From 834800cd5d0db3d5cca7d1cf3ffc0bbaa2d4a06a Mon Sep 17 00:00:00 2001 From: Tristan Waldear Date: Mon, 11 Apr 2016 19:11:36 -0700 Subject: [PATCH 1/2] base sqlite db --- fido.db | Bin 0 -> 98304 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 fido.db diff --git a/fido.db b/fido.db new file mode 100644 index 0000000000000000000000000000000000000000..37e84cc86aafa9a76ad46374425106498958e54a GIT binary patch literal 98304 zcmeI&&2QXj9S87noy;_zx1@P-+O%1xG@FE`6G9YL8&pc@&SsaUElpdZvLMSDKgpPS zY{xH2BeaKUDF?W7SZ;^|LJN0<(Ebao#0>#AP=&+^?mUlQCiaXonLQy{-%+D_p11h- zd7j7i<0p?FZEG%(_D#E`xYAl~G{tpXJ$;_-KlRrsY_2b zzqMVL&MdYlc(yJddc;1FT=K$|9z5ONUKTW~H?65S&E8a2ot}kFB+ZD`?oRS6cPFyC z$3#15y2;8tX@2dVR90Ox8a8QB31TPPNYC&aO3z}gwLIO`EM4nvEH&M4DeESnr@rsv3R(z7cBHAOULDX)Mb^T6}jW^5X95pz+ax-V>f?jkjmV3gY@Y z*OpVGV_n}JA4|K`H$qlokQiCH^P=3klovl*A2dqVVsD%*b)wBz3*yb2T>G{ksee_G zkDGK<==56C^>s86UsvWJp((bj?JEs83@;qF!qV;0y!hzmS>bg3B6+ndVeI8exggHX zaj)Y+cn+Zxk6s#Nc2r3@b(TKJS+jD6(uz%^Wntgb_3kv%Qnar5=jw@CDzT#2{p&1g zS+aX#CCacgt7#gE#D=$*{I0ntvg0P^_Oj4Y4CR1cygJjplO(%Z*QtbM<(`v{GJ4K| zF@)Fp&My#_)+%{%Yp#FS`8C5{W5?B(-!2x!`FZZg!PO(^rr`1zKQ5(oT2N|`ZVNBB zs^iLCmyO^$+}(X)`QR?qiEvp^iAx&vwi{;+%XVLHgND;4uxvIOo^2B~-U^)wnrYB$ z%yVMI)Au!<$Y-4%?R3vMEiEj)Q_73?=KJ?Rc)npD1mDUposojLu)w{ZkIns-(r9W1 z3A!QtBBb;~m^Da8G)>3tj>e3IK#5H{brJ-Y;x?MZksG$=vge)CfR}|RuSp*r($aPF zIG(H=(Z>WjS9HBg|46ny!_bU_uF@*mmyeRuXiszBO>f1|Nogna>76j|3VHGVLjUfH zDu?|Qel5NnDfrXo)zesqDLS!TC+M%>_+mz%?(-G4*vyfo!TXa!i&uy`5%8{abu?sqVW_)j`AnxvR?E}ASQ(6m7@W9qo ze@xL~J5ZtF^Ukuj-9bi)4;4O=cj6M3wBfw?@$OlJd!Q4RR|hJVf0esX5LZ^X*DDFJ zXaLdC7Oa^%34E$VCwq{nqr(0@JKmpBMm&u^d#LoT5l^D`K6YV=C+(ZMnw)R!>K`vr zXO9){+h!}Cs4L;qSv-;5Ta(ktI!?~6y?AjdWY9Ysy#+b0%`SuSOn*(d+LQ9t(-dK8 zlh2D!SI+D0$i_MC*-jE$a}Rx&D~OjbbL~Q`BZJ<%kkV!Gxzt(s#OG7zsj^HPUliWt zs(-J3R{cd)uimeIr8-vmPvwu5*Od<|%auy`-{n7*e^>r#SuKB1o-1>uf0aHj{l4_e z($7jx>3gMbl%!I=_@?;h;%CL*7C$N4#d=Ys4dMd<2tWV=5P$##AOL~?r@-USCOa+Ha*ph&>0~SP7h9HTyVGJa6qX(=DJQ1*m3aHX z+H-c2zZ;~gn(e>Ctg+WN!Rm`H`{pP3M?pSqU#G9x*jlj0f>F(e$F|k{lq=(rL{G83 z8<+TpK@*J=`o`FHYc1sk9c~WYN^@$iS=%S{Mc(x>{$6h>_R@+C)>^Q78|Al>W&Eo2 z&2@_$)7>fa_-ZxkFN;Ru*`%g84smOaw`UM{wh{%K%#B`DT`i~AwiIfk&Xl4d)S>bl z_lNaHk^fO}YG=)_fRw28EDhaM)YE;zuL->K#p(w0ZheG5{9^U|Q=Pfk6UXUg;97y- z4BG4jNvDctuw4?Q<6II0^T1f7Nats!3Nf4bo%D2VPl9}S3j zYmQEcMYo=8f7s1lh&nV;=8*2uwutGuZ*hD*_?7W|m%f3d?;vg0v)KBdZu;W`0SG_< z0uX=z1Rwwb2tWV=5P(321q2ow*8dsqVT1+&2tWV=5P$##AOHafKmY;|$mOvAk5K>t z2tWV=5P$##AOHafKmY;|$i4vf|Fhr6h!6r0fB*y_009U<00Izz00ba_{eO%B2tWV= z5P$##AOHafKmY;|fI#*Iu>Q|}A0t8tKmY;|fB*y_009U<00Izz0RH|TV*mmWfB*y_ z009U<00Izz00bbAeF5zMXTOgTAp{@*0SG_<0uX=z1Rwwb2tWY){}=-hfB*y_009U< z00Izz00bZaf$R%l|3CYEj0hnB0SG_<0uX=z1Rwwb2tWV=*#E~EfB*y_009U<00Izz z00bZa0SIJY0Q>*h?_)#=0SG_<0uX=z1Rwwb2tWV=5WxOF#sCB$009U<00Izz00bZa z0SG`K`vTbi&wd{xLI^+r0uX=z1Rwwb2tWV=5P$&o|1kz2009U<00Izz00bZa0SG_< z0@)Y9{(tuS7!g7M0uX=z1Rwwb2tWV=5P$##V*CG-RD=CYKm`I2fB*y_009U<00Izz z00bZafouuH*8kZG4ADRU0uX=z1Rwwb2tWV=5P$##AkY!O-~V?gZ~y@aKmY;|fB*y_ z009U<00I!mtN_;kneAEx1_1~_00Izz00bZa0SG_<0ubm3;P3xC6gYqY1Rwwb2tWV= z5P$##AOHafWLALf|8vy`Irn5X~GFZ8dZSz#S| Xz^Z80c{Q4f(+unQhpZMmm|yrGXP$uP literal 0 HcmV?d00001 From 43076a74c7b78012fadd996cc3eeb663cf2c4b12 Mon Sep 17 00:00:00 2001 From: Tristan Waldear Date: Tue, 12 Apr 2016 10:45:36 -0700 Subject: [PATCH 2/2] sqlite schema / db files --- fido_db_schema.sql | 167 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 fido_db_schema.sql diff --git a/fido_db_schema.sql b/fido_db_schema.sql new file mode 100644 index 0000000..e850944 --- /dev/null +++ b/fido_db_schema.sql @@ -0,0 +1,167 @@ +/* create tables */ +CREATE TABLE config( +key text NOT NULL, +value text NOT NULL +); +CREATE TABLE configs_detectors( +primkey int PRIMARY KEY NOT NULL, +detectortype text NULL, +detector text NULL, +vendor text NULL, +server text NULL, +folder text NULL, +file text NULL, +EmailFrom text NULL, +lastevent text NULL, +userid text NULL, +pwd text NULL, +db text NULL, +connectionstring text NULL, +query1 text NULL, +query2 text NULL +); +CREATE TABLE configs_threatfeed_threatgrid_scoring( +primkey int PRIMARY KEY NOT NULL, +feed_weight text NULL +); +CREATE TABLE configs_threatfeed_virustotal( +key text NULL, +value text NULL +); +CREATE TABLE event_alerts( +primkey int PRIMARY KEY NOT NULL, +timer text NULL, +ip_address text NULL, +hostname text NULL, +timestamp text NULL, +previous_score text NULL, +alert_id text NULL, +detector text NULL, +threat_ip text NULL +); +CREATE TABLE event_machine( +primkey int PRIMARY KEY NOT NULL, +hostname text NULL, +os text NULL, +domain text NULL, +patches_critical text NULL, +patches_high text NULL, +patches_low text NULL, +av_installed text NULL, +av_running text NULL, +av_def_ver text NULL, +bit9_installed text NULL, +bit9_running text NULL, +machine_score text NULL +); +CREATE TABLE event_threat( +primkey int PRIMARY KEY NOT NULL, +threat_dst_ip text NULL, +threat_name text NULL, +threat_score text NULL, +detector text NULL, +threat_url text NULL, +threat_hash text NULL, +time_occurred text NULL, +action_taken text NULL, +file_name text NULL, +threat_status text NULL +); +CREATE TABLE event_user( +primkey int PRIMARY KEY NOT NULL, +username text NULL, +fullname text NULL, +email text NULL, +title text NULL, +dept text NULL, +emp_type text NULL, +emp_phone text NULL, +cube text NULL, +city_state text NULL, +manager text NULL, +manager_title text NULL, +manager_email text NULL, +manager_phone text NULL, +user_score text NULL +); +CREATE TABLE event_whitelist( +primkey int PRIMARY KEY NOT NULL, +artifact text NOT NULL +); +CREATE TABLE previous_threat_hash( +primkey int PRIMARY KEY NOT NULL, +hash text NULL, +timedate text NULL +); +CREATE TABLE previous_threat_ip( +primkey int PRIMARY KEY NOT NULL, +ip text NULL, +timedate text NULL +); +CREATE TABLE previous_threat_url( +primkey int PRIMARY KEY NOT NULL, +url text NULL, +timedate text NULL +); +CREATE TABLE configs_historical_events( +url_query text NULL, +ip_query text NULL, +hash_query text NULL, +url_score int NULL, +ip_score int NULL, +hash_score int NULL, +url_weight int NULL, +ip_weight int NULL, +hash_weight int NULL, +url_incrementer int NULL, +ip_incrementer int NULL, +hash_incrementer int NULL, +url_multiplier int NULL, +ip_multiplier int NULL, +hash_multiplier int NULL +); + +/* insert config table keys */ +insert into config (key,value) values ('fido.application.teststartup', ''); +insert into config (key,value) values ('fido.application.sqltimeout', ''); +insert into config (key,value) values ('fido.application.sleepiteration', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.regularweight', ''); +insert into config (key,value) values ('fido.application.detectors', ''); +insert into config (key,value) values ('fido.email.nonalertemail', ''); +insert into config (key,value) values ('fido.director.runinventory', ''); +insert into config (key,value) values ('fido.director.virustotal', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.detecteddownloadscore', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.detecteddownloadweight', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.detecteddownloadmultiplier', ''); +insert into config (key,value) values ('fido.director.assetscore', ''); +insert into config (key,value) values ('fido.posture.asset.paired', ''); +insert into config (key,value) values ('fido.posture.asset.hostname', ''); +insert into config (key,value) values ('fido.posture.asset.subnet', ''); +insert into config (key,value) values ('fido.cyphort.fetch_timewindow', ''); +insert into config (key,value) values ('fido.cyphort.max.severity.value', ''); +insert into config (key,value) values ('fido.cyphort.max.results.to.fetch', ''); +insert into config (key,value) values ('fido.application.fidodb', ''); +insert into config (key,value) values ('fido.application.fidodocumentation', ''); +insert into config (key,value) values ('fido.director.hostdetection', ''); +insert into config (key,value) values ('fido.email.vendor', ''); +insert into config (key,value) values ('fido.email.imapserver', ''); +insert into config (key,value) values ('fido.email.imapport', ''); +insert into config (key,value) values ('fido.email.smtpsvr', ''); +insert into config (key,value) values ('fido.email.fidopwd', ''); +insert into config (key,value) values ('fido.email.fidoacek', ''); +insert into config (key,value) values ('fido.email.fidoemail', ''); +insert into config (key,value) values ('fido.email.primaryemail', ''); +insert into config (key,value) values ('fido.email.secondaryemail', ''); +insert into config (key,value) values ('fido.email.erroremail', ''); +insert into config (key,value) values ('fido.email.runerroremail', ''); +insert into config (key,value) values ('fido.ldap.basedn', ''); +insert into config (key,value) values ('fido.ldap.userid', ''); +insert into config (key,value) values ('fido.ldap.pwd', ''); +insert into config (key,value) values ('fido.ldap.acek', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.apikey', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.trojanscore', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.trojanweight', ''); +insert into config (key,value) values ('fido.securityfeed.virustotal.regularscore', ''); + +/* insert historical_events table data */ +insert into configs_historical_events (url_query,ip_query,hash_query,url_score,ip_score,hash_score,url_weight,ip_weight,hash_weight,url_incrementer) values ('SELECT * FROM previous_threat_url WHERE url = '%url%'','SELECT * FROM previous_threat_ip WHERE ip = '%ip%'','SELECT * FROM previous_threat_hash WHERE hash = '%hash%'','1','1','1','1','1','1','1'); \ No newline at end of file