/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model) { base.ApplyUserInputToModel(model); model.ThreatDetectionState = ThreatDetectionStateType.Enabled; if (NotificationRecipientsEmails != null) { model.NotificationRecipientsEmails = NotificationRecipientsEmails; } if (EmailAdmins != null) { model.EmailAdmins = (bool)EmailAdmins; } ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType); if (ExcludedDetectionType != null) { model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType); } if (RetentionInDays != null) { model.RetentionInDays = RetentionInDays; } if (StorageAccountName != null) { model.StorageAccountName = StorageAccountName; } return(model); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> private DatabaseSecurityAlertPolicy PolicizeDatabaseSecurityAlertModel(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix) { var policy = new DatabaseSecurityAlertPolicy() { State = model.ThreatDetectionState == ThreatDetectionStateType.Enabled ? SecurityAlertsPolicyState.Enabled : SecurityAlertsPolicyState.Disabled, DisabledAlerts = ExtractExcludedDetectionType(model), EmailAddresses = model.NotificationRecipientsEmails.Split(';').Where(mail => !string.IsNullOrEmpty(mail)).ToList(), EmailAccountAdmins = model.EmailAdmins, RetentionDays = Convert.ToInt32(model.RetentionInDays), }; if (string.IsNullOrEmpty(model.StorageAccountName)) { policy.StorageEndpoint = null; policy.StorageAccountAccessKey = null; } else { BaseSecurityAlertPolicyProperties legacyProperties = new BaseSecurityAlertPolicyProperties(); PopulateStoragePropertiesInPolicy(model, legacyProperties, storageEndpointSuffix); policy.StorageEndpoint = legacyProperties.StorageEndpoint; policy.StorageAccountAccessKey = legacyProperties.StorageAccountAccessKey; } return(policy); }
/// <summary> /// Extracts the detection types from the given model /// </summary> private string ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model) { if (model.ExcludedDetectionTypes == null) { return(null); } StringBuilder detectionTypes = new StringBuilder(); if (IsDetectionTypeOn(DetectionType.Sql_Injection, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Sql_Injection).Append(";"); } if (IsDetectionTypeOn(DetectionType.Sql_Injection_Vulnerability, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Sql_Injection_Vulnerability).Append(";"); } if (IsDetectionTypeOn(DetectionType.Access_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Access_Anomaly).Append(";"); } if (IsDetectionTypeOn(DetectionType.Usage_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Usage_Anomaly).Append(";"); } if (detectionTypes.Length != 0) { detectionTypes.Remove(detectionTypes.Length - 1, 1); // remove trailing semi-colon } return(detectionTypes.ToString()); }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model) { base.ApplyUserInputToModel(model); model.ThreatDetectionState = ThreatDetectionStateType.Enabled; if (NotificationRecipientsEmails != null) { model.NotificationRecipientsEmails = NotificationRecipientsEmails; } if (EmailAdmins != null) { model.EmailAdmins = (bool)EmailAdmins; } ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType); if (ExcludedDetectionType != null) { model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType); } model.ValidateContent(); return(model); }
private void PopulateStoragePropertiesInPolicy(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties, string storageEndpointSuffix) { if (string.IsNullOrEmpty(model.StorageAccountName)) // can happen if the user didn't provide account name for a policy that lacked it { throw new Exception(string.Format(Properties.Resources.NoStorageAccountWhenConfiguringThreatDetectionPolicy)); } properties.StorageEndpoint = string.Format("https://{0}.blob.{1}", model.StorageAccountName, storageEndpointSuffix); properties.StorageAccountAccessKey = AzureCommunicator.GetStorageKeys(model.StorageAccountName)[StorageKeyKind.Primary]; }
private BaseSecurityAlertPolicyProperties PopulatePolicyProperties(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties) { properties.State = model.ThreatDetectionState.ToString(); properties.EmailAddresses = model.NotificationRecipientsEmails ?? ""; properties.EmailAccountAdmins = model.EmailAdmins ? ThreatDetectionStateType.Enabled.ToString() : ThreatDetectionStateType.Disabled.ToString(); properties.DisabledAlerts = ExtractExcludedDetectionType(model); return(properties); }
private BaseSecurityAlertPolicyProperties PopulateDatabasePolicyProperties(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix, BaseSecurityAlertPolicyProperties properties) { properties.State = model.ThreatDetectionState.ToString(); properties.EmailAddresses = model.NotificationRecipientsEmails ?? ""; properties.EmailAccountAdmins = model.EmailAdmins ? ThreatDetectionStateType.Enabled.ToString() : ThreatDetectionStateType.Disabled.ToString(); properties.DisabledAlerts = string.Join(";", ExtractExcludedDetectionType(model)); PopulateStoragePropertiesInPolicy(model, properties, storageEndpointSuffix); properties.RetentionDays = Convert.ToInt32(model.RetentionInDays); return(properties); }
private static void ModelizeStorageAccount(BaseThreatDetectionPolicyModel model, string storageEndpoint) { if (string.IsNullOrEmpty(storageEndpoint)) { model.StorageAccountName = string.Empty; return; } var accountNameStartIndex = storageEndpoint.StartsWith("https://", StringComparison.InvariantCultureIgnoreCase) ? 8 : 7; // https:// or http:// var accountNameEndIndex = storageEndpoint.IndexOf(".blob", StringComparison.InvariantCultureIgnoreCase); model.StorageAccountName = storageEndpoint.Substring(accountNameStartIndex, accountNameEndIndex - accountNameStartIndex); }
