Exemplo n.º 1
0
        private static void GetCyphortIncident(FidoReturnValues lFidoReturnValues)
        {
            Console.WriteLine(@"Pulling Cyphort incident details.");
            //currently needed to bypass site without a valid cert.
            //todo: make ssl bypass configurable
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("cyphortv3");
            var request      = parseConfigs.Server + parseConfigs.Query2 + parseConfigs.APIKey;

            request = request.Replace("%incidentid%", lFidoReturnValues.Cyphort.IncidentID);
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method = "GET";
            try
            {
                using (var cyphortResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (cyphortResponse != null && cyphortResponse.StatusCode == HttpStatusCode.OK)
                    {
                        lFidoReturnValues = getResponseStream(cyphortResponse.GetResponseStream(), lFidoReturnValues);
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in Cyphortv3 Detector getting json:" + e);
            }
        }
Exemplo n.º 2
0
        private static void GetCyphortIncident(FidoReturnValues lFidoReturnValues)
        {
            Console.WriteLine(@"Pulling Cyphort incident details.");
            //currently needed to bypass site without a valid cert.
            //todo: make ssl bypass configurable
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("cyphortv3");
            var request      = parseConfigs.Server + parseConfigs.Query2 + parseConfigs.APIKey;

            request = request.Replace("%incidentid%", lFidoReturnValues.Cyphort.IncidentID);
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method = "GET";
            try
            {
                using (var cyphortResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (cyphortResponse == null || cyphortResponse.StatusCode != HttpStatusCode.OK)
                    {
                        return;
                    }
                    using (var respStream = cyphortResponse.GetResponseStream())
                    {
                        if (respStream == null)
                        {
                            return;
                        }
                        var cyphortReader = new StreamReader(respStream, Encoding.UTF8);
                        var stringreturn  = cyphortReader.ReadToEnd();
                        var cyphortReturn = JsonConvert.DeserializeObject <Object_Cyphort_Class.CyphortIncident>(stringreturn);
                        if (cyphortReturn.Incident == null)
                        {
                            return;
                        }
                        lFidoReturnValues.Cyphort.IncidentDetails = new Object_Cyphort_Class.CyphortIncident();
                        lFidoReturnValues.Cyphort.IncidentDetails = cyphortReturn;

                        ChangeDNSName(lFidoReturnValues);

                        if (lFidoReturnValues.Cyphort.IncidentDetails.Incident.Has_download == "1")
                        {
                            lFidoReturnValues = FormatDownloadReturnValues(lFidoReturnValues);
                        }

                        if (lFidoReturnValues.Cyphort.IncidentDetails.Incident.Has_infection == "1")
                        {
                            lFidoReturnValues = FormatInfectionReturnValues(lFidoReturnValues);
                        }

