Skip to content

Commit

Permalink
duplicated code
Browse files Browse the repository at this point in the history
  • Loading branch information
Richard Repp committed Jan 15, 2018
1 parent c8dac87 commit ce1bd1c
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 79 deletions.
4 changes: 2 additions & 2 deletions Director/Scoring/Matrix_Historical_Helper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ internal static FidoReturnValues HistoricalEvent(FidoReturnValues lFidoReturnVal
{
Console.WriteLine(@"Gathering historical information from FIDO DB.");
const string historicalQuery = "SELECT * FROM configs_historical_events";
var fidoTemp = GetPreviousAlerts(historicalQuery);
var fidoTemp = AlertHelper.GetPreviousAlerts(historicalQuery);
if (fidoTemp.Rows.Count <= 0) return lFidoReturnValues;
lFidoReturnValues.HistoricalEvent = FormatHistoricalEvents(fidoTemp);
var urlCount = new DataTable();
Expand All @@ -59,7 +59,7 @@ internal static FidoReturnValues HistoricalEvent(FidoReturnValues lFidoReturnVal
{
foreach (var url in lFidoReturnValues.Url)
{
urlCount = GetPreviousAlerts(lFidoReturnValues.HistoricalEvent.UrlQuery.Replace("%url%", url));
urlCount = AlertHelper.GetPreviousAlerts(lFidoReturnValues.HistoricalEvent.UrlQuery.Replace("%url%", url));
}
}

Expand Down
25 changes: 25 additions & 0 deletions Main/Detectors/AlertHelper.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace Fido_Main.Main.Detectors
{
static class AlertHelper
{
public static bool PreviousAlert(FidoReturnValues lFidoReturnValues, string event_id, string event_time)
{
var isRunDirector = false;
for (var j = 0; j < lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count; j++)
{
if (lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][6].ToString() != event_id) continue;
if (Convert.ToDateTime(event_time) == Convert.ToDateTime(lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][4].ToString()))
{
isRunDirector = true;
}
}
return isRunDirector;
}
}
}
16 changes: 1 addition & 15 deletions Main/Detectors/Detect_CarbonBlack.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ private static void ParseCarbonBlackAlert(Object_CarbonBlack_Alert_Class.CarbonB
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues, lFidoReturnValues.AlertID, lFidoReturnValues.TimeOccurred);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues, lFidoReturnValues.AlertID, lFidoReturnValues.TimeOccurred);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("EICAR")) continue;
//todo: build better filetype versus targetted OS, then remove this.
Expand Down Expand Up @@ -262,20 +262,6 @@ private static void CloseCarbonBlackAlert(FidoReturnValues lFidoReturnValues)
}
}

private static bool PreviousAlert(FidoReturnValues lFidoReturnValues, string event_id, string event_time)
{
var isRunDirector = false;
for (var j = 0; j < lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count; j++)
{
if (lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][6].ToString() != event_id) continue;
if (Convert.ToDateTime(event_time) == Convert.ToDateTime(lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][4].ToString()))
{
isRunDirector = true;
}
}
return isRunDirector;
}

private static Dictionary<string, string> GetDict(DataTable dt)
{
return dt.AsEnumerable()
Expand Down
19 changes: 3 additions & 16 deletions Main/Detectors/Detect_Cyphort_v2.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ private static void ParseCyphort(CyphortClass cyphortReturn)
//alert versus previous alerts.
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues);
}

//If the type of alert is a test alert then exit, or if the alert is has already been processed
Expand Down Expand Up @@ -170,7 +170,7 @@ private static void ParseCyphort(CyphortClass cyphortReturn)
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("VIRUS_EICAR_TEST_FILE.CY")) continue;
//todo: build better filetype versus targetted OS, then remove this.
Expand Down Expand Up @@ -214,7 +214,7 @@ private static void ParseCyphort(CyphortClass cyphortReturn)
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("VIRUS_EICAR_TEST_FILE.CY")) continue;
//todo: build better filetype versus targetted OS, then remove this.
Expand All @@ -230,19 +230,6 @@ private static void ParseCyphort(CyphortClass cyphortReturn)
}
}

private static bool PreviousAlert(FidoReturnValues lFidoReturnValues)
{
var isRunDirector = false;
for (var j = 0; j < lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count; j++)
{
if (lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][6].ToString() == lFidoReturnValues.AlertID)
{
isRunDirector = true;
}
}
return isRunDirector;
}

