-
Notifications
You must be signed in to change notification settings - Fork 10
/
Copy pathSlackSender.cs
128 lines (120 loc) · 4.87 KB
/
SlackSender.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Threading.Tasks;
using Microsoft.Extensions.Caching.Memory;
using JsonSerializer = System.Text.Json.JsonSerializer;
namespace Trapdoor
{
public class SlackSender : SenderBase
{
private readonly string country_flag_link;
private readonly string threat_intel_link;
private readonly string country_code_link;
private readonly HttpClient _client;
private readonly Storage<SessionLog> _storage;
private readonly IMemoryCache memoryCache;
private readonly Dictionary<string, string> paths;
private readonly Slack _sender;
public SlackSender(Storage<SessionLog> storage, Config config, IMemoryCache cache) : base(storage, config, cache)
{
_storage = storage;
_sender = new Slack(config);
country_flag_link = config.FlagIcon;
threat_intel_link = config.ThreatIntelLookup;
country_code_link = config.IpLookup;
paths = config.Paths;
_client = new HttpClient();
memoryCache = cache;
}
private async Task<(string, string)> GenerateAlert((string, Dictionary<string, dynamic>) res, string sourceIp)
{
var ipLinks = new List<string>();
var sessionLinks = new List<string>();
try
{
if (!string.IsNullOrEmpty(res.Item1))
{
var sessionLogs = await GetLogs(res.Item1);
if (sessionLogs.Any())
{
sessionLinks = sessionLogs;
res.Item2["Session ID Hits"] = sessionLogs.Count;
}
}
var ipLogs = await GetLogs(sourceIp);
if (ipLogs.Any())
{
ipLinks = ipLogs;
res.Item2["IP Hits"] = ipLogs.Count;
}
}
catch (Exception e)
{
Console.WriteLine($"Error getting logs : {e.Message}");
}
return (
res.Item1,
JsonSerializer.Serialize(new List<dynamic>
{
new
{
title = sourceIp,
title_link = threat_intel_link.Replace("{IP}", sourceIp),
color = "danger",
text = "",
footer = "Trapdoor by 3CORESec",
thumb_url = country_flag_link.Replace("{CC}", await GetCountryCode(sourceIp)),
fields = res.Item2
.Select(x => new {title = x.Key, value = x.Value, @short = true})
.Concat(new List<dynamic>{new {title = "Previous Session Logs: "}})
.Concat(sessionLinks.Select(x => new { value = x}))
.Concat(new List<dynamic>{new {title = "Previous IP Logs: "}})
.Concat(ipLinks.Select(x => new {value = x}))
}
}));
}
private async Task<string> GetCountryCode(string sourceIp)
{
try
{
var result = await _client.GetAsync(country_code_link.Replace("{IP}", sourceIp));
return (await result.Content.ReadAsStringAsync()).Replace("\n", "").ToLower();
}
catch (Exception)
{
return "";
}
}
private async Task<string> SendAlert(string path, (string, Dictionary<string, dynamic>) res, string sourceIp, string ts = null)
{
var _path = paths.ContainsKey(path) ? paths[path] : path;
var message = $"Trapdoor triggered in: {_path}";
var temp = await GenerateAlert(res, sourceIp);
if (!string.IsNullOrEmpty(ts))
return _sender.EditNotification(temp.Item2, message, ts);
return _sender.SendNotification(temp.Item2, message);
}
public override async Task<string> SendAlert((string, Dictionary<string, dynamic>) res, string sourceIp, string path, string guid)
{
string ts;
try
{
if (memoryCache.TryGetValue(path, out var temp))
{
ts = await SendAlert(path.Split("/")[1], res, sourceIp, temp.ToString());
return _sender.GenerateSlackLink(ts);
}
ts = await SendAlert(path.Split("/")[1], res, sourceIp);
memoryCache.Set(path + "/" + guid, ts, new TimeSpan(0, 1, 0));
return _sender.GenerateSlackLink(ts);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
throw;
}
}
}
}