/// <summary>
/// Create web hook subscriptions in order to receive the notifications
/// </summary>
/// <param name="filters"></param>
/// <returns>The subscription object</returns>
public async Task <Tuple <Subscription, string> > SubscribeAsync(AlertFilterModel filters)
{
var startDateTime = DateTime.Now;
try
{
var changeType = "updated";
var expirationDate = DateTime.UtcNow.AddHours(3);
var randno = new Random().Next(1, 100).ToString();
var clientState = "IsgSdkSubscription" + randno;
var filteredQuery = GraphQueryProvider.GetQueryByAlertFilter(filters);
var resource = filters.ContainsKey("AlertId") && filters.HasPropertyFilter("AlertId")
? $"/security/alerts/{filters.GetFirstPropertyFilter("AlertId").Value}"
: $"/security/alerts{(!String.IsNullOrWhiteSpace(filteredQuery) ? $"?$filter={filteredQuery}" : string.Empty)}";
Subscription subscription = new Subscription()
{
ChangeType = changeType,
NotificationUrl = NotificationUri,
Resource = resource,
ExpirationDateTime = expirationDate,
ClientState = clientState
};
var result = await _graphClient.Subscriptions.Request().AddAsync(subscription);
Debug.WriteLine($"GraphService/SubscribeAsync execution time: {DateTime.Now - startDateTime}");
return(new Tuple <Subscription, string>(result, filteredQuery));
}
catch (Exception exception)
{
Trace.WriteLine(exception.Message);
return(null);
}
}
/// <summary>
/// Get alerts based on the alert filters
/// </summary>
/// <param name="filters"></param>
/// <returns>alerts matching the filtering criteria</returns>
public async Task <Tuple <IEnumerable <Alert>, string> > GetAlertsAsync(AlertFilterModel filters, Dictionary <string, string> odredByParams = null)
{
try
{
var startDateTime = DateTime.Now;
if (filters == null)
{
var result = await _graphClient.Security.Alerts.Request().GetAsync();
Debug.WriteLine($"GraphService/GetAlertsAsync execution time: {DateTime.Now - startDateTime}");
return(new Tuple <IEnumerable <Alert>, string>(result, string.Empty));
}
else if (filters != null && filters.Count == 0)
{
var result = await _graphClient.Security.Alerts.Request().Top(filters.Top).GetAsync();
Debug.WriteLine($"GraphService/GetAlertsAsync execution time: {DateTime.Now - startDateTime}");
return(new Tuple <IEnumerable <Alert>, string>(result, string.Empty));
}
else
{
// var s = _graphClient.Security.Alerts.Request()
// Create filter query
var filterQuery = GraphQueryProvider.GetQueryByAlertFilter(filters);
var customOrderByParams = new Dictionary <string, string>();
//// If there are no filters and there are no custom odredByParams (if specified only top X)
if ((odredByParams == null || odredByParams.Count() < 1) && filters.Count < 1)
{
//// Order by 1. Provider 2. CreatedDateTime (desc)
customOrderByParams.Add("vendorInformation/provider", "asc");
customOrderByParams.Add("createdDateTime", "desc");
}
else if (filters.Count >= 1 && filters.ContainsKey("createdDateTime"))
{
customOrderByParams.Add("createdDateTime", "desc");
}
// Create request with filter and top X
var request = _graphClient.Security.Alerts.Request().Filter(filterQuery).Top(filters.Top);
// Add order py params
if (customOrderByParams.Count > 0)
{
request = request.OrderBy(string.Join(", ", customOrderByParams.Select(param => $"{param.Key} {param.Value}")));
}
else if (odredByParams != null && odredByParams.Count() > 0)
{
request = request.OrderBy(string.Join(", ", odredByParams.Select(param => $"{param.Key} {param.Value}")));
}
// Get alerts
var result = await request.GetAsync();
Debug.WriteLine($"GraphService/GetAlertsAsync execution time: {DateTime.Now - startDateTime}");
return(new Tuple <IEnumerable <Alert>, string>(result, filterQuery));
}
}
catch (Exception exception)
{
Trace.WriteLine(exception.Message);
return(null);
}
}