Esempio n. 1
0
        public async Task Run(string[] args)
        {
            while (true)
            {
                PrintMenu();

                Console.Write("Option: ");
                var option = Console.ReadLine();

                var valid = int.TryParse(option, out var index);
                valid = valid && index > 0 && index < 29;
                if (!valid)
                {
                    Console.WriteLine("Invalid option... please, press enter to continue...");
                    Console.ReadLine();
                    continue;
                }

                var response = "";
                var input    = "";
                try
                {
                    switch (index)
                    {
                    case 1:
                    {
                        Console.WriteLine("Enter Alert rule name");
                        input    = Console.ReadLine();
                        response = await _actionsController.CreateAction(input);

                        break;
                    }

                    case 2:
                    {
                        Console.WriteLine("Enter Alert rule name");
                        input    = Console.ReadLine();
                        response = await _actionsController.DeleteAction(input);

                        break;
                    }

                    case 3:
                    {
                        Console.WriteLine("Enter Alert rule name");
                        input    = Console.ReadLine();
                        response = await _actionsController.GetActionById(input);

                        break;
                    }

                    case 4:
                    {
                        Console.WriteLine("Enter Alert rule name");
                        input    = Console.ReadLine();
                        response = await _actionsController.GetActionsByRule(input);

                        break;
                    }

                    case 5:
                    {
                        Console.WriteLine("Enter template name");
                        input    = Console.ReadLine();
                        response = await _alertRuleTemplatesController.GetAlertRuleTemplateById(input);

                        break;
                    }

                    case 6:
                    {
                        response = await _alertRuleTemplatesController.GetAlertRuleTemplates();

                        break;
                    }

                    case 7:
                    {
                        Console.WriteLine("Enter alert rule template name");
                        input    = Console.ReadLine();
                        response = await _alertRulesController.CreateFusionAlertRule(input);

                        break;
                    }

                    case 8:
                    {
                        Console.WriteLine("Enter rule name");
                        input    = Console.ReadLine();
                        response = await _alertRulesController.CreateMicrosoftSecurityIncidentCreationAlertRule(input);

                        break;
                    }

                    case 9:
                    {
                        response = await _alertRulesController.CreateScheduledAlertRule();

                        break;
                    }

                    case 10:
                    {
                        response = await _alertRulesController.DeleteAlertRule();

                        break;
                    }

                    case 11:
                    {
                        response = await _alertRulesController.GetAlertRules();

                        break;
                    }

                    case 12:
                    {
                        response = await _alertRulesController.GetFusionAlertRule();

                        break;
                    }

                    case 13:
                    {
                        response = await _alertRulesController.GetMicrosoftSecurityIdentityCreationAlertRule();

                        break;
                    }

                    case 14:
                    {
                        response = await _alertRulesController.GetScheduledAlertRule();

                        break;
                    }

                    case 15:
                    {
                        response = await _bookmarksController.CreateBookmark();

                        break;
                    }

                    case 16:
                    {
                        response = await _bookmarksController.DeleteBookmark();

                        break;
                    }

                    case 17:
                    {
                        response = await _bookmarksController.GetBookmarkById();

                        break;
                    }

                    case 18:
                    {
                        response = await _bookmarksController.GetBookmarks();

                        break;
                    }

                    case 19:
                    {
                        response = await _dataConnectorsController.GetDataConnectors();

                        break;
                    }

                    case 20:
                    {
                        response = await _dataConnectorsController.DeleteDataConnector();

                        break;
                    }

                    case 21:
                    {
                        response = await _dataConnectorsController.CreateDataConnector();

                        break;
                    }

                    case 22:
                    {
                        Console.WriteLine("Enter Severity option \n 0 High \n 1 Medium \n 2 Low \n 3 Informational");
                        input = Console.ReadLine();
                        Severity severity = (Severity)Convert.ToInt32(input);

