/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
}
if (RetentionInDays != null)
{
model.RetentionInDays = RetentionInDays;
}
if (StorageAccountName != null)
{
model.StorageAccountName = StorageAccountName;
}
return(model);
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, String clientId)
{
if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled)
{
if (!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName, clientId))
{
throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
}
// Check that auditing is turned on:
DatabaseAuditingPolicyModel databaseAuditingPolicyModel;
AuditingAdapter.GetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, out databaseAuditingPolicyModel);
AuditStateType auditingState = databaseAuditingPolicyModel.AuditState;
if (databaseAuditingPolicyModel.UseServerDefault == UseServerDefaultOptions.Enabled)
{
ServerAuditingPolicyModel serverAuditingPolicyModel;
AuditingAdapter.GetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, clientId, out serverAuditingPolicyModel);
auditingState = serverAuditingPolicyModel.AuditState;
}
if (auditingState != AuditStateType.Enabled)
{
throw new Exception(Properties.Resources.AuditingIsTurnedOff);
}
}
var databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model);
ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, databaseSecurityAlertPolicyParameters);
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(
DatabaseThreatDetectionPolicyModel model)
{
model = base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Disabled;
return(model);
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = ExcludedDetectionType.Select(s => SecurityConstants.ExcludedDetectionToExcludedDetectionTypes[s]).ToArray();
}
ValidateInput(model);
return(model);
}
/// <summary>
/// Updates the given model with all the disabled alerts information
/// </summary>
private void ModelizeDisabledAlerts(DatabaseThreatDetectionPolicyModel model, string disabledAlerts)
{
HashSet <DetectionType> detectionTypes = new HashSet <DetectionType>();
if (disabledAlerts.IndexOf(SecurityConstants.Successful_SQLi) != -1)
{
detectionTypes.Add(DetectionType.Successful_SQLi);
}
if (disabledAlerts.IndexOf(SecurityConstants.Attempted_SQLi) != -1)
{
detectionTypes.Add(DetectionType.Attempted_SQLi);
}
if (disabledAlerts.IndexOf(SecurityConstants.Client_GEO_Anomaly) != -1)
{
detectionTypes.Add(DetectionType.Client_GEO_Anomaly);
}
if (disabledAlerts.IndexOf(SecurityConstants.Failed_Logins_Anomaly) != -1)
{
detectionTypes.Add(DetectionType.Failed_Logins_Anomaly);
}
if (disabledAlerts.IndexOf(SecurityConstants.Failed_Queries_Anomaly) != -1)
{
detectionTypes.Add(DetectionType.Failed_Queries_Anomaly);
}
if (disabledAlerts.IndexOf(SecurityConstants.Data_Extraction_Anomaly) != -1)
{
detectionTypes.Add(DetectionType.Data_Extraction_Anomaly);
}
if (disabledAlerts.IndexOf(SecurityConstants.Data_Alteration_Anomaly) != -1)
{
detectionTypes.Add(DetectionType.Data_Alteration_Anomaly);
}
model.ExcludedDetectionTypes = detectionTypes.ToArray();
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseThreatDetectionPolicyModel ApplyUserInputToModel(DatabaseThreatDetectionPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.ThreatDetectionState = ThreatDetectionStateType.Enabled;
if (NotificationRecipientsEmails != null)
{
model.NotificationRecipientsEmails = NotificationRecipientsEmails;
}
if (EmailAdmins != null)
{
model.EmailAdmins = (bool)EmailAdmins;
}
ExcludedDetectionType = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
if (ExcludedDetectionType != null)
{
model.ExcludedDetectionTypes = BaseThreatDetectionPolicyModel.ProcessExcludedDetectionTypes(ExcludedDetectionType);
}
model.ValidateContent();
return(model);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private DatabaseThreatDetectionPolicyModel ModelizeDatabaseThreatDetectionPolicy(DatabaseSecurityAlertPolicy threatDetectionPolicy)
{
DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = new DatabaseThreatDetectionPolicyModel();
DatabaseSecurityAlertPolicyProperties threatDetectionProperties = threatDetectionPolicy.Properties;
databaseThreatDetectionPolicyModel.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
databaseThreatDetectionPolicyModel.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
databaseThreatDetectionPolicyModel.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeDisabledAlerts(databaseThreatDetectionPolicyModel, threatDetectionProperties.DisabledAlerts);
return(databaseThreatDetectionPolicyModel);
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, string storageEndpointSuffix)
