public static async Task <int> obSplunk(string newClientContent, ILogger log)
{
//
// newClientContent looks like this:
//
// {
// "records":[
// {...},
// {...}
// ...
// ]
// }
//
string splunkAddress = Util.GetEnvironmentVariable("splunkAddress");
string splunkToken = Util.GetEnvironmentVariable("splunkToken");
string splunkCertThumbprint = Util.GetEnvironmentVariable("splunkCertThumbprint");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.LogError("Values for splunkAddress and splunkToken are required.");
return(0);
}
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
int bytesSent = 0;
foreach (var transmission in convertToSplunkList(newClientContent, log))
{
var client = new SingleHttpClientInstance();
try
{
HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, splunkAddress);
req.Headers.Accept.Clear();
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
req.Headers.Add("Authorization", "Splunk " + splunkToken);
req.Content = new StringContent(transmission, Encoding.UTF8, "application/json");
HttpResponseMessage response = await SingleHttpClientInstance.SendToSplunk(req);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
throw new System.Net.Http.HttpRequestException("Sending to Splunk. Is Splunk service running?", e);
}
catch (Exception f)
{
throw new System.Exception("Sending to Splunk. Unplanned exception.", f);
}
bytesSent += transmission.Length;
}
return(bytesSent);
}
static async Task obLogstash(string newClientContent, TraceWriter log)
{
string logstashAddress = Util.GetEnvironmentVariable("logstashAddress");
string logstashHttpUser = Util.GetEnvironmentVariable("logstashHttpUser");
string logstashHttpPwd = Util.GetEnvironmentVariable("logstashHttpPwd");
if (logstashAddress.Length == 0 || logstashHttpUser.Length == 0 || logstashHttpPwd.Length == 0)
{
log.Error("Values for logstashAddress, logstashHttpUser and logstashHttpPwd are required.");
return;
}
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback =
new System.Net.Security.RemoteCertificateValidationCallback(
delegate { return(true); });
// log.Info($"newClientContent: {newClientContent}");
var client = new SingleHttpClientInstance();
var creds = Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(string.Format("{0}:{1}", logstashHttpUser, logstashHttpPwd)));
try
{
HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, logstashAddress);
req.Headers.Accept.Clear();
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
req.Headers.Add("Authorization", "Basic " + creds);
req.Content = new StringContent(newClientContent, Encoding.UTF8, "application/json");
HttpResponseMessage response = await SingleHttpClientInstance.SendToLogstash(req, log);
if (response.StatusCode != HttpStatusCode.OK)
{
log.Error($"StatusCode from Logstash: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
string msg = e.Message;
if (e.InnerException != null)
{
msg += " *** " + e.InnerException.Message;
}
log.Error($"HttpRequestException Error: \"{msg}\" was caught while sending to Logstash.");
throw e;
}
catch (Exception f)
{
string msg = f.Message;
if (f.InnerException != null)
{
msg += " *** " + f.InnerException.Message;
}
log.Error($"Unknown error caught while sending to Logstash: \"{f.ToString()}\"");
throw f;
}
}
public static async Task obHEC(List <string> standardizedEvents, ILogger log)
{
string splunkAddress = Utils.getEnvironmentVariable("splunkAddress");
string splunkToken = Utils.getEnvironmentVariable("splunkToken");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.LogError("Values for splunkAddress and splunkToken are required.");
throw new ArgumentException();
}
if (!string.IsNullOrWhiteSpace(splunkCertThumbprint))
{
if (!splunkAddress.ToLower().StartsWith("https"))
{
throw new ArgumentException("Having provided a Splunk cert thumbprint, the address must be https://whatever");
}
}
//ServicePointManager.Expect100Continue = true;
//ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
//ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
var client = new SingleHttpClientInstance();
foreach (string item in standardizedEvents)
{
try
{
var httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(splunkAddress),
Headers =
{
{ HttpRequestHeader.Authorization.ToString(), "Splunk " + splunkToken }
