/// <summary>
/// Get alert rule templates for a single instance
/// </summary>
/// <param name="i"></param>
/// <returns></returns>
private async Task GetAlertRuleTemplatesByInstance(int i)
{
try
{
var url = $"{azureConfigs[i].BaseUrl}/alertRuleTemplates?api-version={azureConfigs[i].ApiVersion}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
await authenticationService.AuthenticateRequest(request, i);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
string res = await response.Content.ReadAsStringAsync();
Utils.WriteJsonStringToFile($"GetAlertRuleTemplates_{azureConfigs[i].InstanceName}.json", cliMode, res);
Console.WriteLine(JToken.Parse(res).ToString(Formatting.Indented));
return;
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception($"Something went wrong on {azureConfigs[i].InstanceName}: \n"
+ ex.Message);
}
}
public async Task <string> GetAlertRuleTemplates()
{
try
{
var url = $"{_azureConfig.BaseUrl}/alertRuleTemplates?api-version={_azureConfig.ApiVersion}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
await _authenticationService.AuthenticateRequest(request);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsStringAsync());
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
public async Task <string> CreateBookmark()
{
_azureConfig.LastCreatedBookmark = Guid.NewGuid().ToString();
try
{
var payload = new BookmarkPayload
{
PropertiesPayload = new BookmarkPropertiesPayload
{
Query = "SecurityEvent",
DisplayName = $"Incident: {_azureConfig.LastCreatedBookmark}",
Labels = new List <string> {
"Tag1", "Tag2"
},
QueryResult = "Security Event query result"
}
};
var url = $"{_azureConfig.BaseUrl}/bookmarks/{_azureConfig.LastCreatedBookmark}?api-version={_azureConfig.ApiVersion}";
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var request = new HttpRequestMessage(HttpMethod.Put, url)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await _authenticationService.AuthenticateRequest(request);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsStringAsync());
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
/// <summary>
/// Create a bookmark for a single instance
/// </summary>
/// <param name="i"></param>
/// <returns></returns>
private async Task CreateBookmarkByInstance(int i)
{
var bookmarks = Utils.LoadPayload <BookmarkPayload[]>("BookmarkPayload.json", cliMode);
foreach (var payload in bookmarks)
{
try
{
var bookmarkId = Guid.NewGuid().ToString();
var url = $"{azureConfigs[i].BaseUrl}/bookmarks/{bookmarkId}?api-version={azureConfigs[i].ApiVersion}";
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var request = new HttpRequestMessage(HttpMethod.Put, url)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await authenticationService.AuthenticateRequest(request, i);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var res = await response.Content.ReadAsStringAsync();
Console.WriteLine(JToken.Parse(res).ToString(Formatting.Indented));
continue;
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception($"Something went wrong on {azureConfigs[i].InstanceName}: \n"
+ ex.Message);
}
}
}
public async Task <string> CreateAction(string alertId)
{
try
{
var payload = new ActionRequestPayload
{
PropertiesPayload = new ActionRequestPropertiesPayload
{
LogicAppResourceId = _azureConfig.WorkflowId,
TriggerUri = TRIGGER_URI
}
};
_azureConfig.LastCreatedAction = Guid.NewGuid().ToString();
var url = $"{_azureConfig.BaseUrl}/alertRules/{alertId}/actions/{_azureConfig.LastCreatedAction}?api-version={_azureConfig.ApiVersion}";
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var request = new HttpRequestMessage(HttpMethod.Put, url)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await _authenticationService.AuthenticateRequest(request);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsStringAsync());
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
/// <summary>
/// Create an incident relation for a single instance, connecting incident and bookmark
/// </summary>
/// <param name="incidentId"></param>
/// <param name="bookmarkId"></param>
/// <returns></returns>
public async Task <string> CreateIncidentRelation(string incidentId, string bookmarkId, int insId)
{
try
{
var payload = new RelationPayload
{
PropertiesPayload = new RelationPropertiesPayload
{
RelatedResourceId = $"{azureConfigs[insId].BaseUrl}/bookmarks/{bookmarkId}"
}
};
var relationId = Guid.NewGuid().ToString();
var url =
$"{azureConfigs[insId].BaseUrl}/incidents/{incidentId}/relations/{relationId}?api-version={azureConfigs[insId].PreviewApiVersion}";
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore,
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var request = new HttpRequestMessage(HttpMethod.Put, url)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await authenticationService.AuthenticateRequest(request, insId);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsStringAsync());
