Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
service_client_yara.cpp
Go to the documentation of this file.
1#include <grpcpp/grpcpp.h>
2#include "panoptes.grpc.pb.h"
3#include "PanoptesYara.h"
4
5using grpc::ClientContext;
6using grpc::Status;
7
8std::unique_ptr<PanoptesService::Stub> stub_;
9
13bool GetRegistryPortValue(DWORD& portValue) {
14 HKEY hKey;
15 DWORD dwType = REG_DWORD;
16 DWORD dwSize = sizeof(DWORD);
17
18 // Open the key
19 LONG lResult = RegOpenKeyExA(
20 HKEY_LOCAL_MACHINE,
21 "SOFTWARE\\Panoptes",
22 0,
23 KEY_READ,
24 &hKey
25 );
26
27 if (lResult != ERROR_SUCCESS) {
28 std::cerr << "Error opening registry key. Error code: " << lResult << std::endl;
29 return false;
30 }
31
32 // Read the SRV_PORT value
33 lResult = RegQueryValueExA(
34 hKey,
35 "SRV_PORT",
36 NULL,
37 &dwType,
38 reinterpret_cast<LPBYTE>(&portValue),
39 &dwSize
40 );
41
42 RegCloseKey(hKey);
43
44 if (lResult != ERROR_SUCCESS) {
45 std::cerr << "Error reading registry value. Error code: " << lResult << std::endl;
46 return false;
47 }
48
49 if (dwType != REG_DWORD) {
50 std::cerr << "Unexpected value type in registry." << std::endl;
51 return false;
52 }
53
54 return true;
55}
56
58PanoptesServiceClient::PanoptesServiceClient() {
59 DWORD portValue;
60 if (!GetRegistryPortValue(portValue)) {
61 std::cerr << "Failed to get registry port value." << std::endl;
62 return;
63 }
64 std::string server_url = "localhost:" + std::to_string(portValue);
65 std::shared_ptr<grpc::Channel> channel = grpc::CreateChannel(server_url, grpc::InsecureChannelCredentials());
66 stub_ = PanoptesService::NewStub(channel);
67}
68
74bool PanoptesServiceClient::Hello(ExtensibilityType extensibilityType, int ContainerPort) {
75 AckMessage reply;
76 ContainerInfo request;
77 ClientContext g_context;
78
79 request.set_container_type((ContainerType)extensibilityType);
80 request.set_grpc_port(ContainerPort);
81
82 Status status = stub_->Hello(&g_context, request, &reply);
83
84 if (!status.ok()) {
85 //std::cout << status.error_code() << ": " << status.error_message() << std::endl;
86 exit(1);
87 }
88
89 return reply.ack_type();
90}
91
97bool PanoptesServiceClient::SendResults_Yara(std::string pePath, std::string fileHash, std::vector<std::string> detectedRules) {
98 ClientContext context;
99 AckMessage reply;
100 ContainerReply request;
101
102 ScanYara results;
103 request.set_portable_executable_path(pePath);
104 request.set_file_hash(fileHash);
105
106 for (auto rule : detectedRules) {
107 results.add_detected_rules(rule);
108 }
109
110 request.mutable_yara_scan()->CopyFrom(results);
111
112 Status status = stub_->ScanResults(&context, request, &reply);
113
114 if (!status.ok()) {
115 std::cout << status.error_code() << ": " << status.error_message() << std::endl;
116 exit(1);
117 }
118
119 return reply.ack_type();
120}
ExtensibilityType
ExtensibilityType
The type of extensibility.
Definition ExtensibilityCore.h:10
PanoptesServiceClient::SendResults_Yara
bool SendResults_Yara(std::string PePath, std::string FileHash, DWORD ProcessId, std::string YaraRulesPath, INT MatchRules, std::vector< std::string > DetectedRules)
PanoptesServiceClient::PanoptesServiceClient
PanoptesServiceClient()
The PanoptesServiceClient class is a class that implements the PanoptesServiceClient class.
Definition service_client.cpp:15
PanoptesServiceClient::Hello
bool Hello(ExtensibilityType extensibilityType, std::string port)
The Hello function sends a Hello message to the Panoptes main service from the container.
Definition service_client.cpp:25
GetRegistryPortValue
bool GetRegistryPortValue(DWORD &portValue)
Get the gRPC port value from the registry.
Definition container.cpp:24
DWORD
unsigned long DWORD
Definition inject.h:2
stub_
std::unique_ptr< PanoptesService::Stub > stub_
Definition service_client.cpp:10
stub_
std::unique_ptr< PanoptesService::Stub > stub_
Definition service_client_yara.cpp:8
GetRegistryPortValue
bool GetRegistryPortValue(DWORD &portValue)
Get the Panoptes Service port from the registry.
Definition service_client_yara.cpp:13
Generated by doxygen 1.9.8