/// <summary> /// Sends info about a process event to the server, returns true on having successful informed the server /// </summary> /// <param name="processEvent"></param> /// <returns></returns> public static bool PostProcessEvent(ProcessEvent processEvent, Executable executable) { ProcessEventPost processEventPost = new ProcessEventPost(); processEventPost.TimeOfEvent = Helpers.ConvertToUnixTime(processEvent.EventTime); processEventPost.Type = (Int32)processEvent.State; processEventPost.PID = processEvent.Pid; processEventPost.PPID = processEvent.Ppid; processEventPost.Path = executable.Path; processEventPost.CommandLine = processEvent.CommandLine; processEventPost.Md5 = Helpers.ByteArrayToHexString(executable.Md5); processEventPost.Sha1 = Helpers.ByteArrayToHexString(executable.Sha1); processEventPost.Sha256 = Helpers.ByteArrayToHexString(executable.Sha256); processEventPost.Size = (int)(new System.IO.FileInfo(executable.Path).Length); processEventPost.IsSigned = executable.Signed; string postMessage = Helpers.SerializeToJson(processEventPost, typeof(ProcessEventPost)); string response = Beacon.PostToServer(postMessage, "/api/v1/ProcessEvent"); if (response == "") { // Remote server could not be reached or encountered an error return(false); } ProcessEventResponse processEventResponse = (ProcessEventResponse)Helpers.DeserializeFromJson(response, typeof(ProcessEventResponse)); return(true); }
/// <summary> /// Posts a heartbeat to the server, just letting it know we're alive and giving the server a chance to task it /// </summary> /// <returns></returns> public static dynamic PostHeartbeatEvent() { HeartbeatEventPost eventPost = new HeartbeatEventPost(); string postMessage = Helpers.SerializeToJson(eventPost, typeof(HeartbeatEventPost)); string response = Beacon.PostToServer(postMessage, "/api/v1/Heartbeat"); return(Json.Decode(response)); }
/// <summary> /// Register this agent with the server. Receives new System UUID. /// </summary> /// <returns>True when we've received a new System UUID</returns> public static bool RegisterWithServer() { Log.Info("Registering with the server"); // Register yourself in order to get a System GUID RegistrationEventPost registration = new RegistrationEventPost(); registration.CustomerUUID = SRSvc.conf.GroupUUID; registration.AgentVersion = SRSvc.conf.Version; registration.OSHumanName = GetOSFriendlyName(); registration.OSVersion = Environment.OSVersion.ToString(); registration.Arch = (Environment.Is64BitOperatingSystem ? "64-bit" : "32-bit"); registration.MachineName = Environment.MachineName; ManufacturerData md = GetManufacturerData(); registration.Manufacturer = md.Manufacturer; registration.Model = md.Model; registration.MachineGUID = GetWindowsMachineGUID(); string postMessage = Helpers.SerializeToJson(registration, typeof(RegistrationEventPost)); string response = Beacon.PostToServer(postMessage, "/api/v1/Register"); if (response == "") { // Likely we were unable to contact the server return(false); } dynamic serverMsg = Json.Decode(response); if (serverMsg.Command == "SetSystemUUID") { Command.SetSystemUUID(serverMsg); } else { throw new Exception("Registration response command not in correct format"); } return(true); }
public static bool PostCatalogFile(CatalogFile catalogFile) { CatalogFilePost catalogFilePost = new CatalogFilePost(); catalogFilePost.TimeOfEvent = Helpers.ConvertToUnixTime(catalogFile.FirstAccessTime); catalogFilePost.Path = catalogFile.FilePath; catalogFilePost.Size = catalogFile.Size; catalogFilePost.Sha256 = Helpers.ByteArrayToHexString(catalogFile.Sha256); string postMessage = Helpers.SerializeToJson(catalogFilePost, typeof(CatalogFilePost)); string response = Beacon.PostToServer(postMessage, "/api/v1/CatalogFileEvent"); if (response == "") { // Remote server could not be reached or encountered an error return(false); } CatalogFileResponse processEventResponse = (CatalogFileResponse)Helpers.DeserializeFromJson(response, typeof(CatalogFileResponse)); return(true); }