     if (disabledAlerts.IndexOf(SecurityConstants.Failed_Logins_Anomaly) != -1) detectionTypes.Add(DetectionType.Failed_Logins_Anomaly);
     if (disabledAlerts.IndexOf(SecurityConstants.Failed_Queries_Anomaly) != -1) detectionTypes.Add(DetectionType.Failed_Queries_Anomaly);
     if (disabledAlerts.IndexOf(SecurityConstants.Data_Extraction_Anomaly) != -1) detectionTypes.Add(DetectionType.Data_Extraction_Anomaly);
     if (disabledAlerts.IndexOf(SecurityConstants.Data_Alteration_Anomaly) != -1) detectionTypes.Add(DetectionType.Data_Alteration_Anomaly); 
     model.ExcludedDetectionTypes = detectionTypes.ToArray();
 }