Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Public Member Functions | List of all members
PanoptesServiceClient Class Reference

Panoptes Service Client that is used to communicate with the Panoptes Service via. More...

#include <container_ipc.hpp>

Public Member Functions

 PanoptesServiceClient ()
 The PanoptesServiceClient class is a class that implements the PanoptesServiceClient class.
 
bool Hello (ExtensibilityType extensibilityType, std::string port)
 The Hello function sends a Hello message to the Panoptes main service from the container.
 
bool SendResults_Yara (std::string PePath, std::string FileHash, DWORD ProcessId, std::string YaraRulesPath, INT MatchRules, std::vector< std::string > DetectedRules)
 
bool SendResults_PE (std::string PePath, bool IsPeSigned, std::string PeSignerSubject, std::vector< std::string > PeImports)
 
bool SendResults_AMSI (std::string PePath, DWORD AmsiResult)
 
 PanoptesServiceClient ()
 
bool Hello (ExtensibilityType extensibilityType, int ContainerPort)
 Send a hello message to the Panoptes Service to bind to the service.
 
bool SendResults_AMSI (std::string PePath, std::string FileHash, DWORD AmsiResult)
 Send the results of the AMSI scan to the Panoptes Service.
 
 PanoptesServiceClient ()
 
bool Hello (ExtensibilityType extensibilityType, int ContainerPort)
 
bool SendResults_PE (std::string PePath, PortableExecutable::PEScanData data)
 
 PanoptesServiceClient ()
 
bool Hello (ExtensibilityType extensibilityType, int ContainerPort)
 
bool SendResults_Yara (std::string PePath, std::string FileHash, std::vector< std::string > DetectedRules)
 Send the results of the YARA scan to the Panoptes Service.
 
 PanoptesServiceClient ()
 
bool QueuePeScan (std::string PePath, std::string FileHash, std::string &message)
 Send a request to the Panoptes Service to scan a PE file.
 
 PanoptesServiceClient ()
 
bool QueuePeScan (std::string PePath, std::string FileHash, std::string &message)
 

Detailed Description

Panoptes Service Client that is used to communicate with the Panoptes Service via.

The Panoptes Service Client that used to communicate via gRPC.

Definition at line 36 of file container_ipc.hpp.

Constructor & Destructor Documentation

◆ PanoptesServiceClient() [1/6]

PanoptesServiceClient::PanoptesServiceClient ( )

The PanoptesServiceClient class is a class that implements the PanoptesServiceClient class.

Constructor for the Panoptes Service Client.

Constructor for the Panoptes Service Client to set up the connection to the.

Constructor for the Panoptes Service Client to set up the connection to the Panoptes Service.

Returns
The PanoptesServiceClient class.

Definition at line 15 of file service_client.cpp.

15 {
16 std::string server_url = "localhost:" + std::to_string(SERVICE_PORT);
17 std::shared_ptr<grpc::Channel> channel = grpc::CreateChannel(server_url, grpc::InsecureChannelCredentials());
18 stub_ = PanoptesService::NewStub(channel);
19}
SERVICE_PORT
#define SERVICE_PORT
Definition ExtensibilityCore.h:5
stub_
std::unique_ptr< PanoptesService::Stub > stub_
Definition service_client.cpp:10

References SERVICE_PORT, and stub_.

◆ PanoptesServiceClient() [2/6]

PanoptesServiceClient::PanoptesServiceClient ( )

◆ PanoptesServiceClient() [3/6]

PanoptesServiceClient::PanoptesServiceClient ( )

◆ PanoptesServiceClient() [4/6]

PanoptesServiceClient::PanoptesServiceClient ( )

◆ PanoptesServiceClient() [5/6]

PanoptesServiceClient::PanoptesServiceClient ( )

◆ PanoptesServiceClient() [6/6]

PanoptesServiceClient::PanoptesServiceClient ( )

Member Function Documentation

◆ Hello() [1/4]

bool PanoptesServiceClient::Hello ( ExtensibilityType  extensibilityType,
int  ContainerPort 
)

Send a hello message to the Panoptes Service to bind to the service.

Send a hello message to the Panoptes Service to bind to the service containing the type of extensibility and the port of the container that the extensibility is running in.

