public static void GenerateReport_Item_Step3_NewBlob(string containername_current, string blobname_current, string containername_baseline, string blobname_baseline,
string DateOfDetection, string Event, List <string> Parsed_CurrentBlobData)
{
if (Config.Settings.SendReportAs_HTML == true)
{
string CurrentBlobData = "N/A";
string BaselineBlobData = "N/A";
CurrentBlobData = ("<b>ContainerName: </b>" + XmlConvert.DecodeName(containername_current) + "<br><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_current) +
"<br><b>DownloadURL: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) + "<br><b>LastModified: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) +
"<br><b>Blob Metdata (Size in Bytes): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "<br><b>Blob Metdata (MD5): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) +
"<br><b>SHA512/Signature: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "<br><b>Blob Metdata (ContentType): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) +
"<br><b>Anonymous Access Enabled</b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])));
string toprint = "<br>" +
"<br>" +
"<table style=\"text-align: left; height: 63px; width: 617px; table-layout: fixed;\"" +
"border=\"1\" cellpadding=\"2\" cellspacing=\"2\" >" +
"<tbody>" +
"<tr>" +
"<td colspan=\"2\" rowspan=\"1\" style=\"width: 300px; word-wrap: break-word;\" ><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_baseline) + "</td>" +
"</tr>" +
"<tr>" +
"<td style=\"width: 300px; word-wrap: break-word;\" colspan=\"2\" rowspan=\"1\"><b>DateDetected: </b>" + DateOfDetection + "</td>" +
"</tr>" +
"<tr>" +
"<td style=\"width: 300px; word-wrap: break-word;\" colspan=\"2\" rowspan=\"1\"><b>Event: </b>" + Event + "</td>" +
"</tr>" +
"<tr>" +
"<td colspan=\"1\" rowspan=\"1\" style=\"width: 300px; word-wrap: break-word;\"><u>Baseline" +
"Blob State</u><br>" +
"" + BaselineBlobData + "</td>" +
"<td style=\"width: 300px; word-wrap: break-word;\"><u>Current Blob State</u><br>" +
"" + CurrentBlobData + "</td>" +
"</tr>" +
"</tbody>" +
"</table>";
PrintToReport_HTML(toprint, "part3");
}
if (Config.Settings.SendReportAs_CSV == true)
{
PrintToReport_CSV(DateOfDetection + "," + Event + "," + XmlConvert.DecodeName(containername_current) +
"," + XmlConvert.DecodeName(blobname_current) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) +
"," + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "," +
XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "," +
XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])));
}
if (Config.Settings.EventLog_SaveEvents == true)
{
ResultsLogging.PrintToReport_Log("\"" + DateOfDetection + "\",\"" + Event + "\",\"" + XmlConvert.DecodeName(containername_current) +
"\",\"" + XmlConvert.DecodeName(blobname_current) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])) + "\"");
}
//here print to both the windows eventlog and the taskbar messages
Alerting.ResultsLogging.WriteTo_TaskBar_WinEventLog("New Blob Found", ("Time Scan Started: " + DateOfDetection + "\r\nEvent: " + Event +
"\r\nContainerName:" + XmlConvert.DecodeName(containername_current) +
"\r\nBlobName: " + XmlConvert.DecodeName(blobname_current) + "\r\nDownloadURL: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) +
"\r\nLastModified: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "\r\nBlob Metdata (Size in Bytes): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) +
"\r\nBlob Metdata (MD5): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "\r\nSHA512 Signature:" + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) +
"\r\nBlob Metdata (ContentType): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "\r\nAnonymous Access Enabled: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[7]))));
}
/// <summary>
///<para>This takes a list as input containing the blob data, that list should be in this order:</para>
///<para>0) MonitorThisFile</para>
///<para>1) DownloadLocation</para>
///<para>2) BlobProperty_LastModified</para>
///<para>3) BlobProperty_Size</para>
///<para>4) BlobProperty_MD5</para>
///<para>5) SHA512</para>
///<para>6) ContentType</para>
///<para>7) AnonymousAccessEnabled</para>
///<para>From that data a report is generated</para>
/// </summary>
public static void GenerateReport_Item_Step3(string containername_current, string blobname_current, string containername_baseline, string blobname_baseline,
string DateOfDetection, string Event, List <string> Parsed_CurrentBlobData, List <string> Parsed_BaselineBlobData, bool FileWasDeleted, bool FileIsNew)
{
if (Config.Settings.SendReportAs_HTML == true)
{
string CurrentBlobData = "N/A";
string BaselineBlobData = "N/A";
if (FileIsNew == true)
{
CurrentBlobData = ("<b>ContainerName: </b>" + XmlConvert.DecodeName(containername_current) + "<br><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_current) +
"<br><b>DownloadURL: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) + "<br><b>LastModified: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) +