},
Content = new StringContent(item, Encoding.UTF8, "application/json")
};
HttpResponseMessage response = await SingleHttpClientInstance.SendToService(httpRequestMessage);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
throw new System.Net.Http.HttpRequestException($"Sending to Splunk. Is Splunk service running: {e.Message}. The following is the StackTrace: {e.StackTrace}. The following is the TargetSite: {e.TargetSite}. The following is the InnerException: {e.InnerException} ");
}
catch (Exception f)
{
throw new System.Exception("Sending to Splunk. Unplanned exception.", f);
}
}
}
public static async Task obHEC(List <string> standardizedEvents, TraceWriter log)
{
string splunkAddress = Utils.getEnvironmentVariable("splunkAddress");
string splunkToken = Utils.getEnvironmentVariable("splunkToken");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.Error("Values for splunkAddress and splunkToken are required.");
return;
}
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
var newClientContent = new StringBuilder();
log.Info("number of items: " + standardizedEvents.Count);
foreach (string item in standardizedEvents)
{
newClientContent.Append(item);
}
var client = new SingleHttpClientInstance();
try
{
HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, splunkAddress);
req.Headers.Accept.Clear();
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
req.Headers.Add("Authorization", "Splunk " + splunkToken);
req.Content = new StringContent(newClientContent.ToString(), Encoding.UTF8, "application/json");
log.Info("ready to send");
HttpResponseMessage response = await SingleHttpClientInstance.SendToSplunk(req);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
else if (response.StatusCode == HttpStatusCode.OK)
{
log.Info("successfully sent");
}
else
{
log.Info(response.StatusCode.ToString());
}
}
catch (System.Net.Http.HttpRequestException e)
{
log.Error(e.ToString());
throw new System.Net.Http.HttpRequestException("Sending to Splunk. Is Splunk service running?", e);
}
catch (Exception f)
{
log.Error(f.ToString());
throw new System.Exception("Sending to Splunk. Unplanned exception.", f);
}
}
public static async Task obHEC(List <string> standardizedEvents, ILogger log)
{
string splunkAddress = Utils.GetEnvironmentVariable("splunkAddress");
string splunkToken = Utils.GetEnvironmentVariable("splunkToken");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.LogError("Values for splunkAddress and splunkToken are required.");
throw new ArgumentException();
}
if (!string.IsNullOrWhiteSpace(splunkCertThumbprint))
{
if (!splunkAddress.ToLower().StartsWith("https"))
{
throw new ArgumentException("Having provided a Splunk cert thumbprint, the address must be https://whatever");
}
}
log.LogInformation($"Sending events count : {standardizedEvents.Count}");
var client = new SingleHttpClientInstance();
foreach (string item in standardizedEvents)
{
try
{
var httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(splunkAddress),
Headers =
{
{ HttpRequestHeader.Authorization.ToString(), "Splunk " + splunkToken }
},
Content = new StringContent(item, Encoding.UTF8, "application/json")
};
HttpResponseMessage response = await SingleHttpClientInstance.SendToService(httpRequestMessage);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
throw new System.Net.Http.HttpRequestException("Sending to Splunk. Is Splunk service running?", e);
}
catch (Exception f)
{
throw new System.Exception("Sending to Splunk. Unplanned exception.", f);
}
}
}
public static async Task obHEC(string standardizedEvents, ILogger log)
{
string splunkAddress = getEnvironmentVariable("splunkAddress");
string splunkToken = getEnvironmentVariable("splunkToken");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.LogError("Values for splunkAddress and splunkToken are required.");
throw new ArgumentException();
}
var client = new SingleHttpClientInstance();
try
{
var httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(splunkAddress),
Headers =
{
{ HttpRequestHeader.Authorization.ToString(), "Splunk " + splunkToken }
},
Content = new StringContent(standardizedEvents, Encoding.UTF8, "application/json")
};
HttpResponseMessage response = await SingleHttpClientInstance.SendToService(httpRequestMessage);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
