diff --git a/Vagrant/resources/microsoft_ata/microsoft-ata-config.json b/Vagrant/resources/microsoft_ata/microsoft-ata-config.json new file mode 100644 index 0000000..8327627 --- /dev/null +++ b/Vagrant/resources/microsoft_ata/microsoft-ata-config.json @@ -0,0 +1 @@ +{"Configuration":{"AbnormalBehaviorDetectorConfiguration":{"BuildModelsConfiguration":{"Interval":"1.00:00:00","IsEnabled":true},"MinActiveAccountCount":50,"ExcludedSourceAccountIds":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"AbnormalKerberosDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"AbnormalSensitiveGroupMembershipChangeDetectorConfiguration":{"LearningPeriod":"70.00:00:00","ExcludedSourceAccountIds":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"AbnormalSmbDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"AbnormalVpnDetectorConfiguration":{"ProfileCommonGeolocationsAndCarriersAsyncConfiguration":{"Interval":"1.00:00:00","IsEnabled":true},"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"AccountEnumerationDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"ActivityProcessorConfiguration":{"ActivityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":50000},"ActivityPostponeBlockConfiguration":{"ActionConfiguration":{"Interval":"00:00:00.0500000","IsEnabled":true},"MaxSize":10000000,"Timeout":"00:02:00"},"PostponedActivityBlockConfiguration":{"MaxDegreeOfParallelism":100,"MaxSize":100000}},"ActivitySimulatorConfiguration":{"DatabaseServerEndpoint":{"Address":"localhost","Port":27017},"DelayInterval":"00:00:15","SimulationState":"Disabled"},"AppDomainManagerConfiguration":{"GcCollectConfiguration":{"Interval":"00:30:00","IsEnabled":true},"UpdateExceptionStatisticsConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"BruteForceDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"CenterTelemetryManagerConfiguration":{"IsEnabled":false,"ServiceUrl":"https://dc.applicationinsights.microsoft.com/v2/track","ClientInstrumentationKey":"fd3f5bd1-3d71-44a3-9209-d94633544903","ClientBufferMaxSize":450,"ClientSendInterval":"00:10:00","UnsentTelemetrySampleInterval":"01:00:00","UnsentTelemetryRetentionPeriod":"7.00:00:00","SendSystemTelemetryConfiguration":{"Interval":"1.00:00:00","IsEnabled":false},"SendPerformanceCounterTelemetryConfiguration":{"Interval":"00:10:00","IsEnabled":false},"SendAlertTelemetryConfiguration":{"Interval":"1.00:00:00","IsEnabled":false},"SendExceptionStatisticsTelemetryConfiguration":{"Interval":"1.00:00:00","IsEnabled":false},"SendUnsentTelemetriesConfiguration":{"Interval":"00:10:00","IsEnabled":false},"UnsentTelemetryBatchSize":20},"CenterWebApplicationConfiguration":{"ServiceListeningIpEndpoint":{"Address":"0.0.0.0","Port":443},"CommunicationCookieExpiration":"00:20:00"},"CenterWebClientConfiguration":{"RetryDelay":"00:00:01","ServiceEndpoints":[{"Address":"wef.windomain.local","Port":443}],"ServiceCertificateThumbprints":["{{THUMBPRINT}}"]},"ConfigurationManagerConfiguration":{"UpdateConfigurationConfiguration":{"Interval":"00:00:15","IsEnabled":true}},"DatabaseConfiguration":{"ServerEndpoint":{"Address":"localhost","Port":27017},"ClientConnectTimeout":"00:00:30","ClientServerSelectionTimeout":"00:00:30","ConnectionPoolMaxSize":100,"WaitQueueSize":1000,"BackupSystemProfileMaxCount":300,"CappedCollectionBlockConfiguration":{"BatchMaxSize":100,"MaxDegreeOfParallelism":8,"MaxSize":50000},"CappedCollectionHighEntityMaxCount":50000000,"CappedCollectionLowEntityMaxCount":1000000,"CappedCollectionUpdateCurrentCollectionEntityCountConfiguration":{"Interval":"00:01:00","IsEnabled":true},"DataDriveFreeSpaceCriticalPercentage":0.05,"DataDriveFreeSpaceCriticalSize":"50 GB","DataDriveFreeSpaceLowPercentage":0.2,"DataDriveFreeSpaceLowSize":"200 GB","WorkingSetPercentage":0.25,"LogFileMaxSize":"50 