C# Dotnet Senden Sie Windows 11 Home Defender -Sicherheitswarnungen als JSON an Webhook nach Limacharlie ⇐ C#

[Anonymous]

Ich möchte Windows Security Defender -Ereignisse an Limacharlie Webhook senden.

Code: Select all

// Run PowerShell command to get last 10 Application logs
ProcessStartInfo psi = new ProcessStartInfo
{
FileName = "powershell",
Arguments = "-Command \"Get-WinEvent -LogName Application -MaxEvents 10 | ConvertTo-Json -Depth 3\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
< /code>
Aber wenn ich nicht sicher bin, wie mein Programm die Windows Security Defender -Protokolle erhalten kann. /p>
// Run PowerShell command to get last 10 Security logs
ProcessStartInfo psi = new ProcessStartInfo
{
FileName = "powershell",
Arguments = "-Command \"Get-WinEvent -LogName Application | Where-Object {$_.ProviderName -like 'Microsoft-Windows-Security-Auditing'} -MaxEvents 10 | ConvertTo-Json -Depth 3\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};
< /code>
Fehler; < /p>

Fehler: Die Ausgabe ist nicht gültig jSON. Hier ist der einfache Textausgang:
Wo-Objekt: Ein Parameter kann nicht gefunden werden, der den Parameternamen übereinstimmt. > Mein Code ist unten.using System;
using System.Diagnostics;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using Newtonsoft.Json;

class Program
{
static async Task Main(string[] args)
{
// Load configuration or prompt user for details
Config config = ConfigManager.LoadConfig() ?? ConfigManager.PromptUserForConfig();

// Send Application Event Logs to LimaCharlie
await SendApplicationLogs(config);
}

/// 
/// Fetches the last 10 Application Event logs and sends them to LimaCharlie.
/// 
static async Task SendApplicationLogs(Config config)
{
try
{
// Run PowerShell command to get last 10 Security logs
ProcessStartInfo psi = new ProcessStartInfo
{
FileName = "powershell",
Arguments = "-Command \"Get-WinEvent -LogName Application | Where-Object {$_.ProviderName -like 'Microsoft-Windows-Security-Auditing'} -MaxEvents 10 | ConvertTo-Json -Depth 3\"",
RedirectStandardOutput = true,
UseShellExecute = false,
CreateNoWindow = true
};

using (Process process = new Process { StartInfo = psi })
{
process.Start();
string jsonData = process.StandardOutput.ReadToEnd();
process.WaitForExit();

// Try to deserialize the output to check if it's JSON
try
{
// Try to deserialize the output as JSON
var jsonObject = JsonConvert.DeserializeObject(jsonData);

// If deserialization succeeds, it's JSON
Console.WriteLine("Program·SendApplicationLogs()· Logs successfully sent to LimaCharlie.");
}
catch (JsonException)
{
// If deserialization fails, it's not JSON (likely plain text)
Console.WriteLine("Program·SendApplicationLogs()· ERROR: The output is not valid JSON.  Here is the plain text output:");
Console.WriteLine(jsonData);
}

// Continue with sending the logs (if it's valid JSON)
using (HttpClient client = new HttpClient())
{
// Add the authentication header
client.DefaultRequestHeaders.Add("lc-secret", config.WebhookSecret);

// Set the HTTP content type as JSON
HttpContent content = new StringContent(jsonData, Encoding.UTF8, "application/json");

// Ensure the HookURL doesn't have a duplicate domain part
string hookURL = config.HookURL.Contains(".hook.limacharlie.io")
? config.HookURL
: $"{config.HookURL}.hook.limacharlie.io";

// Construct the final webhook URL
string webhookUrl = $"https://{hookURL}/{config.OrgId}/{config.WebhookName}";

// Send logs as POST request
HttpResponseMessage response = await client.PostAsync(webhookUrl, content);

// Print the response status
if (response.IsSuccessStatusCode)
{
Console.WriteLine($"Program·SendApplicationLogs()·Logs successfully sent to LimaCharlie.");
}
else
{
Console.WriteLine($"Program·SendApplicationLogs()·ERROR: {response.StatusCode} - {response.ReasonPhrase}");
}
}
}
}
catch (Exception ex)
{
Console.WriteLine($"Program·SendApplicationLogs()·ERROR: {ex.Message}");
}
}

}

config.cs

Code: Select all

// WinSecurityLogs/Model/Config.cs

/// 
/// Stores LimaCharlie Configuration Details.
/// 
public class Config
{
public string OrgId { get; set; }
public string HookURL {get; set;}
public string WebhookName { get; set; }
public string WebhookSecret { get; set; }
}

ConfigManager.cs

Code: Select all

// WinSecurityLogs/WinEventLogger

using System;
using System.IO;
using Newtonsoft.Json;

// Handles User Input & Config Storage

public class ConfigManager
{
// Path to store the config file
private static string configPath = "config.json";

/// 
/// Loads configuration from config.json if it exists.
/// 
public static Config LoadConfig()
{
if (File.Exists(configPath))
{
string json = File.ReadAllText(configPath);
return JsonConvert.DeserializeObject(json);
}

return null;
}

/// 
/// Saves configuration to config.json.
/// 
public static void SaveConfig(Config config)
{
string json = JsonConvert.SerializeObject(config, Formatting.Indented);
File.WriteAllText(configPath, json);
}

/// 
/// Prompts user for LimaCharlie details on first run.
/// 
public static Config PromptUserForConfig()
{
Console.Write("Enter LimaCharlie Organization ID (example a100a186-8a11-445a-a0cf-643a40c7fb61): ");
string orgId = Console.ReadLine().Trim();

Console.Write("Enter LimaCharlie Hook URL (b76093c3662d5b4f.hook.limacharlie.io): ");
string hookURL = Console.ReadLine().Trim();

Console.Write("Enter LimaCharlie Webhook Name (example acd-windows-security-webhook): ");
string webhookName = Console.ReadLine().Trim();

Console.Write("Enter LimaCharlie Webhook Secret: ");
string webhookSecret = Console.ReadLine().Trim();

Config config = new Config
{
OrgId = orgId,
HookURL = hookURL,
WebhookName = webhookName,
WebhookSecret = webhookSecret
};

SaveConfig(config);
return config;
}
}