Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Configuration.cpp
Go to the documentation of this file.
1#include <Windows.h>
2#include "Configuration.hpp"
3#include "ResourceCore.h"
4// #include "panoptes.pb.h"
5#include <vector>
6#include <sstream>
7
8#pragma region Utility Functions
12DWORD StringToDWORD(const std::string& str) {
13 try {
14 unsigned long value = std::stoul(str, nullptr, 0);
15 return static_cast<DWORD>(value);
16 }
17 catch (const std::invalid_argument& e) {
18 // Handle invalid input
19 return 0; // or throw an exception, depending on your error handling strategy
20 }
21 catch (const std::out_of_range& e) {
22 // Handle out of range input
23 return 0; // or throw an exception, depending on your error handling strategy
24 }
25}
26
31std::vector<std::string> SplitString(const std::string& input, char delimiter = ',') {
32 std::vector<std::string> result;
33 std::stringstream ss(input);
34 std::string item;
35
36 while (std::getline(ss, item, delimiter)) {
37 result.push_back(item);
38 }
39
40 return result;
41}
42
46std::string StrToLower(std::string str) {
47 std::transform(str.begin(), str.end(), str.begin(),
48 [](unsigned char c) { return std::tolower(c); });
49 return str;
50}
51#pragma endregion
52
55Configuration::Configuration(std::string configurationPath)
56{
57 m_fileStream = std::ifstream(configurationPath);
58}
59
70
72void Configuration::IsValidJson()
73{
74 m_data = nlohmann::json::parse(m_fileStream);
75}
76
78void Configuration::GetEventProviders() {
79 if (m_data["EventProviders"].is_array()) {
80
81 std::vector<std::string> selectedExtensibility = m_data["EventProviders"].template get<std::vector<std::string>>();
82
83 for (std::string containerTypeStr : selectedExtensibility) {
84 auto splitStr = SplitString(containerTypeStr, ',');
85 if (splitStr.size() != 3) {
86 throw std::runtime_error("Invalid Event Provider format");
87 }
88
89 std::string providerName = splitStr[0];
90 unsigned long providerMatchAnyKeyword = StringToDWORD(splitStr[1]);
91 unsigned long providerMatchAllKeyword = StringToDWORD(splitStr[2]);
92
93 auto eventProviderInfo = std::make_tuple(providerName, providerMatchAnyKeyword, providerMatchAllKeyword);
94 m_eventProviders.push_back(eventProviderInfo);
95 }
96 }
97 else {
98 throw std::runtime_error("EventProviders was not set in the the configuration");
99 }
100}
101
103void Configuration::GetExtensibilitySelected()
104{
105 if (m_data["ExtensibilitySelected"].is_array()) {
106 std::vector<std::string> selectedExtensibility = m_data["ExtensibilitySelected"].template get<std::vector<std::string>>();
107
108 for (std::string containerTypeStr : selectedExtensibility) {
109 ContainerType containerType;
110
111
112 if (StrToLower(containerTypeStr) == "amsi") {
113 containerType = CONTAINER_TYPE_AMSI;
114 }
115 else if (StrToLower(containerTypeStr) == "pe") {
116 containerType = CONTAINER_TYPE_PE;
117 }
118 else if (StrToLower(containerTypeStr) == "yara") {
119 containerType = CONTAINER_TYPE_YARA;
120 }
121 else {
122 throw std::runtime_error("Invalid Container Type");
123 }
124
125 m_extensibility.push_back(containerType);
126 }
127 }
128 else {
129 throw std::runtime_error("ExtensibilitySelected was not set in the the configuration");
130 }
131}
132
134void Configuration::GetScannerExclusions()
135{
136 if (m_data["Exclusions"].is_array()) {
137 m_exclusions = m_data["Exclusions"].template get<std::vector<std::string>>();
138 }
139 else {
140 throw std::runtime_error("Exclusions was not set in the the configuration");
141 }
142}
143
145void Configuration::GetIgnoreDriver() {
146 if (m_data["IgnoreDriver"].is_boolean()) {
147 m_ignoreDriver = m_data["IgnoreDriver"].template get<bool>();
148 }
149 else {
150 throw std::runtime_error("IgnoreDriver was not set in the the configuration");
151 }
152}
153
155void Configuration::GetQuarantineMaliciousFiles() {
156 if (m_data["QuarantineMaliciousFiles"].is_boolean()) {
157 m_quartine = m_data["QuarantineMaliciousFiles"].template get<bool>();
158 }
159 else {
160 throw std::runtime_error("QuarantineMaliciousFiles was not set in the the configuration");
161 }
162}
163
166std::vector<std::string> Configuration::GetJsonKeys() {
167 std::vector<std::string> keys;
168 if (m_data.is_object()) {
169 for (nlohmann::json::const_iterator it = m_data.begin(); it != m_data.end(); ++it) {
170 keys.push_back(it.key());
171 }
172 }
173 else {
174 throw std::runtime_error("The json data object was not set");
175 }
176
177 return keys;
178}
StrToLower
std::string StrToLower(std::string str)
Convert a string to lowercase.
