//-------------------------------------------------------------------------
//
// Copyright (c) Intel Corporation, 2011 - 2014 All Rights Reserved.
//
// File: SystemDefenseApi.cs
//
// Contents: Api code for Intel(R) Active Management Technology
// (Intel® AMT) SystemDefense Sample.
//
// Notes: This sample demonstrates how to use various commands of
// the SystemDefense and CBHeuristic services over WSMan.
//
//-------------------------------------------------------------------------
using System;
using Intel.Management.Wsman;
using Connection;
using Common.Utils;
namespace SystemDefense
{
public class SystemDefense_Api : Connection_setup
{
#region CONSTANTS
private const int MAX_FILTER_HANDLES = 62;
private const string STRING_NOT_APPLICABLE = "n/a";
private const uint UINT_NOT_APPLICABLE = 0;
private const uint DEFAULT_PRECEDENCE = 0;
private const uint FAST_CONNECTIONS_THRESHOLD = 200; // milliseconds
private const uint FAST_CONNECTIONS_CLEARTIME = 500; // milliseconds
private const uint SLOW_CONNECTIONS_THRESHOLD = 200;
private const uint SLOW_CONNECTIONS_CLEARTIME = 1000; // milliseconds
private const ushort ENCOUNTER_TIMEOUT = 20; // seconds
private const string CREATED_POLICY_NAME = "MyPolicy";
private const string HDR8021_FILTER_NAME = "Sample8021Filter";
private const string IP_HEADER_FILTER_NAME = "MyIPFilter";
public enum TrafficDir
{
TRANSMIT = 0,
RECEIVE
}
public enum EtherTypes
{
ETH_TYPE_PUP = 512,
ETH_TYPE_IP = 2048,
ETH_TYPE_ARP = 2054,
ETH_TYPE_RARP = 32821,
ETH_TYPE_8021Q = 33024,
ETH_TYPE_IPV6 = 34525
}
public enum FilterProfile
{
STATISTICS_PASS = 0,
STATISTICS_DROP,
RATE,
PASS,
DROP
}
public enum IPProtocols
{
IP_IP = 0, // Dummy for IP
IP_ICMP = 1, // Control message protocol
IP_IGMP = 2, // Internet group management protocol
IP_TCP = 6, // TCP
IP_PUP = 12, // PUP
IP_UDP = 17, // User datagram protocol
IP_IPV6 = 41 // IPv6
}
public enum IPVer
{
IPV4 = 4,
IPV6 = 6
}
public enum AntiSpoofSupport
{
OFF = 0,
EVENT_ON_MATCH,
COUNT,
COUNTING_AND_EVENT_ON_MATCH
}
#endregion CONSTANTS
#region DATA_MEMBERS
private string NOT_EXIST_EXCEPTION =
"No route can be determined to reach the destination role defined by the WSAddressing To.";
#endregion
#region CONSTRUCTORS
//Inheriting Connection details from Connection_setup class.
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
// format only.
public SystemDefense_Api(string ip, string username, string pwd, bool krb, MpsManager proxy, bool acceptSelfSignedCertificate = false)
: base(ip, username, pwd.ConvertToSecureString(), krb, proxy, acceptSelfSignedCertificate)
{
}
// Convert password to secure string to comply with wsman dll which supports passwords in SecureString
// format only.
public SystemDefense_Api(string ip, string username, string pwd, string clientCert, bool krb, MpsManager proxy, bool acceptSelfSignedCertificate = false)
: base(ip, username, pwd.ConvertToSecureString(), clientCert, krb, proxy, acceptSelfSignedCertificate)
{
}
#endregion CONSTRUCTORS
#region FLOWS
///
/// Execute an API example.
/// 1. Prints the System Defense capabilities
/// 2. Creates filters and policy and associates them.
/// 3. Enables the policy on the wired LAN network interface and then updates the statistics.
/// In case runHeuristicCommands is true:
/// 4. Gets and sets the heuristic settings.
/// 5. Adds a heuristic filter to the policy and then removes it.
/// 6. Returns the heuristic settings to the original settings.
///
/// At the end: Delete all the created objects.
///
/// This function is performed by default in the wired interface.