MB","LogFileMaxCount":10,"BackupSystemProfileConfiguration":{"Interval":"04:00:00","IsEnabled":true},"DeleteOldCappedCollectionsConfiguration":{"Interval":"00:01:00","IsEnabled":true},"DeleteOldIpAddressProfilesConfiguration":{"Interval":"1.00:00:00","IsEnabled":true},"MonitorDatabaseConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"DetectionConfiguration":{"AlertConfiguration":{"IsMailEnabled":false,"IsSyslogEnabled":true,"To":[]},"NotificationVerbosity":"Low"},"DirectoryServicesReplicationDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"DnsReconnaissanceDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"EncryptedTimestampEncryptionDowngradeDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"EntityProfilerConfiguration":{"UpdateDetectionProfileConfiguration":{"Interval":"00:05:00","IsEnabled":true},"UpdateDirectoryServicesTrafficSystemProfileConfiguration":{"Interval":"00:05:00","IsEnabled":true},"EventActivityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":100000},"LogicalActivityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":100000},"NetworkActivityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":100000}},"EntityReceiverConfiguration":{"ActivitiesDroppingEnabled":false,"EntityBatchBlockConfiguration":{"MaxSize":10000},"EntityBatchBlockSizeAccumulationQueueConfiguration":{"MaxSize":10,"Interval":"00:01:00"},"GatewayInactivityTimeout":"00:15:00","GetNatIpAddressesInternalConfiguration":{"Interval":"00:15:00","IsEnabled":true}},"EnumerateSessionsDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"ExternalIpAddressResolverConfiguration":{"CacheConfiguration":{"ShardCount":1,"MultiLruDictionaryConfiguration":{"MaxSize":10000,"Policy":"SingleValue","Timeout":"01:00:00"},"BackgroundRemoveOldConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"FailedResolutionsAccumulationQueueConfiguration":{"MaxSize":10,"Interval":"00:01:00"}},"ForgedPacDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"GoldenTicketDetectorConfiguration":{"KerberosTicketLifetime":null,"ExcludedSourceAccountIds":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"HoneytokenActivityDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"HttpClientConfiguration":{"BufferMaxSize":"128 MB","Timeout":"00:10:00"},"IntelligenceProxyConfiguration":{"ConnectionLimit":50,"WebClientConfiguration":{"RetryDelay":"00:00:01","ServiceEndpoints":[{"Address":"ti.ata.azure.com","Port":443}],"ServiceCertificateThumbprints":[]}},"LdapBruteForceDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"LdapCleartextPasswordDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"LoadSimulatorRecorderConfiguration":{"IsEnabled":false,"UniqueEntityBatchBlockConfiguration":{"MaxSize":1000},"EntityBatchBlockConfiguration":{"MaxSize":1000},"FileSegmentSize":"5 MB"},"LocalizerConfiguration":{"LocaleId":"en-us"},"LogicalActivityTranslatorConfiguration":{"LogicalActivityCacheConfiguration":{"ShardCount":100,"MultiLruDictionaryConfiguration":{"MaxSize":100000,"Policy":"SingleValue","Timeout":"00:01:00"},"BackgroundRemoveOldConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"EventActivityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":100000},"NetworkActivityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":100000},"UniqueEntityBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":100000}},"MailClientConfiguration":{"IsEnabled":false,"From":null,"ServerEndpoint":null,"ServerSslEnabled":false,"ServerSslAcceptAnyServerCertificate":false,"AuthenticationEnabled":false,"AuthenticationAccountName":null,"AuthenticationAccountPasswordEncrypted":null},"MaliciousServiceCreationDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"MassiveObjectDeletionDetectorConfiguration":{"DetectMassiveObjectDeletionConfiguration":{"Interval":"00:15:00","IsEnabled":true},"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"MemoryStreamPoolConfiguration":{"BlockSize":"128 