/// <summary>
/// Get all incident relations and entities under an incident
/// </summary>
/// <param name="incidentId"></param>
/// <param name="entityKind"></param>
/// <param name="allKind"></param>
/// <returns></returns>
public async Task GetIncidentRelationsAndEntities(string incidentId, EntityKind entityKind, bool allKind, int insId)
{
try
{
var url = $"{azureConfigs[insId].BaseUrl}/incidents/{incidentId}/relations?api-version={azureConfigs[insId].PreviewApiVersion}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
await authenticationService.AuthenticateRequest(request, insId);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
string res = await response.Content.ReadAsStringAsync();
JObject result = JsonConvert.DeserializeObject <JObject>(res);
var values = result["value"] as JArray;
if (values == null)
{
values = new JArray();
}
int callTimes = 1;
while (result.ContainsKey("nextLink") && callTimes < 100)
{
try
{
var nextLink = result["nextLink"].ToString();
request = new HttpRequestMessage(HttpMethod.Get, nextLink);
await authenticationService.AuthenticateRequest(request, insId);
var nextResponse = await http.SendAsync(request);
if (nextResponse.IsSuccessStatusCode)
{
var newRes = await nextResponse.Content.ReadAsStringAsync();
JObject newResult = JsonConvert.DeserializeObject <JObject>(newRes);
result = newResult;
var newValues = result["value"] as JArray;
if (newValues == null)
{
newValues = new JArray();
}
foreach (var v in newValues)
{
values.Add(v);
}
callTimes++;
}
else
{
var err = await response.Content.ReadAsStringAsync();
Console.WriteLine("Error calling the nextLink: \n" + err);
break;
}
}
catch (Exception ex)
{
Console.WriteLine("Error in parsing nextLink: \n" + ex.Message);
break;
}
}
var resources = new JArray();
foreach (JToken value in values)
{
var properties = value["properties"];
var relatedResourceId = properties != null ? properties["relatedResourceId"] : null;
var resourceDataStr = string.Empty;
if (relatedResourceId != null)
{
var resourceType = properties["relatedResourceType"].ToString();
if (resourceType == "Microsoft.SecurityInsights/bookmarks" && (allKind || entityKind == EntityKind.Bookmark))
{
var resourceUrl = $"{Domain}{relatedResourceId}?api-version={azureConfigs[insId].ApiVersion}";
var resourcerequest = new HttpRequestMessage(HttpMethod.Get, resourceUrl);
await authenticationService.AuthenticateRequest(resourcerequest, insId);
var resourceHttp = new HttpClient();
var resourceRes = await resourceHttp.SendAsync(resourcerequest);
if (resourceRes.IsSuccessStatusCode)
{
resourceDataStr = await resourceRes.Content.ReadAsStringAsync();
}
}
else if (resourceType == "Microsoft.SecurityInsights/entities")
{
var resourceUrl = $"{Domain}{relatedResourceId}/expand?api-version={azureConfigs[insId].PreviewApiVersion}";
var resourceKind = properties["relatedResourceKind"].ToString();
var expansionId = GetExpansionId(resourceKind);
var payload = new RelationEntityPayload
{
ExpansionId = expansionId
};
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore,
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var resourcerequest = new HttpRequestMessage(HttpMethod.Post, resourceUrl)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await authenticationService.AuthenticateRequest(resourcerequest, insId);
var resourceHttp = new HttpClient();
var resourceRes = await resourceHttp.SendAsync(resourcerequest);
if (resourceRes.IsSuccessStatusCode)
{
resourceDataStr = await resourceRes.Content.ReadAsStringAsync();
}
}
if (resourceDataStr != string.Empty)
{
JObject resourceData = JsonConvert.DeserializeObject <JObject>(resourceDataStr);
if (resourceType == "Microsoft.SecurityInsights/bookmarks" && allKind)
{
resources.Add(resourceData);
}
else
{
var resourceValue = resourceData["value"];
var entities = resourceValue != null ? resourceValue["entities"] : null;
if (entities != null)
{
