public static async Task Main()
{
//Get access token
Console.WriteLine("Getting access token...");
var accessToken = new AccessToken();
var token = await accessToken.GetToken();
Console.WriteLine("Received access token: \n" + token.AccessToken);
Console.WriteLine("******************************************");
//Uncomment the code below to Get all alerts
//Console.WriteLine("Getting alerts...");
//var alertsController = new AlertsController();
//var alerts = await alertsController.GetAlerts();
//Console.WriteLine("Received alerts: \n" + alerts);
//Console.WriteLine("******************************************");
//Uncomment the code below to Get all SecureScores
//Console.WriteLine("Getting Secure scores...");
//var secureScoresController = new SecureScoresController();
//var secureScores = await secureScoresController.Get();
//if (secureScores != null)
// Console.WriteLine("Received Secure Scores: \n" + secureScores);
//Console.WriteLine("******************************************");
//Uncomment the code below to Get all SecureScoresControlProfiles
//Console.WriteLine("Getting Secure Score Control Profiles...");
//var profileController = new SecureScoreControlProfilesController();
//var secureScoreControlProfiles = await profileController.Get();
//Console.WriteLine("Received Secure Score Control Profiles: \n" + secureScoreControlProfiles);
//Console.WriteLine("******************************************");
//Uncomment the code below to Get all TI Indicators
//Console.WriteLine("Getting TI Indicators...");
//var tiIndicatorsController = new TIIndicatorsController();
//var tiIndicators = await tiIndicatorsController.GetTIIndicators();
//Console.WriteLine("Received TI Indicators: \n" + tiIndicators);
//Console.WriteLine("******************************************");
//Uncomment the code below to Create a TI Indicator
//var ti = new TiIndicator
//{
// Action = "alert",
// Description = "TI 1",
// ExpirationDateTime = DateTimeOffset.Parse("2019-12-31T21:44:03.1668987+00:00"),
// ExternalId = "External Id 1",
// TargetProduct = "Azure Sentinel",
// ThreatType = "WatchList",
// TlpLevel = "green",
// Url = "http://6.7.8.9"
//};
//var postTI = await tiIndicatorsController.CreateTIIndicator(ti);
//Console.WriteLine("POST TI RESULT:\n" + postTI);
//Console.WriteLine("******************************************");
//Uncomment the code below to Create multiple TI Indicators
//var tiList = new List<TiIndicator>()
//{
// new TiIndicator
// {
// Action = "alert",
// Confidence = 0,
// Description = "TI 2",
// ExpirationDateTime = DateTimeOffset.Parse("2019-12-31T21:44:03.1668987+00:00"),
// ExternalId = "External ID 2",
// Severity = 0,
// TargetProduct = "Azure Sentinel",
// ThreatType = "WatchList",
// TlpLevel = "green",
// Url = "http://3.4.5.6"
// },
// new TiIndicator
// {
// Action = "block",
// Confidence = 0,
// Description = "TI 3",
// ExpirationDateTime = DateTimeOffset.Parse("2019-12-31T21:44:03.1668987+00:00"),
// ExternalId = "External ID 3",
// Severity = 0,
// TargetProduct = "Azure Sentinel",
// ThreatType = "WatchList",
// TlpLevel = "green",
// Url = "http://2.3.4.5"
// }
//};
//var postTIs = await tiIndicatorsController.CreateMultipleTIIndicators(tiList);
//Console.WriteLine("POST TI RESULT:\n" + postTIs);
//Console.WriteLine("******************************************");
//Uncomment the code below to Update multiple TI indicators
//var values = new List<TiIndicator>()
//{ new TiIndicator
// {
// Id = "<id-value1>",
// AdditionalInformation = "my test",
// },
// new TiIndicator
// {
// Id = "<id-value2>",
// AdditionalInformation = "my test again",
// }
//};
//var updateTIs = await tiIndicatorsController.UpdateMultipleTIIndicators(values);
//Console.WriteLine("UPDATE Multiple TI RESULT:\n" + updateTIs);
//Console.WriteLine("******************************************");
//Uncomment the code below to Delete multiple TI indicators
//var idsToDelete = new List<string>()
//{
// "<id-value1>",
// "<id-value2>"
//};
//var deletedTIs = await tiIndicatorsController.DeleteMultipleTIIndicators(idsToDelete);
//Console.WriteLine("Delete TI RESULT:\n" + deletedTIs);
//Console.WriteLine("******************************************");
//Uncomment the code below to Delete multiple TI indicators by external IDs
// var externalIDsToDelete = new List<string>()
// {
// "<externalId-value1>",
// "<externalId-value2>"
// };
// var result = await tiIndicatorsController.DeleteTiIndicatorsByExternalId(externalIDsToDelete);
// Console.WriteLine("Delete by external TI RESULT:\n" + result);
// Console.WriteLine("******************************************");
}
public static async Task Main()
{
#region Get Access Token