Parameters
extensibilityTypeThe type of extensibility, in this case AMSI
ContainerPortThe port of the container that the extensibility is running in
Returns
True if the hello message was sent successfully, false otherwise
Parameters
extensibilityTypeThe type of extensibility, in this case YARA
ContainerPortThe port of the container that the extensibility is running in
Returns
True if the hello message was sent successfully, false otherwise

Definition at line 74 of file service_client_amsi.cpp.

74 {
75 AckMessage reply;
76 ContainerInfo request;
77 ClientContext g_context;
78
79 request.set_container_type((ContainerType)extensibilityType);
80 request.set_grpc_port(ContainerPort);
81
82 Status status = stub_->Hello(&g_context, request, &reply);
83
84 if (!status.ok()) {
85 std::cout << status.error_code() << ": " << status.error_message() << std::endl;
86 exit(1);
87 }
88
89 return reply.ack_type();
90}

References stub_.

◆ Hello() [2/4]

bool PanoptesServiceClient::Hello ( ExtensibilityType  extensibilityType,
int  ContainerPort 
)

◆ Hello() [3/4]

bool PanoptesServiceClient::Hello ( ExtensibilityType  extensibilityType,
int  ContainerPort 
)

◆ Hello() [4/4]

bool PanoptesServiceClient::Hello ( ExtensibilityType  extensibilityType,
std::string  port 
)

The Hello function sends a Hello message to the Panoptes main service from the container.

Parameters
extensibilityTypeThe type of extensibility.
portThe port of the Panoptes main service.
Returns
True if the Hello message is sent successfully, false otherwise.

Definition at line 25 of file service_client.cpp.

25 {
26 AckMessage reply;
27 ContainerInfo request;
28 ClientContext g_context;
29
30 int grpc_port = std::stoi(port);
31 request.set_container_type((ContainerType)extensibilityType);
32 request.set_grpc_port(grpc_port);
33
34 Status status = stub_->Hello(&g_context, request, &reply);
35
36 if (!status.ok()) {
37 std::cout << status.error_code() << ": " << status.error_message() << std::endl;
38 return !reply.ack_type();
39 }
40
41 return !reply.ack_type();
42}

References stub_.

Referenced by PanoBind().

◆ QueuePeScan() [1/2]

bool PanoptesServiceClient::QueuePeScan ( std::string  PePath,
std::string  FileHash,
std::string &  message 
)

Send a request to the Panoptes Service to scan a PE file.

Parameters
PePathThe path to the PE file
FileHashThe hash of the PE file
messageThe message to send to the Panoptes Service
Returns
True if the request was sent successfully, false otherwise

Definition at line 72 of file scanner_ipc.cpp.

72 {
73 AckMessage reply;
74 ClientContext context;
75 std::chrono::system_clock::time_point deadline = std::chrono::system_clock::now() + std::chrono::milliseconds(8000); // 8 second timeout
76 context.set_deadline(deadline);
77 PeScanInfo request;
78 request.set_file_hash(FileHash);
79 request.set_portable_executable_path(PePath);
80
81 Status status = stub_->QueuePeScan(&context, request, &reply);
82 if (!status.ok()) {
83 if (status.error_code() != grpc::StatusCode::UNKNOWN || status.error_code() != grpc::StatusCode::DEADLINE_EXCEEDED) {
84 message = status.error_message();
85 return false;
86 }
87 }
88
89 return true;
90}

References stub_.

Referenced by main(), and WinMain().

◆ QueuePeScan() [2/2]

bool PanoptesServiceClient::QueuePeScan ( std::string  PePath,
std::string  FileHash,
std::string &  message 
)

◆ SendResults_AMSI() [1/2]

bool PanoptesServiceClient::SendResults_AMSI ( std::string  PePath,
DWORD  AmsiResult 
)

Referenced by PanoEntry().

◆ SendResults_AMSI() [2/2]

bool PanoptesServiceClient::SendResults_AMSI ( std::string  PePath,
std::string  FileHash,
DWORD  AmsiResult 
)

Send the results of the AMSI scan to the Panoptes Service.

Parameters
PePathThe path of the file that was scanned
FileHashThe hash of the file that was scanned
AmsiResultThe result of the AMSI scan
Returns
True if the results were sent successfully, false otherwise

Definition at line 97 of file service_client_amsi.cpp.