/// <summary> /// Updates the given model with all the disabled alerts information /// </summary> private static void ModelizeDisabledAlerts(BaseThreatDetectionPolicyModel model, string disabledAlerts) { Func <string, DetectionType> toDetectionType = (s) => { DetectionType value; Enum.TryParse(s.Trim(), true, out value); return(value); }; if (string.IsNullOrEmpty(disabledAlerts)) { model.ExcludedDetectionTypes = new DetectionType[] {}; } else { model.ExcludedDetectionTypes = disabledAlerts.Split(';').Select(toDetectionType).ToArray(); } }
/// <summary> /// Extracts the detection types from the given model /// </summary> private static string[] ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model) { if (model.ExcludedDetectionTypes == null) { return(null); } if (model.ExcludedDetectionTypes.Any(t => t == DetectionType.None)) { if (model.ExcludedDetectionTypes.Count() == 1) { return(new string[0]); } if (model.ExcludedDetectionTypes.Any(t => t != DetectionType.None)) { throw new Exception(Properties.Resources.InvalidDetectionTypeList); } } return(model.ExcludedDetectionTypes); }
/// <summary> /// Extracts the detection types from the given model /// </summary> private static string ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model) { if (model.ExcludedDetectionTypes == null) { return(null); } if (model.ExcludedDetectionTypes.Any(t => t == DetectionType.None)) { if (model.ExcludedDetectionTypes.Count() == 1) { return(string.Empty); } if (model.ExcludedDetectionTypes.Any(t => t != DetectionType.None)) { throw new Exception(Properties.Resources.InvalidDetectionTypeList); } } return(string.Join(";", model.ExcludedDetectionTypes.Select(t => t.ToString()))); }
/// <summary> /// Extracts the detection types from the given model /// </summary> private string ExtractExcludedDetectionType(BaseThreatDetectionPolicyModel model) { if (model.ExcludedDetectionTypes == null) { return(null); } StringBuilder detectionTypes = new StringBuilder(); if (IsDetectionTypeOn(DetectionType.Successful_SQLi, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Successful_SQLi).Append(";"); } if (IsDetectionTypeOn(DetectionType.Attempted_SQLi, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Attempted_SQLi).Append(";"); } if (IsDetectionTypeOn(DetectionType.Client_GEO_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Client_GEO_Anomaly).Append(";"); } if (IsDetectionTypeOn(DetectionType.Failed_Logins_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Failed_Logins_Anomaly).Append(";"); } if (IsDetectionTypeOn(DetectionType.Failed_Queries_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Failed_Queries_Anomaly).Append(";"); } if (IsDetectionTypeOn(DetectionType.Data_Extraction_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Data_Extraction_Anomaly).Append(";"); } if (IsDetectionTypeOn(DetectionType.Data_Alteration_Anomaly, model.ExcludedDetectionTypes)) { detectionTypes.Append(SecurityConstants.Data_Alteration_Anomaly).Append(";"); } if (detectionTypes.Length != 0) { detectionTypes.Remove(detectionTypes.Length - 1, 1); // remove trailing comma } return(detectionTypes.ToString()); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix) { var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters(); var properties = PopulateDatabasePolicyProperties(model, storageEndpointSuffix, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties; updateParameters.Properties = properties; return(updateParameters); }
/// <summary> /// Transforms the given database policy object to its cmdlet model representation /// </summary> private static BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model) { model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State); model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses; model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins); ModelizeStorageAccount(model, threatDetectionProperties.StorageEndpoint); model.ExcludedDetectionTypes = threatDetectionProperties.DisabledAlerts.Split(';').Where(alert => !string.IsNullOrEmpty(alert)).ToArray() ?? new string[] { }; model.RetentionInDays = (uint)threatDetectionProperties.RetentionDays; return(model); }
/// <summary> /// Transforms the given database policy object to its cmdlet model representation /// </summary> private static BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model) { model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State); model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses; model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins); ModelizeStorageAccount(model, threatDetectionProperties.StorageEndpoint); ModelizeDisabledAlerts(model, threatDetectionProperties.DisabledAlerts.Split(';')); model.RetentionInDays = (uint)threatDetectionProperties.RetentionDays; return(model); }
/// <summary> /// Transforms the given database policy object to its cmdlet model representation /// </summary> private BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model) { model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State); model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses; model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins); ModelizeDisabledAlerts(model, threatDetectionProperties.DisabledAlerts); return(model); }