public static void InsertEventToDB(FidoReturnValues lFidoReturnValues) { var iKeepAlive = Object_Fido_Configs.GetAsInt("fido.application.unnownkeepalive", 0); var db = new SqLiteDB(); var data = new Dictionary<String, String> { {"timer", iKeepAlive.ToString(CultureInfo.InvariantCulture)}, {"ip_address", lFidoReturnValues.SrcIP}, {"hostname", lFidoReturnValues.Hostname.ToLower()}, {"timestamp", Convert.ToDateTime(lFidoReturnValues.TimeOccurred).ToString(CultureInfo.InvariantCulture)}, {"previous_score", lFidoReturnValues.TotalScore.ToString(CultureInfo.InvariantCulture)}, {"alert_id", lFidoReturnValues.AlertID} }; try { //insert event to primary alert table db.Insert("event_alerts", data); const string eventAlerts = @"select count() from event_alerts"; var newRow = db.ExecuteScalar(eventAlerts); //if there is threat data then insert otherwise //todo: figure out a better way to find out if a detector is empty if (lFidoReturnValues.Bit9 != null | lFidoReturnValues.Antivirus != null | lFidoReturnValues.FireEye != null | lFidoReturnValues.Cyphort != null | lFidoReturnValues.ProtectWise != null | lFidoReturnValues.PaloAlto != null) { UpdateThreatToDB(lFidoReturnValues, newRow); } //if there is machine data then insert otherwise if ((lFidoReturnValues.Landesk != null) | (lFidoReturnValues.Jamf != null)) { UpdateMachineToDB(lFidoReturnValues, newRow); } //if there is user data then insert otherwise if (lFidoReturnValues.UserInfo != null) { UpdateUserToDB(lFidoReturnValues, newRow); } //if there is detailed threat data insert //if there is histiorical url data insert UpdateHistoricalURLInfo(lFidoReturnValues); UpdateHistoricalHashInfo(lFidoReturnValues); UpdateHistoricalIPInfo(lFidoReturnValues); } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in insert of event alert to fidodb:" + e); } }
public static void InsertEventToDB(FidoReturnValues lFidoReturnValues) { var iKeepAlive = Object_Fido_Configs.GetAsInt("fido.application.unnownkeepalive", 0); var db = new SqLiteDB(); var data = new Dictionary <String, String> { { "timer", iKeepAlive.ToString(CultureInfo.InvariantCulture) }, { "ip_address", lFidoReturnValues.SrcIP }, { "hostname", lFidoReturnValues.Hostname.ToLower() }, { "timestamp", Convert.ToDateTime(lFidoReturnValues.TimeOccurred).ToString(CultureInfo.InvariantCulture) }, { "previous_score", lFidoReturnValues.TotalScore.ToString(CultureInfo.InvariantCulture) }, { "alert_id", lFidoReturnValues.AlertID } }; try { //insert event to primary alert table db.Insert("event_alerts", data); const string eventAlerts = @"select count() from event_alerts"; var newRow = db.ExecuteScalar(eventAlerts); //if there is threat data then insert otherwise //todo: figure out a better way to find out if a detector is empty if (lFidoReturnValues.Bit9 != null | lFidoReturnValues.Antivirus != null | lFidoReturnValues.FireEye != null | lFidoReturnValues.Cyphort != null | lFidoReturnValues.ProtectWise != null | lFidoReturnValues.PaloAlto != null) { UpdateThreatToDB(lFidoReturnValues, newRow); } //if there is machine data then insert otherwise if ((lFidoReturnValues.Landesk != null) | (lFidoReturnValues.Jamf != null)) { UpdateMachineToDB(lFidoReturnValues, newRow); } //if there is user data then insert otherwise if (lFidoReturnValues.UserInfo != null) { UpdateUserToDB(lFidoReturnValues, newRow); } //if there is detailed threat data insert //if there is histiorical url data insert UpdateHistoricalURLInfo(lFidoReturnValues); UpdateHistoricalHashInfo(lFidoReturnValues); UpdateHistoricalIPInfo(lFidoReturnValues); } catch (Exception e) { Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught in insert of event alert to fidodb:" + e); } }
private static void InsertHistoricalThreatToDB(HistorialThreatData threatData) { var db = new SqLiteDB(); var data = new Dictionary <String, String> { { threatData.SDB, threatData.InValue }, { "timedate", threatData.When } }; var sdb = @"previous_threat_" + threatData.SDB; //db.Insert("previous_threat_url", data); db.Insert(sdb, data); }
private static void InsertHistoricalThreatToDB(string sdb, string invalue, string timedate) { var db = new SqLiteDB(); var data = new Dictionary <String, String> { { sdb, invalue }, { "timedate", timedate } }; sdb = @"previous_threat_" + sdb; //db.Insert("previous_threat_url", data); db.Insert(sdb, data); }
private static void InsertHistoricalThreatToDB(string sdb, string invalue, string timedate) { var db = new SqLiteDB(); var data = new Dictionary<String, String> { { sdb, invalue }, { "timedate", timedate} }; sdb = @"previous_threat_" + sdb; //db.Insert("previous_threat_url", data); db.Insert(sdb, data); }