                        DoesNotChangeAnyThing(lFidoReturnValues);
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in Cyphortv3 Detector getting json:" + e);
            }
        }
Exemplo n.º 3
0
        private static void CloseCarbonBlackAlert(FidoReturnValues lFidoReturnValues)
        {
            Console.WriteLine(@"Closing CarbonBlack event for: " + lFidoReturnValues.AlertID + @".");
            //currently needed to bypass site without a valid cert.
            //todo: make ssl bypass configurable
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("carbonblackv1");
            var request      = parseConfigs.Server + parseConfigs.Query2 + lFidoReturnValues.AlertID + parseConfigs.Query3;
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method      = "POST";
            alertRequest.ContentType = "application/json";
            alertRequest.Headers[@"X-Auth-Token"] = parseConfigs.APIKey;
            try
            {
                using (var cbResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (cbResponse != null && cbResponse.StatusCode == HttpStatusCode.OK)
                    {
                        using (var respStream = cbResponse.GetResponseStream())
                        {
                            if (respStream == null)
                            {
                                return;
                            }
                            var cbReader     = new StreamReader(respStream, Encoding.UTF8);
                            var stringreturn = cbReader.ReadToEnd();
                            if (stringreturn == "[]")
                            {
                                return;
                            }
                            var cbReturn = JsonConvert.DeserializeObject <Object_CarbonBlack_Alert_Class.CarbonBlack>(stringreturn);
                            if (cbReturn != null)
                            {
                                ParseCarbonBlackAlert(cbReturn);
                            }
                            var responseStream = cbResponse.GetResponseStream();
                            if (responseStream != null)
                            {
                                responseStream.Dispose();
                            }
                            cbResponse.Close();
                            Console.WriteLine(@"Finished retreiving CB alerts.");
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in Carbon Black alert area:" + e);
            }
        }
Exemplo n.º 4
0
        public static void GetProtectWiseEvents()
        {
            Console.WriteLine(@"Running ProtectWise v1 detector.");
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("protectwisev1-event");
            var getTime      = DateTime.Now.ToUniversalTime();
            var timer        = parseConfigs.Query3.Trim();
            var timeRange    = Convert.ToDouble(timer) * -1;
            var oldtime      = getTime.AddMinutes(timeRange);
            var currentTime  = ToEpochTime(getTime).ToString(CultureInfo.InvariantCulture) + "000";
            var newoldtime   = ToEpochTime(oldtime).ToString(CultureInfo.InvariantCulture) + "000";
            var request      = parseConfigs.Server + parseConfigs.Query.Replace("%currenttime%", currentTime).Replace("%minustime%", newoldtime);
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Headers[@"X-Access-Token"] = parseConfigs.APIKey;
            alertRequest.Method = "GET";
            try
            {
                using (var protectwiseResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (protectwiseResponse != null && protectwiseResponse.StatusCode == HttpStatusCode.OK)
                    {
                        using (var respStream = protectwiseResponse.GetResponseStream())
                        {
                            if (respStream == null)
                            {
                                return;
                            }
                            var protectwiseReader = new StreamReader(respStream, Encoding.UTF8);
                            var stringreturn      = protectwiseReader.ReadToEnd();
                            var protectwiseReturn = JsonConvert.DeserializeObject <Object_ProtectWise_Threat_ConfigClass.ProtectWise_Events>(stringreturn);
                            if (protectwiseReturn.Events != null)
                            {
                                ParseProtectWiseEvent(protectwiseReturn);
                            }

                            var responseStream = protectwiseResponse.GetResponseStream();
                            if (responseStream != null)
                            {
                                responseStream.Dispose();
                            }
                            protectwiseResponse.Close();
                            Console.WriteLine(@"Finished processing ProtectWise events detector.");
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in ProtectWise v1 Detector when getting json:" + e);
            }
        }
Exemplo n.º 5
0
        public static void RunPANJob(string jobID)
        {
            Console.WriteLine(@"Running PAN job " + jobID + @".");
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return(true); });

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("panv1");
            var request      = parseConfigs.Server + parseConfigs.Query2 + parseConfigs.APIKey;

            request = request.Replace("%jobid%", jobID);
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Timeout = 180000;
            alertRequest.Method  = "GET";
            try
            {
                using (var panResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (panResponse != null && panResponse.StatusCode == HttpStatusCode.OK)
                    {
                        using (var respStream = panResponse.GetResponseStream())
                        {
                            if (respStream == null)
                            {
                                return;
                            }
                            var panReader    = new StreamReader(respStream, Encoding.UTF8);
                            var stringreturn = panReader.ReadToEnd();

                            if (stringreturn.TrimStart().StartsWith("<"))
                            {
                                XmlDocument doc = new XmlDocument();
                                doc.LoadXml(stringreturn);
                                stringreturn = JsonConvert.SerializeXmlNode(doc, Formatting.None, true);
                            }
                            var panReturn = JsonConvert.DeserializeObject <Object_PaloAlto_Class.PanReturn>(stringreturn);
                            if ((panReturn == null) || (panReturn.Result.Log.Logs.Entry == null))
                            {
                                return;
                            }
                            ParsePan(panReturn);
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in PAN v1 Detector getting json:" + e);
            }
        }
Exemplo n.º 6
0
        public static void GetPANJob()
        {
            Console.WriteLine(@"Running PAN v1 detector.");
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return(true); });

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("panv1");
            var request      = parseConfigs.Server + parseConfigs.Query + parseConfigs.APIKey;
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method = "GET";
            try
            {
                using (var panResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (panResponse != null && panResponse.StatusCode == HttpStatusCode.OK)
                    {
                        using (var respStream = panResponse.GetResponseStream())
                        {
                            if (respStream == null)
                            {
                                return;
                            }
                            var panReader    = new StreamReader(respStream, Encoding.UTF8);
                            var stringreturn = panReader.ReadToEnd();

