public static AlienVaultReturnValues AlienVaultIP(string sDstIP)
{
var AlienVaultReturnValues = new AlienVaultReturnValues();
var lLoadedFeed = LoadReputationFeed(Application.StartupPath + "\\threat feeds\\reputation.data");
foreach (var sLoadFeedAry in from sLoadedFeed in lLoadedFeed where sLoadedFeed.Contains(sDstIP) select sLoadedFeed.Split('#'))
{
if (sLoadFeedAry[3] != null) {AlienVaultReturnValues.Activity = sLoadFeedAry[3];}
if (sLoadFeedAry[1] != null) { AlienVaultReturnValues.Reliability = Convert.ToInt16(sLoadFeedAry[1]); }
if (sLoadFeedAry[2] != null) { AlienVaultReturnValues.Risk = Convert.ToInt16(sLoadFeedAry[2]); }
return AlienVaultReturnValues;
}
return AlienVaultReturnValues;
}
public static int AlienVaultScore(AlienVaultReturnValues lAlienVaultReturnValues)
{
var lMalwareTypes = Object_Fido_Configs.GetAsString("fido.securityfeed.alienvault.malwarevalues", String.Empty).Split(',').ToList();
var iRiskScoreHigh = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.riskscorehigh", 0);
var iRiskScoreMedium = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.riskscoremedium", 0);
var iRiskScoreLow = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.riskscorelow", 0);
var iRiskWeightHigh = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.riskweighthigh", 0);
var iRiskWeightMedium = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.riskweightmedium", 0);
var iRiskWeightLow = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.riskweightlow", 0);
var iReliabilityScoreHigh = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.reliabilityscorehigh", 0);
var iReliabilityScoreMedium = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.reliabilityscoremedium", 0);
var iReliabilityScoreLow = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.reliabilityscorelow", 0);
var iReliabilityWeightHigh = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.reliabilityweighthigh", 0);
var iReliabilityWeightMedium = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.reliabilityweightmedium", 0);
var iReliabilityWeightLow = Object_Fido_Configs.GetAsInt("fido.securityfeed.alienvault.reliabilityweightlow", 0);
var iScore = 0;
// ReSharper disable once UnusedVariable for used variable in foreach loop
foreach (var sNewType in lMalwareTypes.Select(sType => sType.ToLower() == "c and c" ? "c&c" : sType).Where(sNewType => String.Equals(sNewType, lAlienVaultReturnValues.Activity, StringComparison.CurrentCultureIgnoreCase)))
{
if (lAlienVaultReturnValues.Reliability > iReliabilityScoreHigh)
{
if (lAlienVaultReturnValues.Risk > iRiskScoreHigh)
{
iScore = iRiskWeightHigh * iReliabilityWeightHigh;
}
else if (lAlienVaultReturnValues.Risk > iRiskScoreMedium)
{
iScore = iRiskWeightMedium * iReliabilityWeightHigh;
}
else if (lAlienVaultReturnValues.Risk < iRiskScoreLow)
{
iScore = iRiskWeightLow * iReliabilityWeightHigh;
}
}
else if (lAlienVaultReturnValues.Reliability > iReliabilityScoreMedium)
{
if (lAlienVaultReturnValues.Risk > iRiskScoreHigh)
{
iScore = iRiskWeightHigh * iReliabilityWeightMedium;
}
else if (lAlienVaultReturnValues.Risk > iRiskScoreMedium)
{
iScore = iRiskWeightMedium * iReliabilityWeightMedium;
}
else if (lAlienVaultReturnValues.Risk < iRiskScoreLow)
{
iScore = iRiskWeightLow * iReliabilityWeightMedium;
}
}
else if (lAlienVaultReturnValues.Reliability < iReliabilityScoreLow)
{
if (lAlienVaultReturnValues.Risk > iRiskScoreHigh)
{
iScore = iRiskWeightHigh * iReliabilityWeightLow;
}
else if (lAlienVaultReturnValues.Risk > iRiskScoreMedium)
{
iScore = iRiskWeightMedium * iReliabilityWeightLow;
}
else if (lAlienVaultReturnValues.Risk < iRiskScoreLow)
{
iScore = iRiskWeightLow * iReliabilityWeightLow;
}
}
}
return iScore;
}