var accessToken = new AccessToken();
var token = await accessToken.GetToken();
if (token != null)
{
Console.WriteLine("Access Token: \n" + token.AccessToken);
Console.WriteLine("******************************************");
}
#endregion
#region Alerts
//var alertsController = new AlertsController();
//var alerts = await alertsController.GetAlerts();
//Console.WriteLine("List of alerts \n" + alerts);
//var alertJson = JsonConvert.DeserializeObject(alerts);
//Console.WriteLine(alertJson);
//var alertId = alertJson["value"];
//var alert = await alertsController.GetAlert(alertId);
//Console.WriteLine("One Alert \n" + alert);
//var newAlertProperties = new
//{
// vendorInformation = new
// {
// provider = "Palo Alto Networks",
// providerVersion = "8.1",
// subProvider = "NGFW",
// vendor = "Palo Alto Networks"
// },
// assignedTo = "Bob Smith",
// closedDateTime = DateTime.Now,
// comments = new List<string> { "The alert was benign" },
// feedback = "falsePositive",
// status = "resolved",
// tags = new List<string>{ "HVA", "SAW" },
//};
//await UpdateAlert(alertId, newAlertProperties);
//var alert = await GetAlert(alertId);
//Console.WriteLine("Alert \n \n" + alert);
//Console.WriteLine("******************************************");
#endregion
#region SecureScores & SecureScoreProfiles
//var secureScores = await GetSecureScores();
//Console.WriteLine("Secure Scores \n \n" + secureScores);
//var secureScoreControlPolicies = await GetSecureScoreControlPolicies();
//Console.WriteLine("Secure Score Control Policies" + secureScoreControlPolicies);
//Console.WriteLine("******************************************");
#endregion
#region Get, Create, Update, and Delete one TI Indicator
var tiIndicatorsController = new TIIndicatorsController();
var newTIIndicator = new
{
action = "alert",
description = "Test required fields for each TI",
expirationDateTime = "2019-10-01T21:43:37.5031462+00:00",
targetProduct = "Azure Sentinel",
threatType = "WatchList",
tlpLevel = "green",
confidence = 0,
externalId = "Demo TI--9586509942679764298MS502",
fileHashType = "sha256",
fileHashValue = "bb12328647b57bf51524d1756b2ed746e5a3f31b67cf7fe5b5d8a9daf07ca313",
severity = 0,
tags = new List <string>()
};
await tiIndicatorsController.CreateTIIndicator(newTIIndicator);
Console.WriteLine("Successully created a threat intelligent indicator");
//var tiIndicatorId = string.Format("35B9546B1AF0E35A674AA0CF2D67E4213519DAF43B018C63AD8F8A0985FD495E");
//var tiIndicator = await tiIndicatorsController.GetTIIndicator(tiIndicatorId);
//Console.WriteLine("One Threat Intelligent Indicator: \n \n" + tiIndicator);
//Console.WriteLine("******************************************");
//var newTIFields = new
// {
// AdditionalInformation = "additionalInformation-after-update",
// Confidence = 42,
// Description = "description-after-update"
// };
//await tiIndicatorsController.UpdateTIIndicator(tiIndicatorId, newTIFields);
//Console.WriteLine("Successully updated TI indicator with id {0}", tiIndicatorId);
//await tiIndicatorsController.DeleteTIIndicator(tiIndicatorId);
//Console.WriteLine("Successully deleted TI indicator with id {0}", tiIndicatorId);
#endregion
#region TODO: Create, Update, Delete Multiple TI Indicators
var value = new List <TiIndicator>()
{
new TiIndicator
{
ActivityGroupNames = new List <string>(),
Confidence = 0,
Description = "TI Indicator 1",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1668987+00:00"),
ExternalId = "Test--8586509942423126760MS164-0",
FileHashType = "Sha256",
FileHashValue = "e111c45c5b1b01304217e72118d6ca1b14b7013644a078273cea27bbdc1cf9d6",
KillChain = new List <string>(),
MalwareFamilyNames = new List <string>(),
Severity = 0,
Tags = new List <string>(),
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = "Green"
},
new TiIndicator
{
ActivityGroupNames = new List <string>(),
Confidence = 0,
Description = "Ti Indicator 2",
ExpirationDateTime = DateTimeOffset.Parse("2019-03-01T21:44:03.1748779+00:00"),
ExternalId = "Test--8586509942423126760MS164-1",
FileHashType = "Sha256",
FileHashValue = "1234b433950990b28d6a22456c9d2b58ced1bdfcdf5f16f7e39d6b9bdca4213b",
KillChain = new List <string>(),
MalwareFamilyNames = new List <string>(),
Severity = 0,
Tags = new List <string>(),
TargetProduct = "Azure Sentinel",
ThreatType = "WatchList",
TlpLevel = "Green"
}
};
//var createTIIndicators = await tiIndicatorsController.CreateMultipleTIIndicators(value);
//Console.WriteLine(createTIIndicators);
//var tiIndicators = await tiIndicatorsController.GetTIIndicators();
//Console.WriteLine("List of Threat Intelligent Indicators: \n \n" + tiIndicators);
//Console.WriteLine("******************************************");
#endregion
}