                            if (stringreturn.TrimStart().StartsWith("<"))
                            {
                                XmlDocument doc = new XmlDocument();
                                doc.LoadXml(stringreturn);
                                stringreturn = JsonConvert.SerializeXmlNode(doc, Formatting.None, true);
                            }
                            var panReturn = JsonConvert.DeserializeObject <Object_PaloAlto_Class.GetJob>(stringreturn);
                            if (string.IsNullOrEmpty(panReturn.Result.Job))
                            {
                                return;
                            }
                            //We need to let the PAN finish processing the request before trying to pull the report
                            Thread.Sleep(10000);
                            RunPANJob(panReturn.Result.Job);
                            Console.WriteLine(@"Finished processing PAN v1 detector.");
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in PAN v1 Detector getting json:" + e);
            }
        }
Exemplo n.º 7
0
        //This function will grab the API information and build a query string.
        //Then it will assign the json return to an object. If any of the objects
        //have a value they will be sent to ParseCyphort helper function.
        public static void GetCyphortAlerts()
        {
            Console.WriteLine(@"Running Cyphort v2 detector.");

            //currently needed to bypass site without a valid cert.
            //todo: make ssl bypass configurable
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("cyphortv2");
            var request      = parseConfigs.Server + parseConfigs.Query + parseConfigs.APIKey;
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method = "GET";
            try
            {
                using (var cyphortResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (cyphortResponse != null && cyphortResponse.StatusCode == HttpStatusCode.OK)
                    {
                        using (var respStream = cyphortResponse.GetResponseStream())
                        {
                            if (respStream == null)
                            {
                                return;
                            }
                            var cyphortReader = new StreamReader(respStream, Encoding.UTF8);
                            var stringreturn  = cyphortReader.ReadToEnd();
                            var cyphortReturn = JsonConvert.DeserializeObject <CyphortClass>(stringreturn);
                            if (cyphortReturn.correlations_array.Any() | cyphortReturn.infections_array.Any() | cyphortReturn.downloads_array.Any())
                            {
                                ParseCyphort(cyphortReturn);
                            }
                            var responseStream = cyphortResponse.GetResponseStream();
                            if (responseStream != null)
                            {
                                responseStream.Dispose();
                            }
                            cyphortResponse.Close();
                            Console.WriteLine(@"Finished processing Cyphort detector.");
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in Cyphort Detector getting json:" + e);
            }
        }
Exemplo n.º 8
0
        private static void ParseProtectWiseEvent(Object_ProtectWise_Threat_ConfigClass.ProtectWise_Events protectWiseReturn)
        {
            protectWiseReturn.Events = protectWiseReturn.Events.Reverse().ToArray();
            foreach (var pevent in protectWiseReturn.Events)
            {
                Console.WriteLine(@"Gathering ProtectWise observations for event: " + pevent.Message + @".");
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
                var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("protectwisev1-event");
                var request      = parseConfigs.Server + parseConfigs.Query2 + pevent.Id;
                var alertRequest = (HttpWebRequest)WebRequest.Create(request);
                alertRequest.Headers[@"X-Access-Token"] = parseConfigs.APIKey;
                alertRequest.Method = "GET";
                try
                {
                    using (var protectwiseResponse = alertRequest.GetResponse() as HttpWebResponse)
                    {
                        if (protectwiseResponse != null && protectwiseResponse.StatusCode == HttpStatusCode.OK)
                        {
                            using (var respStream = protectwiseResponse.GetResponseStream())
                            {
                                if (respStream == null)
                                {
                                    return;
                                }
                                var protectwiseReader = new StreamReader(respStream, Encoding.UTF8);
                                var stringreturn      = protectwiseReader.ReadToEnd();
                                var protectwiseReturn = JsonConvert.DeserializeObject <Object_ProtectWise_Threat_ConfigClass.ProtectWise_Search_Event>(stringreturn);
                                if (protectwiseReturn != null)
                                {
                                    ParseProtectWiseObservation(protectwiseReturn, pevent.Message);
                                }

