Advanced Threat Analytics 1.7 Gateway Discovery Data Source

Microsoft.AdvancedThreatAnalytics.1_7.Gateway.Discovery.DataSource (DataSourceModuleType)

Data Source for Microsoft ATA 1.7 Gateway Discovery

Element properties:

Member Modules:

Overrideable Parameters:

Source Code:

<DataSourceModuleType ID="Microsoft.AdvancedThreatAnalytics.1_7.Gateway.Discovery.DataSource" Accessibility="Internal" Batching="false">

  <Configuration>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="computerName" type="xsd:string"/>

    <xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" minOccurs="1" name="IntervalSeconds" type="xsd:integer"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="IntervalSeconds" ParameterType="int" Selector="$Config/IntervalSeconds$"/>

  </OverrideableParameters>

  <ModuleImplementation Isolation="Any">

    <Composite>

      <MemberModules>

        <DataSource ID="Scheduler" TypeID="System!System.Discovery.Scheduler">

          <Scheduler>

            <SimpleReccuringSchedule>

              <Interval Unit="Seconds">$Config/IntervalSeconds$</Interval>

            </SimpleReccuringSchedule>

            <ExcludeDates/>

          </Scheduler>

        </DataSource>

        <ProbeAction ID="PowerShell" TypeID="Windows!Microsoft.Windows.PowerShellDiscoveryProbe">

          <ScriptName>ATAGatewayDiscovery.ps1</ScriptName>

          <ScriptBody><Script>

param($sourceId,$managedEntityId,$computerName)



#Set SCOM Properties

$api = New-Object -comObject 'MOM.ScriptAPI'

$discoveryData = $api.CreateDiscoveryData(0, $sourceId, $managedEntityId)



#Set variables to be used in logging events

$whoami = whoami

$StartTime = Get-Date



#Log an event that our script is starting

$api.LogScriptEvent("ATAGatewayDiscovery.ps1",3280,0,"ATA Gateway Discovery Script is starting.  Running as $whoami.")



If((Test-Path 'HKLM:\SOFTWARE\Microsoft\Microsoft Advanced Threat Analytics\Gateway')){

#Get the Install Path

$WMIInfo = Get-WmiObject win32_service | ?{$_.Name -eq 'ATAGateway'}

[string]$EXEPath = $WMIInfo.PathName.Replace("""","")

$InstallationPath = $EXEPath.Replace("\Microsoft.Tri.Gateway.exe","")

$ConfigFile = $InstallationPath+"\GatewayConfiguration.json"



#Get the config file

$jsondata = (Get-Content $Configfile -raw) | ConvertFrom-Json



#Process the data

$IsEnabled = $jsondata.IsEnabled

$ServiceProxyServicePrimaryDnsEndpointAddress = $jsondata.ServiceProxyServicePrimaryDnsEndpoint.Address

$ServiceProxyServicePrimaryDnsEndpointPort = $jsondata.ServiceProxyServicePrimaryDnsEndpoint.Port



$ServiceProxyServicePrimaryCertificateThumbprint = $jsondata.ServiceProxyServicePrimaryCertificateThumbprint

$ManagementClientServerCertificateThumbprint = $jsondata.ManagementClientServerCertificateThumbprint

$ManagementClientServerName = $jsondata.ManagementClientServerName

$SystemProfileId = $jsondata.SystemProfileId

$SecretManagerCertificateThumbprint = $jsondata.SecretManagerCertificateThumbprint

$Version = (Get-ItemProperty $EXEPath).VersionInfo.ProductVersion



#Check for LWGW

if((get-service NTDS -ErrorAction SilentlyContinue) -ne $Null){

$IsLightWeight = "true"

}

else{

$IsLightWeight = "false"

}



IF ($IsLightWeight -eq "true") {

#Add the data into the PropertyBag

$GatewayInstance= $DiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway.LightWeight']$")

$GatewayInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $computerName)

$GatewayInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $computerName)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServerName$", $computerName)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/Version$", $Version)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServiceProxyServicePrimaryDnsEndpointAddress$", $ServiceProxyServicePrimaryDnsEndpointAddress)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServiceProxyServicePrimaryDnsEndpointPort$", $ServiceProxyServicePrimaryDnsEndpointPort)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServiceProxyServicePrimaryCertificateThumbprint$", $ServiceProxyServicePrimaryCertificateThumbprint)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ManagementClientServerCertificateThumbprint$", $ManagementClientServerCertificateThumbprint)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ManagementClientServerName$", $ManagementClientServerName)



$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/SystemProfileId$", $SystemProfileId)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/SecretManagerCertificateThumbprint$", $SecretManagerCertificateThumbprint)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/IsLightWeight$", $IsLightWeight)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/InstallationPath$", $InstallationPath)

$DiscoveryData.AddInstance($GatewayInstance)

}



ELSE {

#Add the data into the PropertyBag

$GatewayInstance= $DiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway.Standalone']$")

$GatewayInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $computerName)

$GatewayInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $computerName)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServerName$", $computerName)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/Version$", $Version)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServiceProxyServicePrimaryDnsEndpointAddress$", $ServiceProxyServicePrimaryDnsEndpointAddress)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServiceProxyServicePrimaryDnsEndpointPort$", $ServiceProxyServicePrimaryDnsEndpointPort)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ServiceProxyServicePrimaryCertificateThumbprint$", $ServiceProxyServicePrimaryCertificateThumbprint)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ManagementClientServerCertificateThumbprint$", $ManagementClientServerCertificateThumbprint)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/ManagementClientServerName$", $ManagementClientServerName)



$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/SystemProfileId$", $SystemProfileId)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/SecretManagerCertificateThumbprint$", $SecretManagerCertificateThumbprint)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/IsLightWeight$", $IsLightWeight)

$GatewayInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Gateway']/InstallationPath$", $InstallationPath)

$DiscoveryData.AddInstance($GatewayInstance)

}



#Log an event for script ending and total execution time.

$EndTime = Get-Date

$ScriptTime = ($EndTime - $StartTime).TotalSeconds

$api.LogScriptEvent("ATAGatewayDiscovery.ps1",3281,0,"ATA Gateway Discovery Script is complete.  Version is $Version.  Total runtime ($ScriptTime) seconds.")



#Output the PropertyBag data for SCOM consumption:

$DiscoveryData

}

Else{

#Log an event for script ending and total execution time.

$EndTime = Get-Date

$ScriptTime = ($EndTime - $StartTime).TotalSeconds

$api.LogScriptEvent("ATAGatewayDiscovery.ps1",3281,0,"ATA Center Discovery Script is complete.  This server is not a gateway.  Total runtime ($ScriptTime) seconds.")

}

</Script></ScriptBody>

          <Parameters>

            <Parameter>

              <Name>sourceID</Name>

              <Value>$MPElement$</Value>

            </Parameter>

            <Parameter>

              <Name>managedEntityID</Name>

              <Value>$Target/Id$</Value>

            </Parameter>

            <Parameter>

              <Name>computerName</Name>

              <Value>$Config/computerName$</Value>

            </Parameter>

          </Parameters>

          <TimeoutSeconds>60</TimeoutSeconds>

        </ProbeAction>

      </MemberModules>

      <Composition>

        <Node ID="PowerShell">

          <Node ID="Scheduler"/>

        </Node>

      </Composition>

    </Composite>

  </ModuleImplementation>

  <OutputType>System!System.Discovery.Data</OutputType>

</DataSourceModuleType>