Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
Configuration Class Reference

#include <Configuration.hpp>

Public Types

enum  ContainerType : int { CONTAINER_TYPE_NONE = 0 , CONTAINER_TYPE_AMSI = 10 , CONTAINER_TYPE_PE = 20 , CONTAINER_TYPE_YARA = 30 }
 The type of container that the extensibility is running in. More...
 

Public Member Functions

 Configuration (std::string configurationPath)
 Constructor for the Configuration class.
 
void Parse ()
 Parse the configuration file.
 
void IsValidJson ()
 Check if the configuration file is valid.
 
std::vector< std::string > GetJsonKeys ()
 Get the keys from the configuration file.
 

Public Attributes

std::vector< std::string > m_exclusions
 The exclusions from the configuration file.
 
std::vector< Configuration::ContainerTypem_extensibility
 The extensibility selected from the configuration file.
 
std::vector< std::string > m_extensibilityListName
 The list of extensibility names from the configuration file.
 
std::vector< std::tuple< std::string, unsigned long, unsigned long > > m_eventProviders
 The event providers from the configuration file.
 
bool m_ignoreDriver = false
 The ignore driver from the configuration file.
 
bool m_quartine = false
 The quarantine malicious files from the configuration file.
 

Protected Member Functions

void GetExtensibilitySelected ()
 Get the extensibility selected from the configuration file.
 
void GetScannerExclusions ()
 Get the scanner exclusions from the configuration file.
 
void GetIgnoreDriver ()
 Get the ignore driver from the configuration file.
 
void GetQuarantineMaliciousFiles ()
 Get the quarantine malicious files from the configuration file.
 
void GetEventProviders ()
 Get the event providers from the configuration file.
 

Protected Attributes

nlohmann::json m_data
 
std::ifstream m_fileStream
 

Detailed Description

Definition at line 7 of file Configuration.hpp.

Member Enumeration Documentation

◆ ContainerType

enum Configuration::ContainerType : int

The type of container that the extensibility is running in.

Enumerator
CONTAINER_TYPE_NONE 
CONTAINER_TYPE_AMSI 
CONTAINER_TYPE_PE 
CONTAINER_TYPE_YARA 

Definition at line 29 of file Configuration.hpp.

29 : int {
30 CONTAINER_TYPE_NONE = 0,
31 CONTAINER_TYPE_AMSI = 10,
32 CONTAINER_TYPE_PE = 20,
33 CONTAINER_TYPE_YARA = 30
34 };

Constructor & Destructor Documentation

◆ Configuration()

Configuration::Configuration ( std::string  configurationPath)

Constructor for the Configuration class.

Parameters
configurationPathThe path to the configuration file

Definition at line 55 of file Configuration.cpp.

56{
57 m_fileStream = std::ifstream(configurationPath);
58}
Configuration::m_fileStream
std::ifstream m_fileStream
Definition Configuration.hpp:10

References m_fileStream.

Member Function Documentation

◆ GetEventProviders()

void Configuration::GetEventProviders ( )
protected

Get the event providers from the configuration file.

Definition at line 78 of file Configuration.cpp.

78 {
79 if (m_data["EventProviders"].is_array()) {
80
81 std::vector<std::string> selectedExtensibility = m_data["EventProviders"].template get<std::vector<std::string>>();
82
83 for (std::string containerTypeStr : selectedExtensibility) {
84 auto splitStr = SplitString(containerTypeStr, ',');
85 if (splitStr.size() != 3) {
86 throw std::runtime_error("Invalid Event Provider format");
87 }
88
89 std::string providerName = splitStr[0];
90 unsigned long providerMatchAnyKeyword = StringToDWORD(splitStr[1]);
91 unsigned long providerMatchAllKeyword = StringToDWORD(splitStr[2]);
92
93 auto eventProviderInfo = std::make_tuple(providerName, providerMatchAnyKeyword, providerMatchAllKeyword);
94 m_eventProviders.push_back(eventProviderInfo);
95 }
96 }
97 else {
98 throw std::runtime_error("EventProviders was not set in the the configuration");
99 }
100}
SplitString
std::vector< std::string > SplitString(const std::string &input, char delimiter=',')
Split a string into a vector of strings.
Definition Configuration.cpp:31
StringToDWORD
DWORD StringToDWORD(const std::string &str)
Convert a string to a DWORD.
Definition Configuration.cpp:12
Configuration::m_data
nlohmann::json m_data
Definition Configuration.hpp:9
Configuration::m_eventProviders
std::vector< std::tuple< std::string, unsigned long, unsigned long > > m_eventProviders
The event providers from the configuration file.
Definition Configuration.hpp:46

References m_data, m_eventProviders, SplitString(), and StringToDWORD().