                                var responseStream = protectwiseResponse.GetResponseStream();
                                if (responseStream != null)
                                {
                                    responseStream.Dispose();
                                }
                                protectwiseResponse.Close();
                            }
                        }
                    }
                }
                catch (Exception e)
                {
                    Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in ProtectWise v1 Detector when getting json:" + e);
                }
            }
        }
Exemplo n.º 9
0
        private static HttpWebRequest CreateHttpWebRequest(FidoReturnValues lFidoReturnValues)
        {
            //currently needed to bypass site without a valid cert.
            //todo: make ssl bypass configurable
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("cyphortv3");
            var request      = parseConfigs.Server + parseConfigs.Query2 + parseConfigs.APIKey;

            request = request.Replace("%incidentid%", lFidoReturnValues.Cyphort.IncidentID);
            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method = "GET";

            return(alertRequest);
        }
Exemplo n.º 10
0
        //The load will grab configurations for what FIDO is monitoring,
        //then go to each configured external system to parse any alerts.
        //Finally, FIDO is configured to pause per iteration on a
        //configurable timed basis.
        private void Fido_Load(object sender, EventArgs aug)
        {
            DisableCurrentTime();
            CheckIfFidoConfigurationExists();

            //Load fido configs from database
            Object_Fido_Configs.LoadConfigFromDb("config");

            var sysLogParams = GetSysLogParams();

            try
            {
                Console.WriteLine(isParamTest ? @"Running test configs." : @"Running production configs.");

                foreach (var detect in sysLogParams[detectors])
                {
                    var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs(detect);
                    //Get the detector, ie, email, log, web service, etc.
                    var sDetectorType = parseConfigs.DetectorType;
                    switch (sDetectorType)
                    {
                    case "api":
                        Console.WriteLine(@"Loading webservice receiver.");
                        Recieve_API.DirectToEngine(sDetectorType, detect);
                        break;

                    case "log":
                        Console.WriteLine(@"Loaded log receiver.");
                        var sDefaultServer = parseConfigs.Server;
                        var sDefaultFile   = parseConfigs.File;
                        var sVendor        = parseConfigs.Vendor;
                        Receive_Logging.DirectToEngine(detect, sVendor, sDefaultServer, sDefaultFile, isParamTest);
                        break;

                    case "sql":
                        Console.WriteLine(@"Loaded sql receiver.");
                        Receive_SQL.DirectToEngine(sDetectorType, detect);
                        break;

                    case "email":
                        Console.WriteLine(@"Loaded email receiver.");
                        var sEmailVendor     = Object_Fido_Configs.GetAsString("fido.email.vendor", "imap");
                        var sDetectorsEmail  = parseConfigs.EmailFrom;
                        var sDetectorsFolder = parseConfigs.Folder;
                        Receive_Email.ReadEmail(sEmailVendor, sDetectorsFolder, null, sDetectorsEmail, isParamTest);
                        break;
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in fidomain area:" + e);
            }

            //Sleep for X # of seconds per iteration specified in Fido configuration
            Application.DoEvents();
            var iSleep = Object_Fido_Configs.GetAsInt("fido.application.sleepiteration", 5);

            Console.WriteLine(@"Fido processing complete... sleeping for " + (iSleep / 1000).ToString(CultureInfo.InvariantCulture) + @" seconds.");
            Thread.Sleep(iSleep);
            timer1.Enabled = true;
        }
Exemplo n.º 11
0
        public static void GetCarbonBlackHost(string parameter, bool isParameter)
        {
            Console.WriteLine(@"Gathering alert data from Carbon Black.");
            //currently needed to bypass site without a valid cert.
            //todo: make ssl bypass configurable
            ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
            ServicePointManager.ServerCertificateValidationCallback = delegate { return(true); };

            var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs("carbonblackv1");
            var request      = parseConfigs.Server + parseConfigs.Query;

            if (isParameter)
            {
                request = parameter;
            }

            var alertRequest = (HttpWebRequest)WebRequest.Create(request);

