public static void InsertEventToDB(FidoReturnValues lFidoReturnValues)
{
var iKeepAlive = Object_Fido_Configs.GetAsInt("fido.application.unnownkeepalive", 0);
var db = new SqLiteDB();
var data = new Dictionary<String, String>
{
{"timer", iKeepAlive.ToString(CultureInfo.InvariantCulture)},
{"ip_address", lFidoReturnValues.SrcIP},
{"hostname", lFidoReturnValues.Hostname.ToLower()},
{"timestamp", Convert.ToDateTime(lFidoReturnValues.TimeOccurred).ToString(CultureInfo.InvariantCulture)},
{"previous_score", lFidoReturnValues.TotalScore.ToString(CultureInfo.InvariantCulture)},
{"alert_id", lFidoReturnValues.AlertID}
};
try
{
//insert event to primary alert table
db.Insert("event_alerts", data);
const string eventAlerts = @"select count() from event_alerts";
var newRow = db.ExecuteScalar(eventAlerts);
//if there is threat data then insert otherwise
//todo: figure out a better way to find out if a detector is empty
if (lFidoReturnValues.Bit9 != null | lFidoReturnValues.Antivirus != null | lFidoReturnValues.FireEye != null |
lFidoReturnValues.Cyphort != null | lFidoReturnValues.ProtectWise != null | lFidoReturnValues.PaloAlto != null)
{
UpdateThreatToDB(lFidoReturnValues, newRow);
}
//if there is machine data then insert otherwise
if ((lFidoReturnValues.Landesk != null) | (lFidoReturnValues.Jamf != null))
{
UpdateMachineToDB(lFidoReturnValues, newRow);
}
//if there is user data then insert otherwise
if (lFidoReturnValues.UserInfo != null)
{
UpdateUserToDB(lFidoReturnValues, newRow);
}
//if there is detailed threat data insert
//if there is histiorical url data insert
UpdateHistoricalURLInfo(lFidoReturnValues);
UpdateHistoricalHashInfo(lFidoReturnValues);
UpdateHistoricalIPInfo(lFidoReturnValues);
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error",
"Fido Failed: {0} Exception caught in insert of event alert to fidodb:" + e);
}
}
public static void InsertEventToDB(FidoReturnValues lFidoReturnValues)
{
var iKeepAlive = Object_Fido_Configs.GetAsInt("fido.application.unnownkeepalive", 0);
var db = new SqLiteDB();
var data = new Dictionary <String, String>
{
{ "timer", iKeepAlive.ToString(CultureInfo.InvariantCulture) },
{ "ip_address", lFidoReturnValues.SrcIP },
{ "hostname", lFidoReturnValues.Hostname.ToLower() },
{ "timestamp", Convert.ToDateTime(lFidoReturnValues.TimeOccurred).ToString(CultureInfo.InvariantCulture) },
{ "previous_score", lFidoReturnValues.TotalScore.ToString(CultureInfo.InvariantCulture) },
{ "alert_id", lFidoReturnValues.AlertID }
};
try
{
//insert event to primary alert table
db.Insert("event_alerts", data);
const string eventAlerts = @"select count() from event_alerts";
var newRow = db.ExecuteScalar(eventAlerts);
//if there is threat data then insert otherwise
//todo: figure out a better way to find out if a detector is empty
if (lFidoReturnValues.Bit9 != null | lFidoReturnValues.Antivirus != null | lFidoReturnValues.FireEye != null |
lFidoReturnValues.Cyphort != null | lFidoReturnValues.ProtectWise != null | lFidoReturnValues.PaloAlto != null)
{
UpdateThreatToDB(lFidoReturnValues, newRow);
}
//if there is machine data then insert otherwise
if ((lFidoReturnValues.Landesk != null) | (lFidoReturnValues.Jamf != null))
{
UpdateMachineToDB(lFidoReturnValues, newRow);
}
//if there is user data then insert otherwise
if (lFidoReturnValues.UserInfo != null)
{
UpdateUserToDB(lFidoReturnValues, newRow);
}
//if there is detailed threat data insert
//if there is histiorical url data insert
UpdateHistoricalURLInfo(lFidoReturnValues);
UpdateHistoricalHashInfo(lFidoReturnValues);
UpdateHistoricalIPInfo(lFidoReturnValues);
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error",
"Fido Failed: {0} Exception caught in insert of event alert to fidodb:" + e);
}
}
private static void InsertHistoricalThreatToDB(HistorialThreatData threatData)
{
var db = new SqLiteDB();
var data = new Dictionary <String, String>
{
{ threatData.SDB, threatData.InValue },
{ "timedate", threatData.When }
};
var sdb = @"previous_threat_" + threatData.SDB;
//db.Insert("previous_threat_url", data);
db.Insert(sdb, data);
}
private static void InsertHistoricalThreatToDB(string sdb, string invalue, string timedate)
{
var db = new SqLiteDB();
var data = new Dictionary <String, String>
{
{ sdb, invalue },
{ "timedate", timedate }
};
sdb = @"previous_threat_" + sdb;
//db.Insert("previous_threat_url", data);
db.Insert(sdb, data);
}
private static void InsertHistoricalThreatToDB(string sdb, string invalue, string timedate)
{
var db = new SqLiteDB();
var data = new Dictionary<String, String>
{
{ sdb, invalue },
{ "timedate", timedate}
};
sdb = @"previous_threat_" + sdb;
//db.Insert("previous_threat_url", data);
db.Insert(sdb, data);
}