Referenced by Parse().

◆ GetExtensibilitySelected()

void Configuration::GetExtensibilitySelected ( )
protected

Get the extensibility selected from the configuration file.

Definition at line 103 of file Configuration.cpp.

104{
105 if (m_data["ExtensibilitySelected"].is_array()) {
106 std::vector<std::string> selectedExtensibility = m_data["ExtensibilitySelected"].template get<std::vector<std::string>>();
107
108 for (std::string containerTypeStr : selectedExtensibility) {
109 ContainerType containerType;
110
111
112 if (StrToLower(containerTypeStr) == "amsi") {
113 containerType = CONTAINER_TYPE_AMSI;
114 }
115 else if (StrToLower(containerTypeStr) == "pe") {
116 containerType = CONTAINER_TYPE_PE;
117 }
118 else if (StrToLower(containerTypeStr) == "yara") {
119 containerType = CONTAINER_TYPE_YARA;
120 }
121 else {
122 throw std::runtime_error("Invalid Container Type");
123 }
124
125 m_extensibility.push_back(containerType);
126 }
127 }
128 else {
129 throw std::runtime_error("ExtensibilitySelected was not set in the the configuration");
130 }
131}
StrToLower
std::string StrToLower(std::string str)
Convert a string to lowercase.
Definition Configuration.cpp:46
Configuration::m_extensibility
std::vector< Configuration::ContainerType > m_extensibility
The extensibility selected from the configuration file.
Definition Configuration.hpp:40
Configuration::ContainerType
ContainerType
The type of container that the extensibility is running in.
Definition Configuration.hpp:29

References CONTAINER_TYPE_AMSI, CONTAINER_TYPE_PE, CONTAINER_TYPE_YARA, m_data, m_extensibility, and StrToLower().

Referenced by Parse().

◆ GetIgnoreDriver()

void Configuration::GetIgnoreDriver ( )
protected

Get the ignore driver from the configuration file.

Definition at line 145 of file Configuration.cpp.

145 {
146 if (m_data["IgnoreDriver"].is_boolean()) {
147 m_ignoreDriver = m_data["IgnoreDriver"].template get<bool>();
148 }
149 else {
150 throw std::runtime_error("IgnoreDriver was not set in the the configuration");
151 }
152}
Configuration::m_ignoreDriver
bool m_ignoreDriver
The ignore driver from the configuration file.
Definition Configuration.hpp:49

References m_data, and m_ignoreDriver.

Referenced by Parse().

◆ GetJsonKeys()

std::vector< std::string > Configuration::GetJsonKeys ( )

Get the keys from the configuration file.

Returns
A vector of strings containing the keys

Definition at line 166 of file Configuration.cpp.

166 {
167 std::vector<std::string> keys;
168 if (m_data.is_object()) {
169 for (nlohmann::json::const_iterator it = m_data.begin(); it != m_data.end(); ++it) {
170 keys.push_back(it.key());
171 }
172 }
173 else {
174 throw std::runtime_error("The json data object was not set");
175 }
176
177 return keys;
178}

References m_data.

Referenced by main().

◆ GetQuarantineMaliciousFiles()

void Configuration::GetQuarantineMaliciousFiles ( )
protected

Get the quarantine malicious files from the configuration file.

Definition at line 155 of file Configuration.cpp.

155 {
156 if (m_data["QuarantineMaliciousFiles"].is_boolean()) {
157 m_quartine = m_data["QuarantineMaliciousFiles"].template get<bool>();
158 }
159 else {
160 throw std::runtime_error("QuarantineMaliciousFiles was not set in the the configuration");
161 }
162}
Configuration::m_quartine
bool m_quartine
The quarantine malicious files from the configuration file.
Definition Configuration.hpp:52

References m_data, and m_quartine.