KB","LargeBlockMultipleSize":"1 MB","BufferMaxSize":"128 MB"},"MonitoringClientConfiguration":{"AlertConfiguration":{"IsMailEnabled":false,"IsSyslogEnabled":true,"To":[]},"MonitoringAlertTypeNameToIsEnabledMapping":{"CenterDatabaseDataDriveFreeSpaceMonitoringAlert":true,"CenterDatabaseDisconnectedMonitoringAlert":true,"CenterExternalIpAddressResolutionFailureMonitoringAlert":true,"CenterMailMonitoringAlert":true,"CenterNotReceivingTrafficMonitoringAlert":true,"CenterOverloadedMonitoringAlert":true,"CenterSyslogMonitoringAlert":true,"CertificateExpiryMonitoringAlert":true,"GatewayCaptureNetworkAdapterFaultedMonitoringAlert":true,"GatewayCaptureNetworkAdapterMissingMonitoringAlert":true,"GatewayDirectoryServicesClientAccountPasswordExpiryMonitoringAlert":true,"GatewayDirectoryServicesClientConnectivityMonitoringAlert":true,"GatewayDisconnectedMonitoringAlert":true,"GatewayDomainSynchronizerNotAssignedMonitoringAlert":true,"GatewayLowMemoryMonitoringAlert":true,"GatewayOverloadedEventActivitiesMonitoringAlert":true,"GatewayOverloadedNetworkActivitiesMonitoringAlert":true,"GatewayRadiusEventListenerMonitoringAlert":true,"GatewaysOutdatedMonitoringAlert":true,"GatewayStartFailureMonitoringAlert":true,"GatewaySyslogEventListenerMonitoringAlert":true},"RenotificationInterval":"7.00:00:00"},"MonitoringEngineConfiguration":{"CenterNotReceivingTrafficTimeout":"01:00:00","GatewayInactivityTimeout":"00:05:00","GatewayStartFailureTimeout":"00:30:00","MonitoringAlertExpiration":"30.00:00:00","DeleteOldMonitoringAlertsConfiguration":{"Interval":"01:00:00","IsEnabled":true},"MonitoringCycleConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"NetworkActivityProcessorConfiguration":{"ParentKerberosResponseTicketHashKeyToParentKerberosDataMappingConfiguration":{"ShardCount":100,"MultiLruDictionaryConfiguration":{"MaxSize":400000,"Policy":"SingleValue","Timeout":"10:00:00"},"BackgroundRemoveOldConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"SaveParentKerberosBloomFiltersConfiguration":{"Interval":"00:15:00","IsEnabled":true},"SessionKeyToOperationsMappingConfiguration":{"ShardCount":100,"MultiLruDictionaryConfiguration":{"MaxSize":40000,"Policy":"MultiValue","Timeout":"00:03:00"},"BackgroundRemoveOldConfiguration":{"Interval":"00:01:00","IsEnabled":true}}},"NotificationEngineConfiguration":{"DeleteExpiredNotificationsConfiguration":{"Interval":"00:10:00","IsEnabled":true},"NotificationCycleConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"PassTheHashDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"PassTheTicketDetectorConfiguration":{"HandleInvisibleSuspiciousActivitiesConfiguration":{"Interval":"00:15:00","IsEnabled":true},"ValidateInvisibleSuspiciousActivitiesTimeout":"02:00:00","ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"PrivilegeEscalationPathsDetectorConfiguration":{"MaxPrivilegeEscalationPathCount":20,"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"RemoteExecutionDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"ReporterConfiguration":{"ReportTypeToConfigurationMapping":{},"SendPeriodicReportsConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"RetrieveDataProtectionBackupKeyDetectorConfiguration":{"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"SamrReconnaissanceDetectorConfiguration":{"HandleInvisibleSuspiciousActivitiesConfiguration":{"Interval":"00:10:00","IsEnabled":true},"ExcludedSourceComputerIds":[],"ExcludedSubnets":[],"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"SecretManagerConfiguration":{"CertificateThumbprint":"{{THUMBPRINT}}"},"ServiceSystemProfileConfiguration":{"Id":"