private void StartEtwListenerInstances()
{
// Get the current Sentinel config
string configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"];
bool useEventIngest = false;
GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001);
string textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}"));
SentinelApiConfig sentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig);
List <EtwListener> etwListeners = new List <EtwListener>();
// Add custom local functions to Rx.Kql
ScalarFunctionFactory.AddFunctions(typeof(LogAnalyticsOdsApiHarness));
string etwConfigurationFile = "EtwConfig-DNS-TCP.json";
GlobalLog.WriteToStringBuilderLog($"Loading ETW config [{etwConfigurationFile}].", 14001);
string textOfEtwConfigurationFile = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{etwConfigurationFile}"));
List <EtwListenerConfig> listEtwListenerConfigs = JsonConvert.DeserializeObject <List <EtwListenerConfig> >(textOfEtwConfigurationFile);
foreach (EtwListenerConfig config in listEtwListenerConfigs)
{
etwListeners.Add(new EtwListener(sentinelApiConfig, config, useEventIngest));
}
// Wait for the process to end
Thread.Sleep(Timeout.Infinite);
}
public SyslogToAzureBlob(SentinelApiConfig sentinelApiConfig, string azureStorageConnectionString)
{
SentinelApiConfig = sentinelApiConfig;
AzureStorageConnectionString = azureStorageConnectionString;
SyslogToAzureBlobHelpers = new Dictionary <string, SyslogToAzureBlobHelper>();
}
public EtwListener(SentinelApiConfig sentinelApiConfig, EtwListenerConfig etwListenerConfig,
bool useEventIngest)
{
EtwListenerConfig = etwListenerConfig;
SentinelApiConfig = sentinelApiConfig;
UseEventIngest = useEventIngest;
// Initialize on the first heartbeat after the HostBuilder loads all configs
if (syntheticCounterManager == null && SentinelApiConfig.SloMetricsConfiguration != null)
{
// Set up the SLO metrics logging mechanism
var sloMetricsConfiguration = new GenevaMdmConfiguration
{
MetricsNamespace = SentinelApiConfig.SloMetricsConfiguration.MetricsNamespace,
MetricsAccount = SentinelApiConfig.SloMetricsConfiguration.MetricsAccount,
LocationId = SentinelApiConfig.SloMetricsConfiguration.LocationId,
MinimumValue = SentinelApiConfig.SloMetricsConfiguration.MinimumValue,
BucketSize = SentinelApiConfig.SloMetricsConfiguration.BucketSize,
BucketCount = SentinelApiConfig.SloMetricsConfiguration.BucketCount
};
syntheticCounterManager = new SyntheticCounterManager(sloMetricsConfiguration);
}
// Turn on the Provider, and listen
InitializeEtwListener();
}
public SyslogToSentinelProcessor(SentinelApiConfig sentinelApiConfig)
{
InvalidState = false;
SentinelApiConfig = sentinelApiConfig;
GlobalLog.WriteToStringBuilderLog("Loading sample Syslog XML [SampleCefRecords.txt].", 14001);
RawCefMessageList = new List <string>(File.ReadAllLines(Path.Combine(SentinelWorkspacePoc.GetExecutionPath(), $"SampleCefRecords.txt")));
}
public KeyVault(SentinelApiConfig sentinelApiConfig)
{
// configurationBase = new ConfigurationBase();
this.cacheSecretSetting = MemoizationExtensions.Memoize <string, string>(InternalGetSecret);
this.sentinelApiConfig = sentinelApiConfig;
this.authenticationCallbacks = new AuthenticationCallbacks(sentinelApiConfig);
}
public static async Task <bool> SendEventsToLogAnalytics(string events, SentinelApiConfig sentinelApiConfig, string workspaceKey)
{
await Task.Run(() =>
{
var datestring = DateTime.UtcNow.ToString("r");
var jsonBytes = Encoding.UTF8.GetBytes(events);
string stringToHash = "POST\n" + jsonBytes.Length + "\napplication/json\n" + "x-ms-date:" + datestring +
"\n/api/logs";
string hashedString = BuildSignature(stringToHash, workspaceKey);
string signature = "SharedKey " + sentinelApiConfig.WorkspaceId + ":" + hashedString;
PostData(signature, datestring, events, sentinelApiConfig);
});
return(true);
}
public AuthenticationCallbacks(SentinelApiConfig sentinelApiConfig)
{
this.sentinelApiConfig = sentinelApiConfig;
}
// Send a request to the POST API endpoint
private static async void PostData(string signature, string date, string we_json, SentinelApiConfig sentinelApiConfig)
{
try
{
await Task.Run(() =>
{
string url = "https://" + sentinelApiConfig.WorkspaceId + ".ods.opinsights.azure.com/api/logs?api-version=2016-04-01";
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Accept", "application/json");
client.DefaultRequestHeaders.Add("Log-Type", sentinelApiConfig.LogName);
client.DefaultRequestHeaders.Add("Authorization", signature);
client.DefaultRequestHeaders.Add("x-ms-date", date);
// client.DefaultRequestHeaders.Add("time-generated-field", TimeStampField);
HttpContent httpContent = new StringContent(we_json, Encoding.UTF8);
httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
Task <HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent);
HttpContent responseContent = response.Result.Content;
string result = responseContent.ReadAsStringAsync().Result;
// Console.WriteLine("Return Result: " + result);
});
}
catch (Exception excep)
{
Console.WriteLine("API Post Exception: " + excep.Message);
}
}