Referenced by Parse().

◆ GetScannerExclusions()

void Configuration::GetScannerExclusions ( )
protected

Get the scanner exclusions from the configuration file.

Definition at line 134 of file Configuration.cpp.

135{
136 if (m_data["Exclusions"].is_array()) {
137 m_exclusions = m_data["Exclusions"].template get<std::vector<std::string>>();
138 }
139 else {
140 throw std::runtime_error("Exclusions was not set in the the configuration");
141 }
142}
Configuration::m_exclusions
std::vector< std::string > m_exclusions
The exclusions from the configuration file.
Definition Configuration.hpp:37

References m_data, and m_exclusions.

Referenced by Parse().

◆ IsValidJson()

void Configuration::IsValidJson ( )

Check if the configuration file is valid.

Definition at line 72 of file Configuration.cpp.

73{
74 m_data = nlohmann::json::parse(m_fileStream);
75}

References m_data, and m_fileStream.

Referenced by main().

◆ Parse()

void Configuration::Parse ( )

Parse the configuration file.

Definition at line 61 of file Configuration.cpp.

62{
63 m_data = nlohmann::json::parse(m_fileStream);
64 GetExtensibilitySelected();
65 GetScannerExclusions();
66 GetIgnoreDriver();
67 GetQuarantineMaliciousFiles();
68 GetEventProviders();
69}
Configuration::GetIgnoreDriver
void GetIgnoreDriver()
Get the ignore driver from the configuration file.
Definition Configuration.cpp:145
Configuration::GetScannerExclusions
void GetScannerExclusions()
Get the scanner exclusions from the configuration file.
Definition Configuration.cpp:134
Configuration::GetQuarantineMaliciousFiles
void GetQuarantineMaliciousFiles()
Get the quarantine malicious files from the configuration file.
Definition Configuration.cpp:155
Configuration::GetExtensibilitySelected
void GetExtensibilitySelected()
Get the extensibility selected from the configuration file.
Definition Configuration.cpp:103
Configuration::GetEventProviders
void GetEventProviders()
Get the event providers from the configuration file.
Definition Configuration.cpp:78

References GetEventProviders(), GetExtensibilitySelected(), GetIgnoreDriver(), GetQuarantineMaliciousFiles(), GetScannerExclusions(), m_data, and m_fileStream.

Referenced by WinMain().

Member Data Documentation

◆ m_data

nlohmann::json Configuration::m_data
protected

Definition at line 9 of file Configuration.hpp.

Referenced by GetEventProviders(), GetExtensibilitySelected(), GetIgnoreDriver(), GetJsonKeys(), GetQuarantineMaliciousFiles(), GetScannerExclusions(), IsValidJson(), and Parse().

◆ m_eventProviders

std::vector<std::tuple<std::string, unsigned long, unsigned long> > Configuration::m_eventProviders

The event providers from the configuration file.

Definition at line 46 of file Configuration.hpp.

Referenced by GetEventProviders(), and StartPanoptesTrace().

◆ m_exclusions

std::vector<std::string> Configuration::m_exclusions

The exclusions from the configuration file.

Definition at line 37 of file Configuration.hpp.

Referenced by GetScannerExclusions().

◆ m_extensibility

std::vector<Configuration::ContainerType> Configuration::m_extensibility

The extensibility selected from the configuration file.

Definition at line 40 of file Configuration.hpp.

Referenced by GetExtensibilitySelected(), and WinMain().

◆ m_extensibilityListName

std::vector<std::string> Configuration::m_extensibilityListName

The list of extensibility names from the configuration file.

Definition at line 43 of file Configuration.hpp.

◆ m_fileStream

std::ifstream Configuration::m_fileStream
protected

Definition at line 10 of file Configuration.hpp.

Referenced by Configuration(), IsValidJson(), and Parse().

◆ m_ignoreDriver

bool Configuration::m_ignoreDriver = false

The ignore driver from the configuration file.

Definition at line 49 of file Configuration.hpp.

Referenced by GetIgnoreDriver(), and WinMain().

◆ m_quartine

bool Configuration::m_quartine = false

The quarantine malicious files from the configuration file.

Definition at line 52 of file Configuration.hpp.

Referenced by GetQuarantineMaliciousFiles().

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8