private static void UpdateMachineToDB(FidoReturnValues lFidoReturnValues, string row) { var db = new SqLiteDB(); try { if (lFidoReturnValues.Landesk != null) { var data = new Dictionary <String, String> { { "hostname", lFidoReturnValues.Hostname.ToLower() }, { "os", lFidoReturnValues.Landesk.OSName.ToLower() }, { "domain", lFidoReturnValues.Landesk.Domain.ToLower() }, { "patches_critical", lFidoReturnValues.Landesk.Patches[1].ToString(CultureInfo.InvariantCulture) }, { "patches_high", lFidoReturnValues.Landesk.Patches[2].ToString(CultureInfo.InvariantCulture) }, { "patches_low", lFidoReturnValues.Landesk.Patches[3].ToString(CultureInfo.InvariantCulture) }, { "av_installed", lFidoReturnValues.Landesk.Product.ToLower() }, { "av_running", lFidoReturnValues.Landesk.AgentRunning.ToLower() }, { "av_def_ver", lFidoReturnValues.Landesk.DefInstallDate.ToLower() }, { "bit9_installed", lFidoReturnValues.Landesk.Bit9Version }, { "bit9_running", lFidoReturnValues.Landesk.Bit9Running.ToLower() }, { "machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture) } }; db.Update("event_machine", data, "primkey = " + row); } else if (lFidoReturnValues.Jamf != null) { var data = new Dictionary <String, String> { { "hostname", lFidoReturnValues.Hostname.ToLower() }, { "os", lFidoReturnValues.Jamf.OSName.ToLower() }, { "domain", string.Empty }, { "patches_critical", string.Empty }, { "patches_high", string.Empty }, { "patches_low", string.Empty }, { "av_installed", string.Empty }, { "av_running", string.Empty }, { "av_def_ver", string.Empty }, { "bit9_installed", lFidoReturnValues.Jamf.Bit9Version }, { "bit9_running", string.Empty }, { "machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture) } }; db.Update("event_machine", data, "primkey = " + row); } } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in update machine area of fidodb:" + e); } }
private static void UpdateUserToDB(FidoReturnValues lFidoReturnValues, string row) { var db = new SqLiteDB(); var data = new Dictionary <String, String> { { "username", lFidoReturnValues.Username.ToLower() }, { "fullname", lFidoReturnValues.UserInfo.Username.ToLower() }, { "email", lFidoReturnValues.UserInfo.UserEmail.ToLower() }, { "title", lFidoReturnValues.UserInfo.Title.ToLower() }, { "dept", lFidoReturnValues.UserInfo.Department.ToLower() }, { "emp_type", lFidoReturnValues.UserInfo.EmployeeType.ToLower() }, { "emp_phone", lFidoReturnValues.UserInfo.MobileNumber }, { "cube", lFidoReturnValues.UserInfo.CubeLocation.ToLower() }, { "city_state", lFidoReturnValues.UserInfo.City.ToLower() + "\\" + lFidoReturnValues.UserInfo.State.ToLower() }, { "manager", lFidoReturnValues.UserInfo.ManagerName.ToLower() }, { "manager_title", lFidoReturnValues.UserInfo.ManagerTitle.ToLower() }, { "manager_email", lFidoReturnValues.UserInfo.ManagerMail.ToLower() }, { "manager_phone", lFidoReturnValues.UserInfo.MobileNumber }, { "user_score", lFidoReturnValues.UserScore.ToString(CultureInfo.InvariantCulture) } }; try { db.Update("event_user", data, "primkey = " + row); } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in update user area of fidodb:" + e); } }
private static void UpdateThreatToDB(FidoReturnValues lFidoReturnValues, string row) { var db = new SqLiteDB(); var detector = lFidoReturnValues.CurrentDetector; var data = new Dictionary <String, String> { { "threat_dst_ip", lFidoReturnValues.DstIP }, { "threat_name", lFidoReturnValues.MalwareType.ToLower() }, { "threat_score", lFidoReturnValues.ThreatScore.ToString(CultureInfo.InvariantCulture) }, { "detector", lFidoReturnValues.CurrentDetector.ToLower() }, { "threat_url", lFidoReturnValues.BadUrLs.ToString(CultureInfo.InvariantCulture) }, { "threat_hash", lFidoReturnValues.BadHashs.ToString(CultureInfo.InvariantCulture) } }; switch (detector) { case "mps": data.Add("time_occurred", lFidoReturnValues.FireEye.EventTime); break; case "bit9": //todo: Fido.db does not have a column for filename... legacy? still needed? //data.Add("file_name", lFidoReturnValues.Bit9.FileName); break; case "antivirus": data.Add("time_occurred", lFidoReturnValues.Antivirus.EventTime); data.Add("action_taken", lFidoReturnValues.Antivirus.ActionTaken); data.Add("file_name", lFidoReturnValues.Antivirus.FileName); data.Add("threat_status", lFidoReturnValues.Antivirus.Status); break; case "cyphortv2": data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime); break; case "cyphortv3": data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime); break; case "protectwisev1": data.Add("time_occurred", lFidoReturnValues.ProtectWise.EventTime); break; case "panv1": data.Add("time_occurred", lFidoReturnValues.PaloAlto.EventTime); break; case "carbonblackv1": data.Add("time_occurred", lFidoReturnValues.CB.Alert.EventTime); break; } db.Update("event_threat", data, "primkey = " + row); }
