private static FidoReturnValues SendCyphortToThreatGRID(FidoReturnValues lFidoReturnValues)
{
if (Object_Fido_Configs.GetAsBool("fido.director.threatgrid", false))
{
return(lFidoReturnValues);
}
Int16 iDays = -7;
lFidoReturnValues.Cyphort.ThreatGRID.IPSearch = Feeds_ThreatGRID.SearchInfo(lFidoReturnValues.DstIP, false, iDays);
while (Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.CurrentItemCount) < 50)
{
if (iDays < -364)
{
break;
}
iDays = (Int16)(iDays * 2);
lFidoReturnValues.Cyphort.ThreatGRID.IPSearch = Feeds_ThreatGRID.SearchInfo(lFidoReturnValues.DstIP, false, iDays);
}
Console.WriteLine(@"Successfully found ThreatGRID IP data (" + lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.CurrentItemCount + @" records)... storing in Fido.");
if (Convert.ToDouble(lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.CurrentItemCount) == 0)
{
return(lFidoReturnValues);
}
//todo: make the below integer values configurable by storing them in the DB
var vTGItemCount = 0;
if (Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.CurrentItemCount) < 25)
{
vTGItemCount = Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.CurrentItemCount);
}
if (Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.CurrentItemCount) >= 25)
{
vTGItemCount = 25;
}
for (var i = 0; i < vTGItemCount; i++)
{
if (i >= 50)
{
continue;
}
if (lFidoReturnValues.Cyphort.ThreatGRID.IPThreatInfo == null)
{
lFidoReturnValues.Cyphort.ThreatGRID.IPThreatInfo = new List <Object_ThreatGRID_Threat_ConfigClass.ThreatGRID_Threat_Info>();
}
lFidoReturnValues.Cyphort.ThreatGRID.IPThreatInfo.Add(Feeds_ThreatGRID.ThreatInfo(lFidoReturnValues.Cyphort.ThreatGRID.IPSearch.Data.Items[i].HashID));
}
return(lFidoReturnValues);
}
private static FidoReturnValues SendCyphortToThreatGRID(FidoReturnValues lFidoReturnValues)
{
Int16 iDays = -7;
if (lFidoReturnValues.Cyphort == null)
{
return(lFidoReturnValues);
}
foreach (var md5 in lFidoReturnValues.Cyphort.MD5Hash)
{
if (string.IsNullOrEmpty(md5))
{
continue;
}
lFidoReturnValues.Cyphort.ThreatGRID.HashSearch = Feeds_ThreatGRID.SearchInfo(md5, true, iDays);
while (Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.HashSearch.Data.CurrentItemCount) < 50)
{
if (iDays < -364)
{
break;
}
iDays = (Int16)(iDays * 2);
lFidoReturnValues.Cyphort.ThreatGRID.HashSearch = Feeds_ThreatGRID.SearchInfo(md5, true, iDays);
}
if (Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.HashSearch.Data.CurrentItemCount) > 0)
{
Console.WriteLine(@"Successfully found ThreatGRID hash data (" + lFidoReturnValues.Cyphort.ThreatGRID.HashSearch.Data.CurrentItemCount + @" records)... storing in Fido.");
}
for (var i = 0; i < Convert.ToInt16(lFidoReturnValues.Cyphort.ThreatGRID.HashSearch.Data.CurrentItemCount); i++)
{
if (i >= 50)
{
continue;
}
if (lFidoReturnValues.Cyphort.ThreatGRID.HashThreatInfo == null)
{
lFidoReturnValues.Cyphort.ThreatGRID.HashThreatInfo = new List <Object_ThreatGRID_Threat_ConfigClass.ThreatGRID_Threat_Info>();
}
lFidoReturnValues.Cyphort.ThreatGRID.HashThreatInfo.Add(Feeds_ThreatGRID.ThreatInfo(lFidoReturnValues.Cyphort.ThreatGRID.HashSearch.Data.Items[i].HashID));
}
}
return(lFidoReturnValues);
}
public static FidoReturnValues ThreatGRIDIPInfo(FidoReturnValues lFidoReturnValues)
{
if (Object_Fido_Configs.GetAsBool("fido.director.alienvault", false))
{
return(lFidoReturnValues);
}
if (!String.IsNullOrEmpty(lFidoReturnValues.DstIP))
{
if (lFidoReturnValues.FireEye != null)
{
if (lFidoReturnValues.FireEye.ThreatGRID == null)
{
lFidoReturnValues.FireEye.ThreatGRID = new ThreatGridReturnValues();
}
lFidoReturnValues.FireEye.ThreatGRID.IPInfo = Feeds_ThreatGRID.HlInfo(lFidoReturnValues.DstIP);