"<br><b>Blob Metdata (Size in Bytes): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "<br><b>Blob Metdata (MD5): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) +
"<br><b>SHA512/Signature: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "<br><b>Blob Metdata (ContentType): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) +
"<br><b>Anonymous Access Enabled: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])));
}
else if (FileWasDeleted == true)
{
BaselineBlobData = ("<b>ContainerName: </b>" + XmlConvert.DecodeName(containername_baseline) + "<br><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_baseline) +
"<br><b>DownloadURL: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[1])) + "<br><b>LastModified: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[2])) +
"<br><b>Blob Metdata (Size in Bytes): </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[3])) + "<br><b>Blob Metdata (MD5): </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[4])) +
"<br><b>SHA512/Signature: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[5])) + "<br><b>Blob Metdata (ContentType): </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[6])) +
"<br><b>Anonymous Access Enabled: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[7])));
}
else
{
CurrentBlobData = ("<b>ContainerName: </b>" + XmlConvert.DecodeName(containername_current) + "<br><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_current) +
"<br><b>DownloadURL: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) + "<br><b>LastModified: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) +
"<br><b>Blob Metdata (Size in Bytes): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "<br><b>Blob Metdata (MD5): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) +
"<br><b>SHA512/Signature: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "<br><b>Blob Metdata (ContentType): </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) +
"<br><b>Anonymous Access Enabled: </b>" + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])));
BaselineBlobData = ("<b>ContainerName: </b>" + XmlConvert.DecodeName(containername_baseline) + "<br><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_baseline) +
"<br><b>DownloadURL: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[1])) + "<br><b>LastModified: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[2])) +
"<br><b>Blob Metdata (Size in Bytes): </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[3])) + "<br><b>Blob Metdata (MD5): </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[4])) +
"<br><b>SHA512/Signature: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[5])) + "<br><b>Blob Metdata (ContentType): </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[6])) +
"<br><b>Anonymous Access Enabled: </b>" + XmlConvert.DecodeName((Parsed_BaselineBlobData[7])));
}
string toprint = "<br>" +
"<br> <center>" +
"<table style=\"word-wrap:break-word; text-align: left; width: 800px; table-layout: fixed;\" border=\"1\" " +
"cellspacing=\"0\" align=\"left\" border=\"1\" cellpadding=\"2\" cellspacing=\"2\" width=\"800\">" +
"<tbody>" +
"<tr>" +
"<td colspan=\"2\" rowspan=\"1\" width: 800 style='word-wrap:break-word;width:233.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><b>BlobName: </b>" + XmlConvert.DecodeName(blobname_baseline) + "</td>" +
"</tr>" +
"<tr>" +
"<td width: 800 colspan=\"2\" rowspan=\"1\" style='word-wrap:break-word;width:233.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><b>DateDetected: </b>" + DateOfDetection + "</td>" +
"</tr>" +
"<tr>" +
"<td width: 800 colspan=\"2\" rowspan=\"1\" style='word-wrap:break-word;width:233.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><b>Event: </b>" + Event + "</td>" +
"</tr>" +
"<tr>" +
"<td colspan=\"1\" rowspan=\"1\" width: 400 style='word-wrap:break-word;width:233.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><u>Baseline" +
"Blob State</u><br>" +
"" + BaselineBlobData + "</td>" +
"<td colspan=\"1\" rowspan=\"1\" width: 400 style='word-wrap:break-word;width:233.75pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'><u>Current Blob State</u><br>" +
"" + CurrentBlobData + "</td>" +
"</tr>" +
"</tbody>" +
"</table></center>";
PrintToReport_HTML(toprint, "part3");
}
if (Config.Settings.SendReportAs_CSV == true)
{
if (FileIsNew == true)
{
PrintToReport_CSV(DateOfDetection + "," + Event + "," + XmlConvert.DecodeName(containername_current) + "," + XmlConvert.DecodeName(blobname_current) +
"," + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) +
"," + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "," +
XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "," +
XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])));
}
else if (FileWasDeleted == true)
{
PrintToReport_CSV(DateOfDetection + "," + Event + "," + XmlConvert.DecodeName(containername_baseline) + "," + XmlConvert.DecodeName(blobname_baseline) +