var msg = "Error sending to Splunk. \n";
msg += e.Message + "\n";
if (e.InnerException != null)
{
msg += e.InnerException.Message;
if (e.InnerException.InnerException != null)
{
msg += e.InnerException.InnerException.Message;
}
}
throw new System.Net.Http.HttpRequestException(msg);
}
catch (Exception f)
{
throw new System.Exception($"Sending to Splunk. Unplanned exception. {f.Message}");
}
}
public static async Task obHEC(List <string> standardizedEvents, ILogger log)
{
string splunkAddress = Utils.getEnvironmentVariable("splunkAddress");
string splunkToken = Utils.getEnvironmentVariable("splunkToken");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.LogError("Values for splunkAddress and splunkToken are required.");
throw new ArgumentException();
}
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
var client = new SingleHttpClientInstance();
foreach (string item in standardizedEvents)
{
try
{
var httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(splunkAddress),
Headers =
{
{ HttpRequestHeader.Authorization.ToString(), "Splunk " + splunkToken }
},
Content = new StringContent(item, Encoding.UTF8, "application/json")
};
HttpResponseMessage response = await SingleHttpClientInstance.SendToService(httpRequestMessage);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
throw new System.Net.Http.HttpRequestException("Sending to Splunk. Is Splunk service running?", e);
}
catch (Exception f)
{
throw new System.Exception("Sending to Splunk. Unplanned exception.", f);
}
}
}
private void gameOver()
{
SingleHttpClientInstance.AddScore(score);
gameOverScore.Children.Clear();
foreach (string score in SingleHttpClientInstance.GetScore())
{
Debug.WriteLine(score);
TextBlock t = new TextBlock()
{
FontSize = 25,
Margin = new Thickness(5),
Text = $"{score} Points"
};
gameOverScore.Children.Add(t);
}
gameOverPanel.Visibility = Visibility.Visible;
gameOverText.Visibility = Visibility.Visible;
playing = false;
isGameOver = true;
reset();
rowCount = 0;
columnCount = 0;
left = 0;
score = 0;
currentPieceID = random.Next(1, 8);
nextPieceID = random.Next(1, 8);
timer.Interval = new TimeSpan(0, 0, 0, 0, speed);
startButton.Content = "START";
}
public static async Task obSplunk(string newClientContent, TraceWriter log)
{
//
// newClientContent looks like this:
//
// {
// "records":[
// {...},
// {...}
// ...
// ]
// }
//
string splunkAddress = Util.GetEnvironmentVariable("splunkAddress");
string splunkToken = Util.GetEnvironmentVariable("splunkToken");
if (splunkAddress.Length == 0 || splunkToken.Length == 0)
{
log.Error("Values for splunkAddress and splunkToken are required.");
return;
}
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
var transmission = new StringBuilder();
foreach (var message in convertToSplunk(newClientContent, null, log))
{
//
// message looks like this:
//
// {
// "time": "xxx",
// "category": "xxx",
// "operationName": "xxx",
// "version": "xxx",
// "deviceExtId": "xxx",
// "flowOrder": "xxx",
// "nsgRuleName": "xxx",
// "dmac|smac": "xxx",
// "rt": "xxx",
// "src": "xxx",
// "dst": "xxx",
// "spt": "xxx",
// "dpt": "xxx",
// "proto": "xxx",
// "deviceDirection": "xxx",
// "act": "xxx"
// }
transmission.Append(GetSplunkEventFromMessage(message));
}
var client = new SingleHttpClientInstance();
try
{
HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, splunkAddress);
req.Headers.Accept.Clear();
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
req.Headers.Add("Authorization", "Splunk " + splunkToken);
req.Content = new StringContent(transmission.ToString(), Encoding.UTF8, "application/json");
HttpResponseMessage response = await SingleHttpClientInstance.SendToSplunk(req);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Splunk: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
throw new System.Net.Http.HttpRequestException("Sending to Splunk. Is Splunk service running?", e);
}
catch (Exception f)
{
throw new System.Exception("Sending to Splunk. Unplanned exception.", f);
}
}
public static async Task obProxy(List <string> standardizedEvents, ILogger log)
{
string proxyAddress = Utils.getEnvironmentVariable("proxyAddress");
if (proxyAddress.Length == 0)
{
log.LogError("Address of proxy function is required.");