foreach (var entity in entities)
{
if (allKind || entity["kind"].ToString() == entityKind.ToString())
{
resources.Add(entity);
}
}
}
}
}
}
}
Utils.WriteJsonStringToFile($"GetIncidentRelations_{azureConfigs[insId].InstanceName}.json",
cliMode, JsonConvert.SerializeObject(values, Formatting.Indented), false);
Console.WriteLine(JsonConvert.SerializeObject(values, Formatting.Indented));
Console.WriteLine(Utils.GetString("Related_Entities"));
var serializedResources = JsonConvert.SerializeObject(resources, Formatting.Indented);
Console.WriteLine(serializedResources);
var fileNamePrefix = allKind ? "GetEntitiesforIncident" : $"GetIncidentEntitiesbyEntityType_{entityKind.ToString()}";
Utils.WriteJsonStringToFile($"{fileNamePrefix}_{azureConfigs[insId].InstanceName}.json", cliMode,
serializedResources, false);
return;
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
/// <summary>
/// Get an incident relation by id
/// </summary>
/// <param name="incidentId"></param>
/// <param name="relationId"></param>
/// <returns></returns>
public async Task GetIncidentRelationByName(string incidentId, string relationId, int insId)
{
try
{
var url = $"{azureConfigs[insId].BaseUrl}/incidents/{incidentId}/relations/{relationId}?api-version={azureConfigs[insId].PreviewApiVersion}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
await authenticationService.AuthenticateRequest(request, insId);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
string res = await response.Content.ReadAsStringAsync();
JObject value = JsonConvert.DeserializeObject <JObject>(res);
Console.WriteLine(JsonConvert.SerializeObject(value, Formatting.Indented));
var resources = new JObject();
resources.Add("incidentRelationId", relationId);
var properties = value["properties"];
var relatedResourceId = properties != null ? properties["relatedResourceId"] : null;
var resourceDataStr = string.Empty;
if (relatedResourceId != null)
{
var resourceType = properties["relatedResourceType"].ToString();
if (resourceType == "Microsoft.SecurityInsights/bookmarks")
{
var resourceUrl = $"{Domain}{relatedResourceId}?api-version={azureConfigs[insId].ApiVersion}";
var resourcerequest = new HttpRequestMessage(HttpMethod.Get, resourceUrl);
await authenticationService.AuthenticateRequest(resourcerequest, insId);
var resourceHttp = new HttpClient();
var resourceRes = await resourceHttp.SendAsync(resourcerequest);
if (resourceRes.IsSuccessStatusCode)
{
resourceDataStr = await resourceRes.Content.ReadAsStringAsync();
}
}
else if (resourceType == "Microsoft.SecurityInsights/entities")
{
var resourceUrl = $"{Domain}{relatedResourceId}/expand?api-version={azureConfigs[insId].PreviewApiVersion}";
var resourceKind = properties["relatedResourceKind"].ToString();
var expansionId = GetExpansionId(resourceKind);
var payload = new RelationEntityPayload
{
ExpansionId = expansionId
};
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore,
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var resourcerequest = new HttpRequestMessage(HttpMethod.Post, resourceUrl)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await authenticationService.AuthenticateRequest(resourcerequest, insId);
var resourceHttp = new HttpClient();
var resourceRes = await resourceHttp.SendAsync(resourcerequest);
if (resourceRes.IsSuccessStatusCode)
{
resourceDataStr = await resourceRes.Content.ReadAsStringAsync();
}
}
if (resourceDataStr != string.Empty)
{
JObject resourceData = JsonConvert.DeserializeObject <JObject>(resourceDataStr);
resources.Merge(resourceData);
}
}
Console.WriteLine("related resources:");
var serializedResources = JsonConvert.SerializeObject(resources, Formatting.Indented);
Console.WriteLine(serializedResources);
Utils.WriteJsonStringToFile($"GetIncidentRelationByNameResources_{azureConfigs[insId].InstanceName}.json",
cliMode, serializedResources, false);
return;
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}