                        Console.WriteLine("Enter Incident status \n 0 New \n 1 Active \n 2 Close");
                        input = Console.ReadLine();
                        IncidentStatus status = (IncidentStatus)Convert.ToInt32(input);

                        Console.WriteLine("Enter Incident name");
                        var title = Console.ReadLine();

                        var payload = new IncidentPayload
                        {
                            PropertiesPayload = new IncidentPropertiesPayload
                            {
                                Severity = severity,
                                Status   = status,
                                Title    = title
                            }
                        };

                        response = await _incidentsController.CreateIncident(payload, title);

                        break;
                    }

                    case 23:
                    {
                        response = await _incidentsController.DeleteIncident();

                        break;
                    }

                    case 24:
                    {
                        response = await _incidentsController.GetIncidentById();

                        break;
                    }

                    case 25:
                    {
                        response = await _incidentsController.GetIncidents();

                        break;
                    }

                    case 26:
                    {
                        response = await _incidentsController.CreateIncidentComment();

                        break;
                    }

                    case 27:
                    {
                        response = await _incidentsController.GetAllIncidentComments();

                        break;
                    }

                    case 28:
                    {
                        response = await _incidentsController.GetIncidentCommentById();

                        break;
                    }
                    }

                    Console.WriteLine(JToken.Parse(response).ToString(Formatting.Indented));
                }
                catch (JsonReaderException exception)
                {
                    if (string.IsNullOrEmpty(response))
                    {
                        Console.WriteLine("Deleted");
                        Console.WriteLine("Enter to continue");
                        Console.ReadLine();
                        continue;
                    }

                    Console.WriteLine(response);
                }

                catch (Exception exception)
                {
                    var currentColor = Console.ForegroundColor;
                    Console.ForegroundColor = ConsoleColor.Red;
                    await Console.Error.WriteLineAsync(exception.Message);

                    Console.ForegroundColor = currentColor;
                }

                Console.WriteLine();
                Console.WriteLine("Enter to continue");
                Console.ReadLine();
            }
        }
Esempio n. 2
0
        public async Task RunCommands(bool cliMode, int index, string[] args, int insId = 0)
        {
            string response = "";

            try
            {
                switch (index)
                {
                case 1:
                {
                    string ruleId = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Action_Rule_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await actionsController.CreateAction(ruleId, insId);

                    break;
                }

                case 2:
                {
                    string ruleId   = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Action_Rule_Id_Prompt_Text"));
                    string actionId = cliMode ? args[2] : GetNonEmptyInput(Utils.GetString("Action_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await actionsController.DeleteAction(ruleId, actionId, insId);

                    break;
                }

                case 3:
                {
                    string ruleId   = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Action_Rule_Id_Prompt_Text"));
                    string actionId = cliMode ? args[2] : GetNonEmptyInput(Utils.GetString("Action_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await actionsController.GetActionById(ruleId, actionId, insId);

                    break;
                }

                case 4:
                {
                    string ruleId = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Action_Rule_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await actionsController.GetActionsByRule(ruleId, insId);

                    break;
                }

                case 5:
                {
                    string ruleTmplId = cliMode? args[1]: GetInput(Utils.GetString("Rule_Template_Id_Prompt_Text"),
                                                                   "57c0cfc-d76d-463b-8755-c781608cdc1a");
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await alertRuleTemplatesController.GetAlertRuleTemplateById(ruleTmplId, insId);

                    break;
                }

                case 6:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await alertRuleTemplatesController.GetAlertRuleTemplates(insId);

                    break;
                }

                case 7:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await alertRulesController.CreateFusionAlertRule(insId);

                    break;
                }

                case 8:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await alertRulesController.CreateMicrosoftSecurityIncidentCreationAlertRule(insId);

                    break;
                }

                case 9:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await alertRulesController.CreateScheduledAlertRule(actionsController, insId);

                    break;
                }

                case 10:
                {
                    string ruleId = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Rule_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await alertRulesController.DeleteAlertRule(ruleId, insId);