throw new ArgumentException();
}
string serviceResourceIDURI = Utils.getEnvironmentVariable("serviceResourceIDURI");
if (serviceResourceIDURI.Length == 0)
{
log.LogError("The AAD service resource ID URI (serviceResourceIDURI) of the proxy app is required.");
throw new ArgumentException();
}
string astpConnection = "";
bool devEnvironment = Utils.getEnvironmentVariable("FUNCTIONS_CORETOOLS_ENVIRONMENT").ToLower() == "true";
if (devEnvironment)
{
astpConnection = Utils.getEnvironmentVariable("astpConnectionString");
}
// log.LogInformation($"devEnvironment: {devEnvironment}, astpConnection: {astpConnection}");
string accessToken = "";
try
{
var azureServiceTokenProvider = new AzureServiceTokenProvider(
connectionString: astpConnection
);
accessToken = await azureServiceTokenProvider.GetAccessTokenAsync(serviceResourceIDURI);
} catch (Exception ex)
{
log.LogError($"Error acquiring token from AzureServiceTokenProvider: {ex.Message}");
throw;
}
//ServicePointManager.Expect100Continue = true;
//ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
//ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
var client = new SingleHttpClientInstance();
StringBuilder bulkTransmission = new StringBuilder();
foreach (string item in standardizedEvents)
{
bulkTransmission.Append(item);
}
try
{
var httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = new Uri(proxyAddress),
Headers =
{
{ HttpRequestHeader.Authorization.ToString(), "Bearer " + accessToken }
},
Content = new StringContent(bulkTransmission.ToString(), Encoding.UTF8)
};
HttpResponseMessage response = await SingleHttpClientInstance.SendToService(httpRequestMessage);
if (response.StatusCode != HttpStatusCode.OK)
{
throw new System.Net.Http.HttpRequestException($"StatusCode from Proxy Function: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException e)
{
throw new System.Net.Http.HttpRequestException("Sending to Proxy Function. Is the service running?", e);
}
catch (Exception f)
{
throw new System.Exception("Sending to Proxy Function. Unplanned exception.", f);
}
}
public static async Task SendEvents(List <string> standardizedEvents, ILogger log)
{
string destinationAddress = Config.GetValue(ConfigSettings.DestinationAddress);
if (String.IsNullOrWhiteSpace(destinationAddress))
{
log.LogError("destinationAddress config setting is required and not set.");
return;
}
string destinationToken = Config.GetValue(ConfigSettings.DestinationToken);
if (String.IsNullOrWhiteSpace(destinationToken))
{
log.LogInformation("destinationToken config setting is not set; proceeding with anonymous call.");
}
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateMyCert);
// HACK: Build the list of events into a JSON array because that is the format the Azure Event Grid Viewer expects
StringBuilder newClientContent = new StringBuilder();
newClientContent.Append("[");
for (int iEvent = 0; iEvent < standardizedEvents.Count; iEvent++)
{
newClientContent.Append(standardizedEvents[iEvent]);
if (iEvent != standardizedEvents.Count - 1)
{
newClientContent.Append(",");
}
}
newClientContent.Append("]");
if (Config.GetBool(ConfigSettings.LogRawData))
{
log.LogInformation($"Sending:\r\n{newClientContent.ToString()}");
}
SingleHttpClientInstance client = new SingleHttpClientInstance();
try
{
HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Post, destinationAddress);
req.Headers.Accept.Clear();
req.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
if (!String.IsNullOrWhiteSpace(destinationToken))
{
req.Headers.Add("Authorization", "Bearer " + destinationToken);
}
// WebHook stuff
req.Headers.Add("aeg-event-type", "Notification");
req.Content = new StringContent(newClientContent.ToString(), Encoding.UTF8, "application/json");
HttpResponseMessage response = await SingleHttpClientInstance.SendRequest(req);
if (response.StatusCode == HttpStatusCode.OK)
{
log.LogInformation("Send successful");
}
else
{
throw new System.Net.Http.HttpRequestException($"Request failed. StatusCode: {response.StatusCode}, and reason: {response.ReasonPhrase}");
}
}
catch (System.Net.Http.HttpRequestException hrex)
{
log.LogError($"Http error while sending: {hrex}");
throw;
}
catch (Exception ex)
{
log.LogError($"Unexpected error while sending: {ex}");
throw;
}
}