            alertRequest.Method = "GET";
            alertRequest.Headers[@"X-Auth-Token"] = parseConfigs.APIKey;
            try
            {
                using (var cbResponse = alertRequest.GetResponse() as HttpWebResponse)
                {
                    if (cbResponse != null && cbResponse.StatusCode == HttpStatusCode.OK)
                    {
                        using (var respStream = cbResponse.GetResponseStream())
                        {
                            if (respStream == null)
                            {
                                return;
                            }
                            var cbReader     = new StreamReader(respStream, Encoding.UTF8);
                            var stringreturn = cbReader.ReadToEnd();
                            if (stringreturn == "[]")
                            {
                                return;
                            }
                            var cbReturn = JsonConvert.DeserializeObject <Object_CarbonBlack_Alert_Class.CarbonBlack>(stringreturn);
                            if (cbReturn != null)
                            {
                                if (cbReturn.Total_Results >= 25)
                                {
                                    Console.WriteLine(@"Currently parsing items " + cbReturn.Start + @" to " + (cbReturn.Start + 25) + @" out of " + cbReturn.Total_Results + @" total Carbon Black alerts.");
                                    ParseCarbonBlackAlert(cbReturn);
                                    GetCarbonBlackHost(parseConfigs.Server + "/api/v1/alert?q=&cb.fq.status=Unresolved&sort=alert_severity desc&rows=25&start=" + (cbReturn.Start + 25), true);
                                }
                                Console.WriteLine(@"Currently parsing items " + cbReturn.Start + @" to " + (cbReturn.Start + 25) + @" out of " + cbReturn.Total_Results + @" total Carbon Black alerts.");
                                ParseCarbonBlackAlert(cbReturn);
                            }
                            var responseStream = cbResponse.GetResponseStream();
                            if (responseStream != null)
                            {
                                responseStream.Dispose();
                            }
                            cbResponse.Close();
                            Console.WriteLine(@"Finished retreiving CB alerts.");
                        }
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in Carbon Black alert area:" + e);
            }
        }
Exemplo n.º 12
0
        //The load will grab configurations for what FIDO is monitoring,
        //then go to each configured external system to parse any alerts.
        //Finally, FIDO is configured to pause per iteration on a
        //configurable timed basis.
        private void Fido_Load(object sender, EventArgs aug)
        {
            //Disabled the current time during current iteration.
            timer1.Enabled = false;
            Hide();

            if (!ConfigurationOK())
            {
                Application.Exit();
            }


            SetupSyslog();

            //Beginning of primary area which starts parsing of alerts.
            var isParamTest = Object_Fido_Configs.GetAsBool("fido.application.teststartup", true);
            var sDetectors  = Object_Fido_Configs.GetAsString("fido.application.detectors", string.Empty).Split(',');

            try
            {
                Console.WriteLine(isParamTest ? @"Running test configs." : @"Running production configs.");

                foreach (var detect in sDetectors)
                {
                    var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs(detect);
                    //Get the detector, ie, email, log, web service, etc.
                    var sDetectorType = parseConfigs.DetectorType;
                    switch (sDetectorType)
                    {
                    case "api":
                        Console.WriteLine(@"Loading webservice receiver.");
                        Recieve_API.DirectToEngine(sDetectorType, detect);
                        break;

                    case "log":
                        Console.WriteLine(@"Loaded log receiver.");
                        var sDefaultServer = parseConfigs.Server;
                        var sDefaultFile   = parseConfigs.File;
                        var sVendor        = parseConfigs.Vendor;
                        Receive_Logging.DirectToEngine(detect, sVendor, sDefaultServer, sDefaultFile, isParamTest);
                        break;

                    case "sql":
                        Console.WriteLine(@"Loaded sql receiver.");
                        Receive_SQL.DirectToEngine(sDetectorType, detect);
                        break;

                    case "email":
                        Console.WriteLine(@"Loaded email receiver.");
                        var sEmailVendor     = Object_Fido_Configs.GetAsString("fido.email.vendor", "imap");
                        var sDetectorsEmail  = parseConfigs.EmailFrom;
                        var sDetectorsFolder = parseConfigs.Folder;
                        Receive_Email.ReadEmail(sEmailVendor, sDetectorsFolder, null, sDetectorsEmail, isParamTest);
                        break;
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in fidomain area:" + e);
            }

            //Sleep for X # of seconds per iteration specified in Fido configuration
            Application.DoEvents();
            var iSleep = Object_Fido_Configs.GetAsInt("fido.application.sleepiteration", 5);