"," + XmlConvert.DecodeName((Parsed_BaselineBlobData[1])) + "," +
XmlConvert.DecodeName((Parsed_BaselineBlobData[2])) + "," + XmlConvert.DecodeName((Parsed_BaselineBlobData[3])) + "," + XmlConvert.DecodeName((Parsed_BaselineBlobData[4])) +
"," + XmlConvert.DecodeName((Parsed_BaselineBlobData[5])) + "," + XmlConvert.DecodeName((Parsed_BaselineBlobData[6])) + "," + XmlConvert.DecodeName((Parsed_BaselineBlobData[7])));
}
else
{
PrintToReport_CSV(DateOfDetection + "," + Event + "," + XmlConvert.DecodeName(containername_current) + "," + XmlConvert.DecodeName(blobname_current) +
"," + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) +
"," + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "," +
XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "," +
XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "," + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])));
}
}
if (Config.Settings.EventLog_SaveEvents == true)
{
if (FileIsNew == true)
{
ResultsLogging.PrintToReport_Log("\"" + DateOfDetection + "\",\"" + Event + "\",\"" + XmlConvert.DecodeName(containername_current) + "\",\"" +
XmlConvert.DecodeName(blobname_current) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])) + "\"");
}
else if (FileWasDeleted == true)
{
ResultsLogging.PrintToReport_Log("\"" + DateOfDetection + "\",\"" + Event + "\",\"" + XmlConvert.DecodeName(containername_baseline) + "\",\"" +
XmlConvert.DecodeName(blobname_baseline) + "\",\"" +
XmlConvert.DecodeName((Parsed_BaselineBlobData[1])) + "\",\"" + XmlConvert.DecodeName((Parsed_BaselineBlobData[2])) + "\",\"" +
XmlConvert.DecodeName((Parsed_BaselineBlobData[3])) + "\",\"" + XmlConvert.DecodeName((Parsed_BaselineBlobData[4])) + "\",\"" +
XmlConvert.DecodeName((Parsed_BaselineBlobData[5])) + "\",\"" + XmlConvert.DecodeName((Parsed_BaselineBlobData[6])) + "\",\"" + XmlConvert.DecodeName((Parsed_BaselineBlobData[7])) + "\"");
}
else
{
ResultsLogging.PrintToReport_Log("\"" + DateOfDetection + "\",\"" + Event + "\",\"" + XmlConvert.DecodeName(containername_current) +
"\",\"" + XmlConvert.DecodeName(blobname_current) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "\",\"" +
XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "\",\"" + XmlConvert.DecodeName((Parsed_CurrentBlobData[7])) + "\"");
}
}
//here print to both the windows eventlog and the taskbar messages
if (FileIsNew == true)
{
Alerting.ResultsLogging.WriteTo_TaskBar_WinEventLog("New Blob Found", ("Time Scan Started: " + DateOfDetection + "\r\nEvent: " + Event +
"\r\nContainerName: " + XmlConvert.DecodeName(containername_current) +
"\r\nBlobName: " + XmlConvert.DecodeName(blobname_current) + "\r\nDownloadURL: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) +
"\r\nLastModified: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "\r\nBlob Metdata (Size in Bytes): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) +
"\r\nBlob Metdata (MD5): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "\r\nSHA512 Signature: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) +
"\r\nBlob Metdata (ContentType): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "\r\nAnonymous Access Enabled: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[7]))));
}
else if (FileWasDeleted == true)
{
Alerting.ResultsLogging.WriteTo_TaskBar_WinEventLog("Blob was Deleted from Storage", ("Time Scan Started: " + DateOfDetection +
"\r\nEvent: " + Event + "\r\nContainerName: " + XmlConvert.DecodeName(containername_baseline) +
"\r\nBlobName: " + XmlConvert.DecodeName(blobname_baseline) + "\r\nDownloadURL: " + XmlConvert.DecodeName((Parsed_BaselineBlobData[1])) +
"\r\nLastModified: " + XmlConvert.DecodeName((Parsed_BaselineBlobData[2])) + "\r\nBlob Metdata (Size in Bytes): " + XmlConvert.DecodeName((Parsed_BaselineBlobData[3])) +
"\r\nBlob Metdata (MD5): " + XmlConvert.DecodeName((Parsed_BaselineBlobData[4])) + "\r\nSHA512 Signature: " + XmlConvert.DecodeName((Parsed_BaselineBlobData[5])) +
"\r\nBlob Metdata (ContentType): " + XmlConvert.DecodeName((Parsed_BaselineBlobData[6])) + "\r\nAnonymous Access Enabled: " + XmlConvert.DecodeName((Parsed_BaselineBlobData[7]))));
}
else
{
Alerting.ResultsLogging.WriteTo_TaskBar_WinEventLog(Event, ("Time Scan Started: " + DateOfDetection + "\r\nEvent: " + Event +
"\r\nContainerName: " + XmlConvert.DecodeName(containername_current) +
"\r\nBlobName: " + XmlConvert.DecodeName(blobname_current) + "\r\nDownloadURL: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[1])) +
"\r\nLastModified: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[2])) + "\r\nBlob Metdata (Size in Bytes): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[3])) +
"\r\nBlob Metdata (MD5): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[4])) + "\r\nSHA512 Signature: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[5])) +
"\r\nBlob Metdata (ContentType): " + XmlConvert.DecodeName((Parsed_CurrentBlobData[6])) + "\r\nAnonymous Access Enabled: " + XmlConvert.DecodeName((Parsed_CurrentBlobData[7]))));
}
}