static SentinelWorkspaceLogHub() { string configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); string textOfJsonConfig = File.ReadAllText(Path.Combine(SentinelWorkspacePoc.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); // Turn on the KeyVault for use KeyVault = new KeyVault(SentinelApiConfig); // Create the processor syslogToSentinelProcessor = new SyslogToSentinelProcessor(SentinelApiConfig); // Create the storage container connection syslogToAzureBlob = new SyslogToAzureBlob(SentinelApiConfig, GetKeyVaultSecret(SentinelApiConfig.SyslogToAzureBlobStorageSecret)); eventLogProcessor = new EventLogProcessor("Security", NewEventRecord, readEventLogFileFromBeginning); using (var certificateManagement = new CertificateManagement()) { AuthX509Certificate2 = certificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); } // Get the certificate from KeyVault string sentinalAuthCertEncoded = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wsid"); byte[] certFromKeyVault = Encoding.Unicode.GetBytes(sentinalAuthCertEncoded); // AuthX509Certificate2 = new X509Certificate2(certFromKeyVault, "SecurePassword", X509KeyStorageFlags.Exportable); // Get the current WorkspaceKey from KeyVault sentinalAuthWorkspaceKey = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wskey"); }
public void ManageOdsAuthenticationCertStore() { try { string sentinalAuthWorkspaceKey = GetKeyVaultSecret($"{SentinelApiConfig.WorkspaceId.ToLower()}-wskey"); using (var certificateManagement = new CertificateManagement()) { var authX509Certificate2 = certificateManagement.FindCertificateByThumbprint("MY", SentinelApiConfig.CertificateThumbprint, StoreLocation.LocalMachine); if (authX509Certificate2 == null) { string agentId = Guid.NewGuid().ToString("D"); authX509Certificate2 = certificateManagement.CreateOmsSelfSignedCertificate(agentId, SentinelApiConfig.WorkspaceId); //TODO: Add in support for KeyVault if (certificateManagement.SaveCertificateToStore(authX509Certificate2, "MY", StoreLocation.LocalMachine)) { certificateManagement.RegisterWithOms(authX509Certificate2, SentinelApiConfig.WorkspaceId, sentinalAuthWorkspaceKey, SentinelApiConfig.OmsEndpointUri); SentinelApiConfig.CertificateThumbprint = authX509Certificate2.Thumbprint.ToLower(); SaveCurrentConfiguration(); authX509Certificate2 = null; } } } } catch (Exception e) { Console.WriteLine(e); } }