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
/// <summary>
/// Create action from payload json
/// </summary>
/// <param name="ruleId"></param>
/// <returns></returns>
public async Task CreateAction(string ruleId, int insId, string logicAppResourceId = "")
{
ActionRequestPayload[] actions = Utils.LoadPayload <ActionRequestPayload[]>("ActionPayload.json", cliMode);
foreach (ActionRequestPayload payload in actions)
{
try
{
string subscription = azureConfigs[insId].SubscriptionId;
string resourceGroup = azureConfigs[insId].ResourceGroupName;
payload.PropertiesPayload.LogicAppResourceId = string.Format(payload.PropertiesPayload.LogicAppResourceId, subscription, resourceGroup);
string actionId = Guid.NewGuid().ToString();
string url = $"{azureConfigs[insId].BaseUrl}/alertRules/{ruleId}/actions/{actionId}?api-version={azureConfigs[insId].ApiVersion}";
if (!string.IsNullOrEmpty(logicAppResourceId))
{
payload.PropertiesPayload.LogicAppResourceId = logicAppResourceId;
}
string serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var request = new HttpRequestMessage(HttpMethod.Put, url)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await authenticationService.AuthenticateRequest(request, insId);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
var res = await response.Content.ReadAsStringAsync();
Console.WriteLine(JToken.Parse(res).ToString(Formatting.Indented));
continue;
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
}
public async Task <string> CreateIncident(IncidentPayload payload, string incidentId)
{
try
{
//var payload = new IncidentPayload
//{
// PropertiesPayload = new IncidentPropertiesPayload
// {
// Severity = Severity.Low,
// Status = IncidentStatus.New,
// Title = INCIDENT_NAME
// }
//};
var url = $"{_azureConfig.BaseUrl}/incidents/{incidentId}?api-version={_azureConfig.ApiVersion}";
var serialized = JsonConvert.SerializeObject(payload, new JsonSerializerSettings
{
ContractResolver = new DefaultContractResolver
{
NamingStrategy = new CamelCaseNamingStrategy()
}
});
var request = new HttpRequestMessage(HttpMethod.Put, url)
{
Content = new StringContent(serialized, Encoding.UTF8, "application/json")
};
await _authenticationService.AuthenticateRequest(request);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
return(await response.Content.ReadAsStringAsync());
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception("Something went wrong: \n" + ex.Message);
}
}
/// <summary>
/// Get all data connectors for a single instance
/// </summary>
/// <param name="i"></param>
/// <returns></returns>
private async Task GetDataConnectorsByInstance(int i)
{
try
{
var url = $"{azureConfigs[i].BaseUrl}/dataConnectors?api-version={azureConfigs[i].ApiVersion}";
var request = new HttpRequestMessage(HttpMethod.Get, url);
await authenticationService.AuthenticateRequest(request, i);
var http = new HttpClient();
var response = await http.SendAsync(request);
if (response.IsSuccessStatusCode)
{
string res = await response.Content.ReadAsStringAsync();
JObject result = JsonConvert.DeserializeObject <JObject>(res);
var values = result["value"] as JArray;
if (values == null)
{
values = new JArray();
}
int callTimes = 1;
while (result.ContainsKey("nextLink") && callTimes < 100)
{
try
{
var nextLink = result["nextLink"].ToString();
request = new HttpRequestMessage(HttpMethod.Get, nextLink);
await authenticationService.AuthenticateRequest(request, i);
var nextResponse = await http.SendAsync(request);
if (nextResponse.IsSuccessStatusCode)
{
var newRes = await nextResponse.Content.ReadAsStringAsync();
JObject newResult = JsonConvert.DeserializeObject <JObject>(newRes);
result = newResult;
var newValues = result["value"] as JArray;
if (newValues == null)
{
newValues = new JArray();
}
foreach (var v in newValues)
{
values.Add(v);
}
callTimes++;
}
else
{
var err = await response.Content.ReadAsStringAsync();
Console.WriteLine("Error calling the nextLink: \n" + err);
break;
}
}
catch (Exception ex)
{
Console.WriteLine("Error in parsing nextLink: \n" + ex.Message);
break;
}
}
var formattedRes = JsonConvert.SerializeObject(values, Formatting.Indented);
Utils.WriteJsonStringToFile($"GetDataConnectors_{azureConfigs[i].InstanceName}.json", cliMode, formattedRes, false);
Console.WriteLine(formattedRes);
return;
}
var error = await response.Content.ReadAsStringAsync();
var formatted = JsonConvert.DeserializeObject(error);
throw new WebException("Error calling the API: \n" +
JsonConvert.SerializeObject(formatted, Formatting.Indented));
}
catch (Exception ex)
{
throw new Exception($"Something went wrong on {azureConfigs[i].InstanceName}: \n"
+ ex.Message);
}
}