                    break;
                }

                case 11:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await alertRulesController.GetAlertRules(insId);

                    break;
                }

                case 12:
                {
                    string ruleId = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Get_Fusion_Rule_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await alertRulesController.GetFusionAlertRule(ruleId, insId);

                    break;
                }

                case 13:
                {
                    string ruleId = cliMode ? args[1] : GetInput(Utils.GetString("Get_Incident_Rule_Prompt_Text"), "Microsoft-alert-rule-2");
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await alertRulesController.GetMicrosoftSecurityIdentityCreationAlertRule(ruleId, insId);

                    break;
                }

                case 14:
                {
                    string ruleId = cliMode ? args[1] : GetInput(Utils.GetString("Get_Scheduled_Rule_Prompt_Text"), "scheduled-alert-rule-3");
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await alertRulesController.GetScheduledAlertRule(ruleId, insId);

                    break;
                }

                case 15:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await bookmarksController.CreateBookmark(insId);

                    break;
                }

                case 16:
                {
                    string bookmarkId = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Bookmark_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await bookmarksController.DeleteBookmark(bookmarkId, insId);

                    break;
                }

                case 17:
                {
                    string bookmarkId = cliMode ? args[1] : GetNonEmptyInput(Utils.GetString("Bookmark_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await bookmarksController.GetBookmarkById(bookmarkId, insId);

                    break;
                }

                case 18:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await bookmarksController.GetBookmarks(insId);

                    break;
                }

                case 19:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await dataConnectorsController.GetDataConnectors(insId);

                    break;
                }

                case 20:
                {
                    string dataConnectorId = GetNonEmptyInput(Utils.GetString("Dataconnector_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await dataConnectorsController.DeleteDataConnector(dataConnectorId, insId);

                    break;
                }

                case 21:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await dataConnectorsController.CreateDataConnector(insId);

                    break;
                }

                case 22:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await incidentsController.CreateIncident(insId);

                    break;
                }

                case 23:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Delete_Incident_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentsController.DeleteIncident(incidentId, insId);

                    break;
                }

                case 24:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Get_Incident_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentsController.GetIncidentById(incidentId, insId);

                    break;
                }

                case 25:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await incidentsController.GetIncidents(insId);

                    break;
                }

                case 26:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentsController.UpdateIncident(incidentId, insId);

                    break;
                }

                case 27:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await incidentsController.BatchUpdateIncidents(insId);

                    break;
                }

                case 28:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    await incidentsController.CreateIncidentComment(incidentId);

                    break;
                }

                case 29:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentsController.GetAllIncidentComments(incidentId, insId);

                    break;
                }

                case 30:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    string commentId  = GetNonEmptyInput(Utils.GetString("Comment_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentsController.GetIncidentCommentById(incidentId, commentId, insId);

                    break;
                }

                case 31:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    string bookmarkId = GetNonEmptyInput(Utils.GetString("Bookmark_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentRelationController.CreateIncidentRelation(incidentId, bookmarkId, insId);

                    break;
                }

                case 32:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    string relationId = GetNonEmptyInput(Utils.GetString("Relation_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await incidentRelationController.DeleteIncidentRelation(incidentId, relationId, insId);

                    break;
                }

                case 33:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    await incidentRelationController.GetEntitiesforIncident(incidentId, insId);

                    break;
                }

                case 34:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    string relationId = GetNonEmptyInput(Utils.GetString("Relation_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    await incidentRelationController.GetIncidentRelationByName(incidentId, relationId, insId);

                    break;
                }

                case 35:
                {
                    string incidentId = GetNonEmptyInput(Utils.GetString("Incident_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    await incidentRelationController.GetIncidentEntitiesbyEntityType(incidentId, insId);

                    break;
                }

                case 36:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await savedSearchController.CreateSavedSearch(insId);

