private static FidoReturnValues SendPaloAltoToAlienVault(FidoReturnValues lFidoReturnValues)
{
if (Object_Fido_Configs.GetAsBool("fido.director.alienvault", false))
{
return(lFidoReturnValues);
}
//initialize AlienVault area if null
if (lFidoReturnValues.PaloAlto.AlienVault == null)
{
lFidoReturnValues.PaloAlto.AlienVault = new AlienVaultReturnValues();
}
//next send PAN return to AlienVault
if ((lFidoReturnValues.PaloAlto != null) && (lFidoReturnValues.PaloAlto.DstIp != null))
{
Console.WriteLine(@"Getting IP informaiton from AlienVault.");
lFidoReturnValues.PaloAlto.AlienVault = Feeds_AlientVault.AlienVaultIP(lFidoReturnValues.PaloAlto.DstIp);
}
return(lFidoReturnValues);
}
private static FidoReturnValues FireEyeURL(FidoReturnValues lFidoReturnValues)
{
if ((lFidoReturnValues.FireEye != null) && ((lFidoReturnValues.FireEye.URL.Count != 0) || (lFidoReturnValues.FireEye.ChannelHost.Count != 0)))
{
//initialize VT area if null
if (lFidoReturnValues.FireEye.VirusTotal == null)
{
lFidoReturnValues.FireEye.VirusTotal = new VirusTotalReturnValues();
}
//convert return from FireEye to list
var sURLToCheck = new List <string>();
//if ((lFidoReturnValues.FireEye.URL != null) && (lFidoReturnValues.FireEye.URL.Count > 0))
//{
// sURLToCheck.AddRange(lFidoReturnValues.FireEye.URL);
//}
if ((lFidoReturnValues.FireEye.ChannelHost != null) && (lFidoReturnValues.FireEye.ChannelHost.Count > 0))
{
sURLToCheck.AddRange(lFidoReturnValues.FireEye.ChannelHost);
}
//if (lFidoReturnValues.FireEye.DstIP != null)
//{
// sURLToCheck.Add(lFidoReturnValues.FireEye.DstIP);
//}
sURLToCheck = sURLToCheck.Where(s => !string.IsNullOrEmpty(s)).Distinct().ToList();
//send FireEye return to VT
if ((sURLToCheck != null) && sURLToCheck.Any())
{
Console.WriteLine(@"Sending FireEye URLs to VirusTotal.");
lFidoReturnValues.FireEye.VirusTotal.URLReturn = Feeds_VirusTotal.VirusTotalUrl(sURLToCheck);
}
var sIPToCheck = new List <string>();
if (lFidoReturnValues.FireEye.DstIP != null)
{
sIPToCheck.Add(lFidoReturnValues.FireEye.DstIP);
}
sIPToCheck = sIPToCheck.Where(s => !string.IsNullOrEmpty(s)).Distinct().ToList();
//send IP information to VT IP API
if (sIPToCheck != null)
{
Console.WriteLine(@"Getting detailed IP information from VirusTotal.");
lFidoReturnValues.FireEye.VirusTotal.IPReturn = Feeds_VirusTotal.VirusTotalIP(sIPToCheck);
lFidoReturnValues.FireEye.VirusTotal.IPUrl = "http://www.virustotal.com/en/ip-address/" + lFidoReturnValues.FireEye.DstIP + "/information/";
}
//initialize AlienVault area if null
if (lFidoReturnValues.FireEye.AlienVault == null)
{
lFidoReturnValues.FireEye.AlienVault = new AlienVaultReturnValues();
}
//next send FireEye return to AlienVault
if ((lFidoReturnValues.FireEye != null) && (lFidoReturnValues.FireEye.DstIP != null))
{
Console.WriteLine(@"Getting IP information from AlienVault");
lFidoReturnValues.FireEye.AlienVault = Feeds_AlientVault.AlienVaultIP(lFidoReturnValues.DstIP);
}
}
return(lFidoReturnValues);
}