}
if (lFidoReturnValues.Cyphort != null)
{
if (lFidoReturnValues.Cyphort.ThreatGRID == null)
{
lFidoReturnValues.Cyphort.ThreatGRID = new ThreatGridReturnValues();
}
lFidoReturnValues.Cyphort.ThreatGRID.IPInfo = Feeds_ThreatGRID.HlInfo(lFidoReturnValues.DstIP);
}
if (lFidoReturnValues.ProtectWise != null)
{
if (lFidoReturnValues.ProtectWise.ThreatGRID == null)
{
lFidoReturnValues.ProtectWise.ThreatGRID = new ThreatGridReturnValues();
}
lFidoReturnValues.ProtectWise.ThreatGRID.IPInfo = Feeds_ThreatGRID.HlInfo(lFidoReturnValues.DstIP);
}
if (lFidoReturnValues.PaloAlto != null)
{
if (lFidoReturnValues.PaloAlto.ThreatGRID == null)
{
lFidoReturnValues.PaloAlto.ThreatGRID = new ThreatGridReturnValues();
}
lFidoReturnValues.PaloAlto.ThreatGRID.IPInfo = Feeds_ThreatGRID.HlInfo(lFidoReturnValues.DstIP);
}
}
return(lFidoReturnValues);
}
private static FidoReturnValues SendProtectWiseToThreatGRID(FidoReturnValues lFidoReturnValues)
{
//todo: move this integer value to the DB
Int16 iDays = -7;
if (lFidoReturnValues.ProtectWise == null)
{
return(lFidoReturnValues);
}
lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch = Feeds_ThreatGRID.SearchInfo(lFidoReturnValues.ProtectWise.MD5, true, iDays);
while (Convert.ToInt16(lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch.Data.CurrentItemCount) < 50)
{
if (iDays < -364)
{
break;
}
iDays = (Int16)(iDays * 2);
lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch = Feeds_ThreatGRID.SearchInfo(lFidoReturnValues.ProtectWise.MD5, true, iDays);
}
if (Convert.ToInt16(lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch.Data.CurrentItemCount) > 0)
{
Console.WriteLine(@"Successfully found ThreatGRID hash data (" + lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch.Data.CurrentItemCount + @" records)... storing in Fido.");
}
for (var i = 0; i < Convert.ToInt16(lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch.Data.CurrentItemCount); i++)
{
if (i >= 50)
{
continue;
}
if (lFidoReturnValues.ProtectWise.ThreatGRID.HashThreatInfo == null)
{
lFidoReturnValues.ProtectWise.ThreatGRID.HashThreatInfo = new List <Object_ThreatGRID_Threat_ConfigClass.ThreatGRID_Threat_Info>();
}
lFidoReturnValues.ProtectWise.ThreatGRID.HashThreatInfo.Add(Feeds_ThreatGRID.ThreatInfo(lFidoReturnValues.ProtectWise.ThreatGRID.HashSearch.Data.Items[i].HashID));
}
return(lFidoReturnValues);
}
private static FidoReturnValues SendPaloAltoToThreatGRID(FidoReturnValues lFidoReturnValues)
{
if (Object_Fido_Configs.GetAsBool("fido.director.threatgrid", false))
{
return(lFidoReturnValues);
}
Int16 iDays = -7;
lFidoReturnValues.PaloAlto.ThreatGRID.IPSearch = Feeds_ThreatGRID.SearchInfo(lFidoReturnValues.DstIP, false, iDays);
while (Convert.ToInt16(lFidoReturnValues.PaloAlto.ThreatGRID.IPSearch.Data.CurrentItemCount) < 50)
{
if (iDays < -364)
{
break;
}
iDays = (Int16)(iDays * 2);
lFidoReturnValues.PaloAlto.ThreatGRID.IPSearch = Feeds_ThreatGRID.SearchInfo(lFidoReturnValues.DstIP, false, iDays);
}
Console.WriteLine(@"Successfully found ThreatGRID IP data (" + lFidoReturnValues.PaloAlto.ThreatGRID.IPSearch.Data.CurrentItemCount + @" records)... storing in Fido.");
for (var i = 0; i < Convert.ToInt16(lFidoReturnValues.PaloAlto.ThreatGRID.IPSearch.Data.CurrentItemCount); i++)
{
if (i >= 50)
{
continue;
}
if (lFidoReturnValues.PaloAlto.ThreatGRID.IPThreatInfo == null)
{
lFidoReturnValues.PaloAlto.ThreatGRID.IPThreatInfo = new List <Object_ThreatGRID_Threat_ConfigClass.ThreatGRID_Threat_Info>();
}
lFidoReturnValues.PaloAlto.ThreatGRID.IPThreatInfo.Add(Feeds_ThreatGRID.ThreatInfo(lFidoReturnValues.PaloAlto.ThreatGRID.IPSearch.Data.Items[i].HashID));
}
return(lFidoReturnValues);
}