                    break;
                }

                case 37:
                {
                    string savedSearchId = GetNonEmptyInput(Utils.GetString("Saved_Search_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await savedSearchController.DeleteSavedSearch(savedSearchId, insId);

                    break;
                }

                case 38:
                {
                    string savedSearchId = GetNonEmptyInput(Utils.GetString("Saved_Search_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    response = await savedSearchController.GetSavedSearchById(savedSearchId, insId);

                    break;
                }

                case 39:
                {
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstanceOrApplyAll(configurations);
                    }
                    await savedSearchController.GetSavedSearches(insId);

                    break;
                }

                case 40:
                {
                    string savedSearchId = GetNonEmptyInput(Utils.GetString("Saved_Search_Id_Prompt_Text"));
                    if (!cliMode)
                    {
                        insId = Utils.SelectInstance(configurations);
                    }
                    await savedSearchController.UpdateSavedSearch(savedSearchId, insId);

                    break;
                }
                }

                if (response != string.Empty)
                {
                    Console.WriteLine(JToken.Parse(response).ToString(Formatting.Indented));
                }
            }
            catch (JsonReaderException exception)
            {
                if (string.IsNullOrEmpty(response))
                {
                    Console.WriteLine("Deleted");
                    Console.WriteLine(Utils.GetString("Continue_Prompt_Text"));
                    Console.ReadLine();
                    return;
                }
            }
            catch (Exception exception)
            {
                ConsoleColor currentColor = Console.ForegroundColor;
                Console.ForegroundColor = ConsoleColor.Red;
                await Console.Error.WriteLineAsync(exception.Message);

                Console.ForegroundColor = currentColor;
            }

            Console.WriteLine(response);
        }
        /// <summary>
        /// Create scheduled alert rule for a single instance
        /// </summary>
        /// <param name="i"></param>
        /// <returns></returns>
        public async Task CreateScheduledAlertRuleByInstance(int i, ActionsController actionsController)
        {
            var alertRules = Utils.LoadPayload <ScheduledAlertRulePayload[]>("ScheduledAlertRulePayload.json", cliMode);

            foreach (var payload in alertRules)
            {
                try
                {
                    var alertRuleId = Guid.NewGuid().ToString();
                    var url         =
                        $"{azureConfigs[i].BaseUrl}/alertRules/{alertRuleId}?api-version={azureConfigs[i].ApiVersion}";

                    string playbook      = payload.Playbook;
                    string subscription  = azureConfigs[i].SubscriptionId;
                    string resourceGroup = azureConfigs[i].ResourceGroupName;
                    playbook         = string.Format(playbook, subscription, resourceGroup);
                    payload.Playbook = null;

                    var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
                    {
                        NullValueHandling = NullValueHandling.Ignore,
                        ContractResolver  = new DefaultContractResolver
                        {
                            NamingStrategy = new CamelCaseNamingStrategy()
                        }
                    });

                    var request = new HttpRequestMessage(HttpMethod.Put, url)
                    {
                        Content = new StringContent(serialized, Encoding.UTF8, "application/json")
                    };
                    await authenticationService.AuthenticateRequest(request, i);

                    var http     = new HttpClient();
                    var response = await http.SendAsync(request);

                    if (response.IsSuccessStatusCode)
                    {
                        var res = await response.Content.ReadAsStringAsync();

                        Console.WriteLine(JToken.Parse(res).ToString(Formatting.Indented));

                        if (!string.IsNullOrEmpty(playbook))
                        {
                            await actionsController.CreateAction(alertRuleId, i, playbook);
                        }
                        continue;
                    }

                    var error = await response.Content.ReadAsStringAsync();

                    var formatted = JsonConvert.DeserializeObject(error);
                    throw new WebException("Error calling the API: \n" +
                                           JsonConvert.SerializeObject(formatted, Formatting.Indented));
                }
                catch (Exception ex)
                {
                    throw new Exception($"Something went wrong on {azureConfigs[i].InstanceName}: \n"
                                        + ex.Message);
                }
            }
        }