{
if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled &&
!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName))
{
throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
}
var databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model, storageEndpointSuffix);
ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, databaseSecurityAlertPolicyParameters);
}
/// <summary>
/// Provides a database threat detection policy model for the given database
/// </summary>
public DatabaseThreatDetectionPolicyModel GetDatabaseThreatDetectionPolicy(string resourceGroup, string serverName, string databaseName, string requestId)
{
if (!IsRightServerVersionForThreatDetection(resourceGroup, serverName, requestId))
{
throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
}
DatabaseSecurityAlertPolicy threatDetectionPolicy = ThreatDetectionCommunicator.GetDatabaseSecurityAlertPolicy(resourceGroup, serverName, databaseName, requestId);
DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = ModelizeDatabaseThreatDetectionPolicy(threatDetectionPolicy);
databaseThreatDetectionPolicyModel.ResourceGroupName = resourceGroup;
databaseThreatDetectionPolicyModel.ServerName = serverName;
databaseThreatDetectionPolicyModel.DatabaseName = databaseName;
return(databaseThreatDetectionPolicyModel);
}
/// <summary>
/// Preforms validity checks
/// </summary>
/// <param name="model">The model</param>
private void ValidateInput(DatabaseThreatDetectionPolicyModel model)
{
// Validity checks:
// 1. Check that EmailAddresses are in correct format
bool areEmailAddressesInCorrectFormat = AreEmailAddressesInCorrectFormat(model.NotificationRecipientsEmails);
if (!areEmailAddressesInCorrectFormat)
{
throw new Exception(Properties.Resources.EmailsAreNotValid);
}
// 2. check that EmailAdmins is not False and NotificationRecipientsEmails is not empty
if (!model.EmailAdmins && string.IsNullOrEmpty(model.NotificationRecipientsEmails))
{
throw new Exception(Properties.Resources.NeedToProvideEmail);
}
}
/// <summary>
/// Updates the given model with all the disabled alerts information
/// </summary>
private void ModelizeDisabledAlerts(DatabaseThreatDetectionPolicyModel model, string disabledAlerts)
{
List <string> disabledAlertsArray = disabledAlerts.Split(';').Select(p => p.Trim()).ToList();
HashSet <DetectionType> detectionTypes = new HashSet <DetectionType>();
if (disabledAlertsArray.Contains(SecurityConstants.Sql_Injection))
{
detectionTypes.Add(DetectionType.Sql_Injection);
}
if (disabledAlertsArray.Contains(SecurityConstants.Sql_Injection_Vulnerability))
{
detectionTypes.Add(DetectionType.Sql_Injection_Vulnerability);
}
if (disabledAlertsArray.Contains(SecurityConstants.Access_Anomaly))
{
detectionTypes.Add(DetectionType.Access_Anomaly);
}
if (disabledAlertsArray.Contains(SecurityConstants.Usage_Anomaly))
{
detectionTypes.Add(DetectionType.Usage_Anomaly);
}
model.ExcludedDetectionTypes = detectionTypes.ToArray();
}
/// <summary>
/// No sending is needed as this is a Get cmdlet
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override DatabaseThreatDetectionPolicyModel PersistChanges(DatabaseThreatDetectionPolicyModel model)
{
return(null);
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
/// <param name="model">The SecurityAlert model object</param>
/// <returns>The communication model object</returns>
private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model)
{
DatabaseSecurityAlertPolicyCreateOrUpdateParameters updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
DatabaseSecurityAlertPolicyProperties properties = new DatabaseSecurityAlertPolicyProperties();
updateParameters.Properties = properties;
properties.State = PolicizeThreatDetectionState(model.ThreatDetectionState);
properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
properties.EmailAccountAdmins = model.EmailAdmins
? SecurityConstants.ThreatDetectionEndpoint.Enabled
: SecurityConstants.ThreatDetectionEndpoint.Disabled;
properties.DisabledAlerts = ExtractExcludedDetectionType(model);
return(updateParameters);
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
/// <param name="model">The SecurityAlert model object</param>
/// <returns>The communication model object</returns>
private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model)
{
var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters();
var properties = PopulatePolicyProperties(model, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties;
updateParameters.Properties = properties;
return(updateParameters);
}