5aed5ee92bd5d60dd07c9586"},"SoftwareUpdaterConfiguration":{"IsEnabled":true,"IsGatewayAutomaticSoftwareUpdateEnabled":true,"IsLightweightGatewayAutomaticRestartEnabled":true,"MicrosoftUpdateCategoryId":"6ac905a5-286b-43eb-97e2-e23b3848c87d","CheckSoftwareUpdatesConfiguration":{"Interval":"01:00:00","IsEnabled":true}},"SourceAccountSupportedEncryptionTypesEncryptionDowngradeDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"SourceComputerSupportedEncryptionTypesEncryptionDowngradeDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"SyncManagerConfiguration":{"UpdateClientsConfiguration":{"Interval":"00:00:10","IsEnabled":true}},"SyslogClientConfiguration":{"IsEnabled":false,"ServerEndpoint":null,"ServerTransport":"Udp","ServerTransportTimeout":"00:00:10","Serializer":"Rfc5424"},"TgtEncryptionDowngradeDetectorConfiguration":{"BlockConfiguration":{"BatchMaxSize":10000,"MaxDegreeOfParallelism":1,"MaxSize":10000},"IsEnabled":true,"UpsertProfileConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"UniqueEntityCacheConfiguration":{"CacheConfiguration":{"ShardCount":100,"MultiLruDictionaryConfiguration":{"MaxSize":10000,"Policy":"SingleValue","Timeout":"06:00:00"},"BackgroundRemoveOldConfiguration":{"Interval":"00:01:00","IsEnabled":true}}},"UniqueEntityProcessorConfiguration":{"HoneytokenAccountIds":[],"SensitiveAccountIds":[],"SensitiveGroupIds":[],"UniqueEntityBlockParallelismDegree":100,"GetHighFunctionalityDomainControlerIdsConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"UniqueEntityProfileCacheConfiguration":{"CacheConfiguration":{"ShardCount":100,"MultiLruDictionaryConfiguration":{"MaxSize":10000,"Policy":"SingleValue","Timeout":"06:00:00"},"BackgroundRemoveOldConfiguration":{"Interval":"00:01:00","IsEnabled":true}},"UniqueEntityProfileBlockConfiguration":{"MaxDegreeOfParallelism":50,"MaxSize":50},"StoreUniqueEntityProfilesConfiguration":{"Interval":"00:10:00","IsEnabled":true}},"UserAccountClusterDetectorConfiguration":{"ClusterUserAccountsConfiguration":{"Interval":"01:00:00","IsEnabled":true}},"WindowsEventLogClientConfiguration":{"IsEnabled":true}},"GatewayCommonConfiguration":{"DirectoryServicesClientAccountDomainName":"windomain.local","DirectoryServicesClientAccountName":"vagrant","DirectoryServicesClientAccountPasswordEncrypted":{"Password":"vagrant"},"IsRadiusEventListenerEnabled":false,"IsSyslogEventListenerEnabled":false,"IsWindowsEventLogReaderEnabled":true,"RadiusEventListenerSharedSecretEncrypted":null},"SoftwareUpdates":[],"NetbiosName":"WEF","Version":"1.9.7312.32791","VersionUpdateTime":"2018-05-05T07:36:09.1352934Z","Id":"5aed5ee92bd5d60dd07c9586","UpdateTime":"2018-05-05T07:36:17.9090344Z","Type":"CenterSystemProfile"} \ No newline at end of file diff --git a/Vagrant/scripts/install-microsoft-ata.ps1 b/Vagrant/scripts/install-microsoft-ata.ps1 new file mode 100644 index 0000000..72e1b34 --- /dev/null +++ b/Vagrant/scripts/install-microsoft-ata.ps1 @@ -0,0 +1,102 @@ +# Purpose: Downloads, installs and configures Microsft ATA 1.9 +$title = "Microsoft ATA 1.9" +$downloadUrl = "http://download.microsoft.com/download/4/9/1/491394D1-3F28-4261-ABC6-C836A301290E/ATA1.9.iso" + +# Enable web requests to endpoints with invalid SSL certs (like self-signed certs) +if (-not("SSLValidator" -as [type])) { + add-type -TypeDefinition @" +using System; +using System.Net; +using System.Net.Security; +using System.Security.Cryptography.X509Certificates; + +public static class SSLValidator { + public static bool ReturnTrue(object sender, + X509Certificate certificate, + X509Chain chain, + SslPolicyErrors sslPolicyErrors) { return true; } + + public static RemoteCertificateValidationCallback GetDelegate() { + return new RemoteCertificateValidationCallback(SSLValidator.ReturnTrue); + } +} +"@ +} +[System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLValidator]::GetDelegate() + +if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center")) +{ + if (-not (Test-Path "$env:temp\$title.iso")) + { + Write-Host "Downloading $title..." + Invoke-WebRequest -Uri $downloadUrl -OutFile "$env:temp\$title.iso" + } + $Mount = Mount-DiskImage -ImagePath "$env:temp\$title.iso" -StorageType ISO -Access ReadOnly -PassThru + $Volume = $Mount | Get-Volume + Write-Host "Installing $title" + $Install = Start-Process -Wait -FilePath ($Volume.DriveLetter + ":\Microsoft ATA Center Setup.exe") -ArgumentList "/q --LicenseAccepted NetFrameworkCommandLineArguments=`"/q`" --EnableMicrosoftUpdate" -PassThru + $Install + $Mount | Dismount-DiskImage -Confirm:$false + $body = get-content "C:\vagrant\resources\microsoft_ata\microsoft-ata-config.json" + + $req = [System.Net.WebRequest]::CreateHttp("https://wef") + try + { + $req.GetResponse() + } + catch + { + # we don't care about errors here, we just want to get the cert ;) + } + $ThumbPrint = $req.ServicePoint.Certificate.GetCertHashString() + $body = $body -replace "{{THUMBPRINT}}", $ThumbPrint + + Invoke-RestMethod -uri https://localhost/api/management/systemProfiles/center -body $body -Method Post -UseBasicParsing -UseDefaultCredentials -ContentType "application/json" + +} + +Start-Sleep -Seconds 60 + +Invoke-Command -computername dc -Credential (new-object pscredential("windomain\vagrant",(ConvertTo-SecureString -AsPlainText -Force -String "vagrant"))) -ScriptBlock { + + Write-Host "[$env:computername] Installing ATA Lightweight gateway..." + + # Enable web requests to endpoints with invalid SSL certs (like self-signed certs) + if (-not("SSLValidator" -as [type])) { + add-type -TypeDefinition @" + using System; + using System.Net; + using System.Net.Security; + using System.Security.Cryptography.X509Certificates; + + public static class SSLValidator { + public static bool ReturnTrue(object sender, + X509Certificate certificate, + X509Chain chain, + SslPolicyErrors sslPolicyErrors) { return true; } + + public static RemoteCertificateValidationCallback GetDelegate() { + return new RemoteCertificateValidationCallback(SSLValidator.ReturnTrue); + } + } +"@ + } + [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLValidator]::GetDelegate() + + Invoke-WebRequest -uri https://wef/api/management/softwareUpdates/gateways/deploymentPackage -UseBasicParsing -OutFile "$env:temp\gatewaysetup.zip" -Credential (new-object pscredential("wef\vagrant",(convertto-securestring -AsPlainText -Force -String "vagrant"))) + Expand-Archive -Path "$env:temp\gatewaysetup.zip" -DestinationPath "$env:temp\gatewaysetup" -Force + + Set-Location "$env:temp\gatewaysetup" + Start-Process -Wait -FilePath ".\Microsoft ATA Gateway Setup.exe" -ArgumentList "/q NetFrameworkCommandLineArguments=`"/q`" ConsoleAccountName=`"wef\vagrant`" ConsoleAccountPassword=`"vagrant`"" + # Disable invalid web requests to endpoints with invalid SSL certs again + [System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null +} + +# set dc as domain synchronizer +$config = Invoke-RestMethod -Uri "https://localhost/api/management/systemProfiles/gateways" -UseDefaultCredentials -UseBasicParsing +$config[0].Configuration.DirectoryServicesResolverConfiguration.UpdateDirectoryEntityChangesConfiguration.IsEnabled = $true + +Invoke-RestMethod -Uri "https://localhost/api/management/systemProfiles/gateways/$($config[0].Id)" -UseDefaultCredentials -UseBasicParsing -Method Post -ContentType "application/json" -Body ($config[0] | convertto-json -depth 99) + +# Disable invalid web requests to endpoints with invalid SSL certs again +[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null \ No newline at end of file