            Console.WriteLine(@"Fido processing complete... sleeping for " + (iSleep / 1000).ToString(CultureInfo.InvariantCulture) + @" seconds.");
            Thread.Sleep(iSleep);
            timer1.Enabled = true;
        }
Exemplo n.º 13
0
        //The load will grab configurations for what FIDO is monitoring,
        //then go to each configured external system to parse any alerts.
        //Finally, FIDO is configured to pause per iteration on a
        //configurable timed basis.
        private void Fido_Load(object sender, EventArgs aug)
        {
            //Disabled the current time during current iteration.
            timer1.Enabled = false;
            Hide();

            //Check to see if Fido configurations exists and if not
            //fail with prompt that configurations are not found.
            Console.Clear();
            var sAppStartupPath = Application.StartupPath + @"\data\fido.db";

            if (!File.Exists(sAppStartupPath))
            {
                Console.WriteLine(@"Failed to load FIDO DB.");
                Application.Exit();
            }
            else
            {
                Console.WriteLine(@"Loaded FIDO DB successfully.");
            }

            //Load fido configs from database
            Object_Fido_Configs.LoadConfigFromDb("config");

            //Setup syslog
            var server1   = Object_Fido_Configs.GetAsString("fido.logger.syslog.server", "localhost");
            var port1     = Object_Fido_Configs.GetAsInt("fido.logger.syslog.port", 514);
            var facility1 = Object_Fido_Configs.GetAsString("fido.logger.syslog.facility", "local1");
            var sender1   = Object_Fido_Configs.GetAsString("fido.logger.syslog.sender", "Fido");
            var layout1   = Object_Fido_Configs.GetAsString("fido.logger.syslog.layout", "$(message)");
            //SysLogger.Setup(server1, port1, facility1, sender1, layout1);

            //Beginning of primary area which starts parsing of alerts.
            var isParamTest = Object_Fido_Configs.GetAsBool("fido.application.teststartup", true);
            var sDetectors  = Object_Fido_Configs.GetAsString("fido.application.detectors", string.Empty).Split(',');

            try
            {
                Console.WriteLine(isParamTest ? @"Running test configs." : @"Running production configs.");

                foreach (var detect in sDetectors)
                {
                    var parseConfigs = Object_Fido_Configs.ParseDetectorConfigs(detect);
                    //Get the detector, ie, email, log, web service, etc.
                    var sDetectorType = parseConfigs.DetectorType;
                    switch (sDetectorType)
                    {
                    case "api":
                        Console.WriteLine(@"Loading webservice receiver.");
                        Recieve_API.DirectToEngine(sDetectorType, detect);
                        break;

                    case "log":
                        Console.WriteLine(@"Loaded log receiver.");
                        var sDefaultServer = parseConfigs.Server;
                        var sDefaultFile   = parseConfigs.File;
                        var sVendor        = parseConfigs.Vendor;
                        Receive_Logging.DirectToEngine(detect, sVendor, sDefaultServer, sDefaultFile, isParamTest);
                        break;

                    case "sql":
                        Console.WriteLine(@"Loaded sql receiver.");
                        Receive_SQL.DirectToEngine(sDetectorType, detect);
                        break;

                    case "email":
                        Console.WriteLine(@"Loaded email receiver.");
                        var sEmailVendor     = Object_Fido_Configs.GetAsString("fido.email.vendor", "imap");
                        var sDetectorsEmail  = parseConfigs.EmailFrom;
                        var sDetectorsFolder = parseConfigs.Folder;
                        Receive_Email.ReadEmail(sEmailVendor, sDetectorsFolder, null, sDetectorsEmail, isParamTest);
                        break;
                    }
                }
            }
            catch (Exception e)
            {
                Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in fidomain area:" + e);
            }

            //Sleep for X # of seconds per iteration specified in Fido configuration
            Application.DoEvents();
            var iSleep = Object_Fido_Configs.GetAsInt("fido.application.sleepiteration", 5);

            Console.WriteLine(@"Fido processing complete... sleeping for " + (iSleep / 1000).ToString(CultureInfo.InvariantCulture) + @" seconds.");
            Thread.Sleep(iSleep);
            timer1.Enabled = true;
        }