101{
102 AckMessage reply;
103 ContainerReply request;
104 ClientContext g_context;
105
106 ScanAMSI results;
107 request.set_portable_executable_path(PePath);
108 request.set_file_hash(FileHash);
109 results.set_amsi_result(AmsiResult);
110
111 request.mutable_amsi_scan()->CopyFrom(results);
112
113 Status status = stub_->ScanResults(&g_context, request, &reply);
114
115 if (!status.ok()) {
116 std::cout << status.error_code() << ": " << status.error_message() << std::endl;
117 exit(1);
118 }
119
120 return !reply.ack_type();
121}

References stub_.

◆ SendResults_PE() [1/2]

bool PanoptesServiceClient::SendResults_PE ( std::string  PePath,
bool  IsPeSigned,
std::string  PeSignerSubject,
std::vector< std::string >  PeImports 
)

Referenced by PanoEntry().

◆ SendResults_PE() [2/2]

bool PanoptesServiceClient::SendResults_PE ( std::string  PePath,
PortableExecutable::PEScanData  data 
)

Definition at line 83 of file service_client_pe.cpp.

83 {
84 AckMessage reply;
85 ContainerReply request;
86 ClientContext g_context;
87
88 ScanPE results;
89 request.set_portable_executable_path(PePath);
90 request.set_file_hash(PePath);
91 results.set_signed_(data.isSigned);
92 for (int i = 0; i < data.imports.size(); i++) {
93 results.add_imports(data.imports[i]);
94 }
95
96 for (int i = 0; i < data.sections.size(); i++) {
97 results.add_sections(data.sections[i]);
98 }
99
100 for (int i = 0; i < data.section_entropy.size(); i++) {
101 results.add_section_entropy(data.section_entropy[i]);
102 }
103
104 request.mutable_pe_scan()->CopyFrom(results);
105
106 Status status = stub_->ScanResults(&g_context, request, &reply);
107
108 if (!status.ok()) {
109 //std::cout << status.error_code() << ": " << status.error_message() << std::endl;
110 exit(1);
111 }
112
113 return reply.ack_type();
114}
PortableExecutable::PEScanData::imports
std::vector< std::string > imports
Definition PanoptesPE.h:12
PortableExecutable::PEScanData::section_entropy
std::vector< double > section_entropy
Definition PanoptesPE.h:14
PortableExecutable::PEScanData::sections
std::vector< std::string > sections
Definition PanoptesPE.h:13

References PortableExecutable::PEScanData::imports, PortableExecutable::PEScanData::isSigned, PortableExecutable::PEScanData::section_entropy, PortableExecutable::PEScanData::sections, and stub_.

◆ SendResults_Yara() [1/2]

bool PanoptesServiceClient::SendResults_Yara ( std::string  PePath,
std::string  FileHash,
DWORD  ProcessId,
std::string  YaraRulesPath,
INT  MatchRules,
std::vector< std::string >  DetectedRules 
)

Referenced by PanoEntry().

◆ SendResults_Yara() [2/2]

bool PanoptesServiceClient::SendResults_Yara ( std::string  pePath,
std::string  fileHash,
std::vector< std::string >  detectedRules 
)

Send the results of the YARA scan to the Panoptes Service.

Parameters
pePathThe path of the file that was scanned
fileHashThe hash of the file that was scanned
detectedRulesThe rules that were detected
Returns
True if the results were sent successfully, false otherwise

Definition at line 97 of file service_client_yara.cpp.

97 {
98 ClientContext context;
99 AckMessage reply;
100 ContainerReply request;
101
102 ScanYara results;
103 request.set_portable_executable_path(pePath);
104 request.set_file_hash(fileHash);
105
106 for (auto rule : detectedRules) {
107 results.add_detected_rules(rule);
108 }
109
110 request.mutable_yara_scan()->CopyFrom(results);
111
112 Status status = stub_->ScanResults(&context, request, &reply);
113
114 if (!status.ok()) {
115 std::cout << status.error_code() << ": " << status.error_message() << std::endl;
116 exit(1);
117 }
118
119 return reply.ack_type();
120}

References stub_.

The documentation for this class was generated from the following files:
Generated by doxygen 1.9.8