private static bool TargetOSFileType(string[] cyphortArray)
{
if (cyphortArray != null && cyphortArray.Any())
Expand Down
18 changes: 2 additions & 16 deletions Main/Detectors/Detect_Cyphort_v3.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ private static FidoReturnValues FormatDownloadReturnValues(FidoReturnValues lFid
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues, lFidoReturnValues.Cyphort.EventID, lFidoReturnValues.Cyphort.EventTime);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues, lFidoReturnValues.Cyphort.EventID, lFidoReturnValues.Cyphort.EventTime);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("EICAR")) continue;
//todo: build better filetype versus targetted OS, then remove this.
Expand All @@ -264,20 +264,6 @@ private static FidoReturnValues FormatDownloadReturnValues(FidoReturnValues lFid
return lFidoReturnValues;
}

private static bool PreviousAlert(FidoReturnValues lFidoReturnValues, string event_id, string event_time)
{
var isRunDirector = false;
for (var j = 0; j < lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count; j++)
{
if (lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][6].ToString() != event_id) continue;
if (Convert.ToDateTime(event_time) == Convert.ToDateTime(lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][4].ToString()))
{
isRunDirector = true;
}
}
return isRunDirector;
}

private static FidoReturnValues FormatInfectionReturnValues(FidoReturnValues lFidoReturnValues)
{
lFidoReturnValues.Cyphort.DstIP = lFidoReturnValues.Cyphort.IncidentDetails.Incident.Source_ip;
Expand All @@ -301,7 +287,7 @@ private static FidoReturnValues FormatInfectionReturnValues(FidoReturnValues lFi
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues, lFidoReturnValues.Cyphort.EventID, lFidoReturnValues.Cyphort.EventTime);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues, lFidoReturnValues.Cyphort.EventID, lFidoReturnValues.Cyphort.EventTime);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("EICAR")) continue;
//todo: build better filetype versus targetted OS, then remove this.
Expand Down
16 changes: 1 addition & 15 deletions Main/Detectors/Detect_PaloAlto.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ private static void ParsePan(Object_PaloAlto_Class.PanReturn panReturn)
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues, lFidoReturnValues.PaloAlto.EventID, lFidoReturnValues.PaloAlto.EventTime);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues, lFidoReturnValues.PaloAlto.EventID, lFidoReturnValues.PaloAlto.EventTime);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("EICAR")) continue;
//todo: build better filetype versus targetted OS, then remove this.
Expand All @@ -205,19 +205,5 @@ private static void ParsePan(Object_PaloAlto_Class.PanReturn panReturn)
}
}

private static bool PreviousAlert(FidoReturnValues lFidoReturnValues, string event_id, string event_time)
{
var isRunDirector = false;
for (var j = 0; j < lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count; j++)
{
if (lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][6].ToString() != event_id) continue;
if (Convert.ToDateTime(event_time) == Convert.ToDateTime(lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][4].ToString()))
{
isRunDirector = true;
}
}
return isRunDirector;
}

}
}
16 changes: 1 addition & 15 deletions Main/Detectors/Detect_Protectwise_v1.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ private static void ParseProtectWiseObservation(Object_ProtectWise_Threat_Config
lFidoReturnValues.PreviousAlerts = Matrix_Historical_Helper.GetPreviousMachineAlerts(lFidoReturnValues, false);
if (lFidoReturnValues.PreviousAlerts.Alerts != null && lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count > 0)
{
isRunDirector = PreviousAlert(lFidoReturnValues, lFidoReturnValues.ProtectWise.EventID, lFidoReturnValues.ProtectWise.EventTime);
isRunDirector = AlertHelper.PreviousAlert(lFidoReturnValues, lFidoReturnValues.ProtectWise.EventID, lFidoReturnValues.ProtectWise.EventTime);
}
if (isRunDirector || lFidoReturnValues.MalwareType.Contains("EICAR")) return;

Expand Down Expand Up @@ -276,20 +276,6 @@ private static FidoReturnValues FormatIdsReturnValues(FidoReturnValues lFidoRetu
return lFidoReturnValues;
}

private static bool PreviousAlert(FidoReturnValues lFidoReturnValues, string event_id, string event_time)
{
var isRunDirector = false;
for (var j = 0; j < lFidoReturnValues.PreviousAlerts.Alerts.Rows.Count; j++)
{
if (lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][6].ToString() != event_id) continue;
if (Convert.ToDateTime(event_time) == Convert.ToDateTime(lFidoReturnValues.PreviousAlerts.Alerts.Rows[j][4].ToString()))
{
isRunDirector = true;
}
}
return isRunDirector;
}

private static DateTime? FromEpochTime(string unixTime)
{
return new DateTime(1970, 1, 1, 0, 0, 0).AddMilliseconds(Convert.ToDouble(unixTime));
Expand Down

0 comments on commit ce1bd1c

Please sign in to comment.