/// <summary>
/// Sends info about a process event to the server, returns true on having successful informed the server
/// </summary>
/// <param name="processEvent"></param>
/// <returns></returns>
public static bool PostProcessEvent(ProcessEvent processEvent, Executable executable)
{
ProcessEventPost processEventPost = new ProcessEventPost();
processEventPost.TimeOfEvent = Helpers.ConvertToUnixTime(processEvent.EventTime);
processEventPost.Type = (Int32)processEvent.State;
processEventPost.PID = processEvent.Pid;
processEventPost.PPID = processEvent.Ppid;
processEventPost.Path = executable.Path;
processEventPost.CommandLine = processEvent.CommandLine;
processEventPost.Md5 = Helpers.ByteArrayToHexString(executable.Md5);
processEventPost.Sha1 = Helpers.ByteArrayToHexString(executable.Sha1);
processEventPost.Sha256 = Helpers.ByteArrayToHexString(executable.Sha256);
processEventPost.Size = (int)(new System.IO.FileInfo(executable.Path).Length);
processEventPost.IsSigned = executable.Signed;
string postMessage = Helpers.SerializeToJson(processEventPost, typeof(ProcessEventPost));
string response = Beacon.PostToServer(postMessage, "/api/v1/ProcessEvent");
if (response == "")
{
// Remote server could not be reached or encountered an error
return(false);
}
ProcessEventResponse processEventResponse = (ProcessEventResponse)Helpers.DeserializeFromJson(response, typeof(ProcessEventResponse));
return(true);
}
/// <summary>
/// Posts a heartbeat to the server, just letting it know we're alive and giving the server a chance to task it
/// </summary>
/// <returns></returns>
public static dynamic PostHeartbeatEvent()
{
HeartbeatEventPost eventPost = new HeartbeatEventPost();
string postMessage = Helpers.SerializeToJson(eventPost, typeof(HeartbeatEventPost));
string response = Beacon.PostToServer(postMessage, "/api/v1/Heartbeat");
return(Json.Decode(response));
}
/// <summary>
/// Register this agent with the server. Receives new System UUID.
/// </summary>
/// <returns>True when we've received a new System UUID</returns>
public static bool RegisterWithServer()
{
Log.Info("Registering with the server");
// Register yourself in order to get a System GUID
RegistrationEventPost registration = new RegistrationEventPost();
registration.CustomerUUID = SRSvc.conf.GroupUUID;
registration.AgentVersion = SRSvc.conf.Version;
registration.OSHumanName = GetOSFriendlyName();
registration.OSVersion = Environment.OSVersion.ToString();
registration.Arch = (Environment.Is64BitOperatingSystem ? "64-bit" : "32-bit");
registration.MachineName = Environment.MachineName;
ManufacturerData md = GetManufacturerData();
registration.Manufacturer = md.Manufacturer;
registration.Model = md.Model;
registration.MachineGUID = GetWindowsMachineGUID();
string postMessage = Helpers.SerializeToJson(registration, typeof(RegistrationEventPost));
string response = Beacon.PostToServer(postMessage, "/api/v1/Register");
if (response == "")
{
// Likely we were unable to contact the server
return(false);
}
dynamic serverMsg = Json.Decode(response);
if (serverMsg.Command == "SetSystemUUID")
{
Command.SetSystemUUID(serverMsg);
}
else
{
throw new Exception("Registration response command not in correct format");
}
return(true);
}
public static bool PostCatalogFile(CatalogFile catalogFile)
{
CatalogFilePost catalogFilePost = new CatalogFilePost();
catalogFilePost.TimeOfEvent = Helpers.ConvertToUnixTime(catalogFile.FirstAccessTime);
catalogFilePost.Path = catalogFile.FilePath;
catalogFilePost.Size = catalogFile.Size;
catalogFilePost.Sha256 = Helpers.ByteArrayToHexString(catalogFile.Sha256);
string postMessage = Helpers.SerializeToJson(catalogFilePost, typeof(CatalogFilePost));
string response = Beacon.PostToServer(postMessage, "/api/v1/CatalogFileEvent");
if (response == "")
{
// Remote server could not be reached or encountered an error
return(false);
}
CatalogFileResponse processEventResponse = (CatalogFileResponse)Helpers.DeserializeFromJson(response, typeof(CatalogFileResponse));
return(true);
}
