private void StartEtwListenerInstances() { // Get the current Sentinel config string configurationFile = ConfigurationManager.AppSettings["SentinelApiConfig"]; bool useEventIngest = false; GlobalLog.WriteToStringBuilderLog($"Loading config [{configurationFile}].", 14001); string textOfJsonConfig = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{configurationFile}")); SentinelApiConfig sentinelApiConfig = JsonConvert.DeserializeObject <SentinelApiConfig>(textOfJsonConfig); List <EtwListener> etwListeners = new List <EtwListener>(); // Add custom local functions to Rx.Kql ScalarFunctionFactory.AddFunctions(typeof(LogAnalyticsOdsApiHarness)); string etwConfigurationFile = "EtwConfig-DNS-TCP.json"; GlobalLog.WriteToStringBuilderLog($"Loading ETW config [{etwConfigurationFile}].", 14001); string textOfEtwConfigurationFile = File.ReadAllText(Path.Combine(LogAnalyticsOdsApiHarness.GetExecutionPath(), $"{etwConfigurationFile}")); List <EtwListenerConfig> listEtwListenerConfigs = JsonConvert.DeserializeObject <List <EtwListenerConfig> >(textOfEtwConfigurationFile); foreach (EtwListenerConfig config in listEtwListenerConfigs) { etwListeners.Add(new EtwListener(sentinelApiConfig, config, useEventIngest)); } // Wait for the process to end Thread.Sleep(Timeout.Infinite); }
public SyslogToAzureBlob(SentinelApiConfig sentinelApiConfig, string azureStorageConnectionString) { SentinelApiConfig = sentinelApiConfig; AzureStorageConnectionString = azureStorageConnectionString; SyslogToAzureBlobHelpers = new Dictionary <string, SyslogToAzureBlobHelper>(); }
public EtwListener(SentinelApiConfig sentinelApiConfig, EtwListenerConfig etwListenerConfig, bool useEventIngest) { EtwListenerConfig = etwListenerConfig; SentinelApiConfig = sentinelApiConfig; UseEventIngest = useEventIngest; // Initialize on the first heartbeat after the HostBuilder loads all configs if (syntheticCounterManager == null && SentinelApiConfig.SloMetricsConfiguration != null) { // Set up the SLO metrics logging mechanism var sloMetricsConfiguration = new GenevaMdmConfiguration { MetricsNamespace = SentinelApiConfig.SloMetricsConfiguration.MetricsNamespace, MetricsAccount = SentinelApiConfig.SloMetricsConfiguration.MetricsAccount, LocationId = SentinelApiConfig.SloMetricsConfiguration.LocationId, MinimumValue = SentinelApiConfig.SloMetricsConfiguration.MinimumValue, BucketSize = SentinelApiConfig.SloMetricsConfiguration.BucketSize, BucketCount = SentinelApiConfig.SloMetricsConfiguration.BucketCount }; syntheticCounterManager = new SyntheticCounterManager(sloMetricsConfiguration); } // Turn on the Provider, and listen InitializeEtwListener(); }
public SyslogToSentinelProcessor(SentinelApiConfig sentinelApiConfig) { InvalidState = false; SentinelApiConfig = sentinelApiConfig; GlobalLog.WriteToStringBuilderLog("Loading sample Syslog XML [SampleCefRecords.txt].", 14001); RawCefMessageList = new List <string>(File.ReadAllLines(Path.Combine(SentinelWorkspacePoc.GetExecutionPath(), $"SampleCefRecords.txt"))); }
public KeyVault(SentinelApiConfig sentinelApiConfig) { // configurationBase = new ConfigurationBase(); this.cacheSecretSetting = MemoizationExtensions.Memoize <string, string>(InternalGetSecret); this.sentinelApiConfig = sentinelApiConfig; this.authenticationCallbacks = new AuthenticationCallbacks(sentinelApiConfig); }
public static async Task <bool> SendEventsToLogAnalytics(string events, SentinelApiConfig sentinelApiConfig, string workspaceKey) { await Task.Run(() => { var datestring = DateTime.UtcNow.ToString("r"); var jsonBytes = Encoding.UTF8.GetBytes(events); string stringToHash = "POST\n" + jsonBytes.Length + "\napplication/json\n" + "x-ms-date:" + datestring + "\n/api/logs"; string hashedString = BuildSignature(stringToHash, workspaceKey); string signature = "SharedKey " + sentinelApiConfig.WorkspaceId + ":" + hashedString; PostData(signature, datestring, events, sentinelApiConfig); }); return(true); }
public AuthenticationCallbacks(SentinelApiConfig sentinelApiConfig) { this.sentinelApiConfig = sentinelApiConfig; }
// Send a request to the POST API endpoint private static async void PostData(string signature, string date, string we_json, SentinelApiConfig sentinelApiConfig) { try { await Task.Run(() => { string url = "https://" + sentinelApiConfig.WorkspaceId + ".ods.opinsights.azure.com/api/logs?api-version=2016-04-01"; HttpClient client = new HttpClient(); client.DefaultRequestHeaders.Add("Accept", "application/json"); client.DefaultRequestHeaders.Add("Log-Type", sentinelApiConfig.LogName); client.DefaultRequestHeaders.Add("Authorization", signature); client.DefaultRequestHeaders.Add("x-ms-date", date); // client.DefaultRequestHeaders.Add("time-generated-field", TimeStampField); HttpContent httpContent = new StringContent(we_json, Encoding.UTF8); httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/json"); Task <HttpResponseMessage> response = client.PostAsync(new Uri(url), httpContent); HttpContent responseContent = response.Result.Content; string result = responseContent.ReadAsStringAsync().Result; // Console.WriteLine("Return Result: " + result); }); } catch (Exception excep) { Console.WriteLine("API Post Exception: " + excep.Message); } }