private static void UpdateUserToDB(FidoReturnValues lFidoReturnValues, string row) { var db = new SqLiteDB(); var data = new Dictionary<String, String> { {"username", lFidoReturnValues.Username.ToLower()}, {"fullname", lFidoReturnValues.UserInfo.Username.ToLower()}, {"email", lFidoReturnValues.UserInfo.UserEmail.ToLower()}, {"title", lFidoReturnValues.UserInfo.Title.ToLower()}, {"dept", lFidoReturnValues.UserInfo.Department.ToLower()}, {"emp_type", lFidoReturnValues.UserInfo.EmployeeType.ToLower()}, {"emp_phone", lFidoReturnValues.UserInfo.MobileNumber}, {"cube", lFidoReturnValues.UserInfo.CubeLocation.ToLower()}, {"city_state", lFidoReturnValues.UserInfo.City.ToLower() + "\\" + lFidoReturnValues.UserInfo.State.ToLower()}, {"manager", lFidoReturnValues.UserInfo.ManagerName.ToLower()}, {"manager_title", lFidoReturnValues.UserInfo.ManagerTitle.ToLower()}, {"manager_email", lFidoReturnValues.UserInfo.ManagerMail.ToLower()}, {"manager_phone", lFidoReturnValues.UserInfo.MobileNumber}, {"user_score", lFidoReturnValues.UserScore.ToString(CultureInfo.InvariantCulture)} }; try { db.Update("event_user", data, "primkey = " + row); } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in update user area of fidodb:" + e); } }
private static void UpdateThreatToDB(FidoReturnValues lFidoReturnValues, string row) { var db = new SqLiteDB(); var detector = lFidoReturnValues.CurrentDetector; var data = new Dictionary<String, String> { {"threat_dst_ip", lFidoReturnValues.DstIP}, {"threat_name", lFidoReturnValues.MalwareType.ToLower()}, {"threat_score", lFidoReturnValues.ThreatScore.ToString(CultureInfo.InvariantCulture)}, {"detector", lFidoReturnValues.CurrentDetector.ToLower()}, {"threat_url", lFidoReturnValues.BadUrLs.ToString(CultureInfo.InvariantCulture)}, {"threat_hash", lFidoReturnValues.BadHashs.ToString(CultureInfo.InvariantCulture)} }; switch (detector) { case "mps": data.Add("time_occurred", lFidoReturnValues.FireEye.EventTime); break; case "bit9": //todo: Fido.db does not have a column for filename... legacy? still needed? //data.Add("file_name", lFidoReturnValues.Bit9.FileName); break; case "antivirus": data.Add("time_occurred", lFidoReturnValues.Antivirus.EventTime); data.Add("action_taken", lFidoReturnValues.Antivirus.ActionTaken); data.Add("file_name", lFidoReturnValues.Antivirus.FileName); data.Add("threat_status", lFidoReturnValues.Antivirus.Status); break; case "cyphortv2": data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime); break; case "cyphortv3": data.Add("time_occurred", lFidoReturnValues.Cyphort.EventTime); break; case "protectwisev1": data.Add("time_occurred", lFidoReturnValues.ProtectWise.EventTime); break; case "panv1": data.Add("time_occurred", lFidoReturnValues.PaloAlto.EventTime); break; case "carbonblackv1": data.Add("time_occurred", lFidoReturnValues.CB.Alert.EventTime); break; } db.Update("event_threat", data, "primkey = " + row); }
private static void UpdateMachineToDB(FidoReturnValues lFidoReturnValues, string row) { var db = new SqLiteDB(); try { if (lFidoReturnValues.Landesk != null) { var data = new Dictionary<String, String> { {"hostname", lFidoReturnValues.Hostname.ToLower()}, {"os", lFidoReturnValues.Landesk.OSName.ToLower()}, {"domain", lFidoReturnValues.Landesk.Domain.ToLower()}, {"patches_critical", lFidoReturnValues.Landesk.Patches[1].ToString(CultureInfo.InvariantCulture)}, {"patches_high", lFidoReturnValues.Landesk.Patches[2].ToString(CultureInfo.InvariantCulture)}, {"patches_low", lFidoReturnValues.Landesk.Patches[3].ToString(CultureInfo.InvariantCulture)}, {"av_installed", lFidoReturnValues.Landesk.Product.ToLower()}, {"av_running", lFidoReturnValues.Landesk.AgentRunning.ToLower()}, {"av_def_ver", lFidoReturnValues.Landesk.DefInstallDate.ToLower()}, {"bit9_installed", lFidoReturnValues.Landesk.Bit9Version}, {"bit9_running", lFidoReturnValues.Landesk.Bit9Running.ToLower()}, {"machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture)} }; db.Update("event_machine", data, "primkey = " + row); } else if (lFidoReturnValues.Jamf != null) { var data = new Dictionary<String, String> { {"hostname", lFidoReturnValues.Hostname.ToLower()}, {"os", lFidoReturnValues.Jamf.OSName.ToLower()}, {"domain", string.Empty}, {"patches_critical", string.Empty}, {"patches_high", string.Empty}, {"patches_low", string.Empty}, {"av_installed", string.Empty}, {"av_running", string.Empty}, {"av_def_ver", string.Empty}, {"bit9_installed", lFidoReturnValues.Jamf.Bit9Version}, {"bit9_running", string.Empty}, {"machine_score", lFidoReturnValues.MachineScore.ToString(CultureInfo.InvariantCulture)} }; db.Update("event_machine", data, "primkey = " + row); } } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in update machine area of fidodb:" + e); } }