public static string GetXml(IDMEFMessage alertMessage) { XmlSerializer xmlSerializer = new XmlSerializer(alertMessage.GetType()); using (StringWriter textWriter = new StringWriter()) { xmlSerializer.Serialize(textWriter, alertMessage); return(textWriter.ToString()); } //using (MemoryStream memStm = new MemoryStream()) //{ // DataContractSerializer serializer = new DataContractSerializer(typeof(IDMEFMessage)); // serializer.WriteObject(memStm, alertMessage); // memStm.Seek(0, SeekOrigin.Begin); // using (var streamReader = new StreamReader(memStm)) // { // string result = streamReader.ReadToEnd(); // return result; // } //} }
public static IDMEFMessage CreateAltertMessageFromRawPacket(Packet packet) { IDMEFMessage idmefMessage = new IDMEFMessage(); idmefMessage.Items = new object[1]; //this is an IDMEF alert Alert alertMessage = new Idmef.Alert(); //build the alert message alertMessage.CreateTime = CreateTimestamp(DateTime.Now); // add more alert stuff here //add the alert to the message idmefMessage.Items[0] = alertMessage; return(idmefMessage); }
/// <summary> /// this method checks a DoS attack on a webserver /// </summary> /// <param name="webServerAddress"></param> /// <param name="threshold"></param> /// <param name="analysisWindow"></param> /// <returns></returns> public bool CheckForWebServerDosAttack(string webServerAddress, int threshold, int?analysisWindow) { bool alertRaised = false; //fetch the data to base the decision from the appropriate agent int totalEvents = SensorEventAgent.GetTotalEvents(webServerAddress, 80, analysisWindow); if (totalEvents > threshold) { foreach (IAlertReport alertReport in ReportMethods) { IDMEFMessage alertMessage = IdmefMessageMapper.CreateWebDoSAlert(webServerAddress, analyserId.ToString()); alertReport.ReportAltert(alertMessage, analyserId.ToString()); } alertRaised = true; } return(alertRaised); }
public static IDMEFMessage CreateWebDoSAlert(string webServerAddress, string analyzerId) { IDMEFMessage idmefMessage = new IDMEFMessage(); idmefMessage.Items = new object[1]; //this is an IDMEF alert Alert alertMessage = new Alert(); //build the alert message alertMessage.CreateTime = CreateTimestamp(DateTime.Now); alertMessage.Analyzer = new Analyzer(); alertMessage.Analyzer.analyzerid = analyzerId; //add the alert to the message idmefMessage.Items[0] = alertMessage; return(idmefMessage); }
static void Main(string[] args) { IDMEFMessage message = new IDMEFMessage(); IDMEFMessage }
public void ReportAltert(IDMEFMessage alertMessage, string analyzerId) { string altertMessageAsXml = IdmefMessageMapper.GetXml(alertMessage); AnalyserAlertDbAgent.InsertAlert(_connectionString, analyzerId, altertMessageAsXml); }
public void ReportAltert(IDMEFMessage alertMessage, string sensorId) { Console.WriteLine("Alert declared " + alertMessage.version + " by sensor " + sensorId); }