Definition Configuration.cpp:46
SplitString
std::vector< std::string > SplitString(const std::string &input, char delimiter=',')
Split a string into a vector of strings.
Definition Configuration.cpp:31
StringToDWORD
DWORD StringToDWORD(const std::string &str)
Convert a string to a DWORD.
Definition Configuration.cpp:12
Configuration::m_data
nlohmann::json m_data
Definition Configuration.hpp:9
Configuration::m_eventProviders
std::vector< std::tuple< std::string, unsigned long, unsigned long > > m_eventProviders
The event providers from the configuration file.
Definition Configuration.hpp:46
Configuration::Configuration
Configuration(std::string configurationPath)
Constructor for the Configuration class.
Definition Configuration.cpp:55
Configuration::m_extensibility
std::vector< Configuration::ContainerType > m_extensibility
The extensibility selected from the configuration file.
Definition Configuration.hpp:40
Configuration::m_exclusions
std::vector< std::string > m_exclusions
The exclusions from the configuration file.
Definition Configuration.hpp:37
Configuration::GetJsonKeys
std::vector< std::string > GetJsonKeys()
Get the keys from the configuration file.
Definition Configuration.cpp:166
Configuration::GetIgnoreDriver
void GetIgnoreDriver()
Get the ignore driver from the configuration file.
Definition Configuration.cpp:145
Configuration::ContainerType
ContainerType
The type of container that the extensibility is running in.
Definition Configuration.hpp:29
Configuration::Parse
void Parse()
Parse the configuration file.
Definition Configuration.cpp:61
Configuration::IsValidJson
void IsValidJson()
Check if the configuration file is valid.
Definition Configuration.cpp:72
Configuration::GetScannerExclusions
void GetScannerExclusions()
Get the scanner exclusions from the configuration file.
Definition Configuration.cpp:134
Configuration::GetQuarantineMaliciousFiles
void GetQuarantineMaliciousFiles()
Get the quarantine malicious files from the configuration file.
Definition Configuration.cpp:155
Configuration::m_fileStream
std::ifstream m_fileStream
Definition Configuration.hpp:10
Configuration::m_ignoreDriver
bool m_ignoreDriver
The ignore driver from the configuration file.
Definition Configuration.hpp:49
Configuration::GetExtensibilitySelected
void GetExtensibilitySelected()
Get the extensibility selected from the configuration file.
Definition Configuration.cpp:103
Configuration::GetEventProviders
void GetEventProviders()
Get the event providers from the configuration file.
Definition Configuration.cpp:78
Configuration::m_quartine
bool m_quartine
The quarantine malicious files from the configuration file.
Definition Configuration.hpp:52
result
ULONG result
Definition events.cpp:22
DWORD
unsigned long DWORD
Definition inject.h:2
Generated by doxygen 1.9.8