///
/// Use verbose mode
/// Execute Heuristic Commands
/// true- for performing the operation in the wireless. else- false
public void ApiFlow(bool verbose, bool runHeuristicCommands, bool isWireless)
{
Console.Write("\nQuerying Intel AMT System Defense Capabilities... ");
QueryAMTSystemSdCapabilities(verbose);
Console.WriteLine("Success");
IManagedReference sdPolicyRef = EnableSystemDefencePolicy(CreatePolicy(verbose), isWireless);
if (sdPolicyRef == null)
{
Console.WriteLine("\nFailed to enable System Defense policy. Exiting flow.");
return;
}
Console.WriteLine("Success");
Console.Write("\nUpdating Intel AMT System Defense Policy Statistics... ");
UpdadeStatistics(sdPolicyRef, verbose, isWireless);
Console.WriteLine("Success");
if (runHeuristicCommands)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch(NullReferenceException)
{
Console.WriteLine(
"\nCannot Get Heuristic Filter Statistics. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
// Delete the created policy.
DeletePolicy(verbose);
return;
}
Console.Write("\nGetting Heuristic Packet Filter Settings Policy... ");
IManagedReference heuristicPacketFilterSettingsRef = GetHeurtisticPacketFilterSettings(verbose);
if(heuristicPacketFilterSettingsRef == null)
{
Console.Write("\nCannot get Heuristic Packet Filter settings. Note: This method was deprecated in CSME 12.0");
// Delete the created policy.
DeletePolicy(verbose);
return;
}
if (!verbose)
Console.WriteLine("Success");
string enabled = heuristicPacketFilterSettingsRef.Get().GetProperty("Enabled").ToString();
Console.Write("\nSetting Heuristic Packet Filter Settings Policy... ");
SetHeuristicPacketFilterSettings(heuristicPacketFilterSettingsRef, false);
Console.WriteLine("Success");
Console.Write("\nGetting New Heuristic Packet Filter Settings Policy... ");
GetHeurtisticFilterStatistics(verbose);
if (!verbose)
Console.WriteLine("Success");
bool exists = false;
Console.Write("\nCreating Heuristic Packet System Defense Interface Policy... ");
ConfigureHeuristicPacketPolicy(sdPolicyRef, out exists);
if (!exists)
{
Console.WriteLine("Success");
Console.Write("\nDeleting Heuristic Packet System Defense Interface Policy... ");
DeleteHeuristicPacketPolicy(sdPolicyRef);
Console.WriteLine("Success");
}
// Restore the original settings.
Console.Write("\nSetting Original Heuristic Packet Filter Settings Policy... ");
SetHeuristicPacketFilterSettings(heuristicPacketFilterSettingsRef, bool.Parse(enabled));
}
// Delete the created policy.
DeletePolicy(verbose);
}
public void ApiFlow(bool verbose, bool runHeuristicCommands)
{
ApiFlow(verbose, runHeuristicCommands, false);
}
///
/// Deletes Heuristic Packet Policy from the given policy.
///
/// The policy to delete heuristic from.
public void DeleteHeuristicPacketPolicy(IManagedReference systemDefensePolicyRef)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine(
"\nCannot delete Heuristic Packet Policy from the given policy. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
return;
}
// systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create a System Defense Policy' use case.
IManagedInstance systemDefensePolicyInstance = systemDefensePolicyRef.Get();
IWsmanItem instanceID = systemDefensePolicyInstance.GetProperty("InstanceID");
// Create a reference to the CIM_EthernetPort instance.
ethernetPortRef =
wsmanClient.NewReference(
"SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'");
IManagedReference heuristicPacketFilterInterfacePolicyRef =
wsmanClient.NewReference("AMT_HeuristicPacketFilterInterfacePolicy");
heuristicPacketFilterInterfacePolicyRef.AddSelector("Antecedent", ethernetPortRef);
// Traverse to the AMT_HeuristicPacketFilterInterfacePolicy instances that are connected to the CIM_EthernetPort instance.
foreach (
IWsmanItem heuristicPacketFilterInterfacePolicyItem in
heuristicPacketFilterInterfacePolicyRef.Enumerate(
"http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null))
{
//For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (
heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").IsA(
"AMT_SystemDefensePolicy"))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
systemDefensePolicyInstance =
heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get();
if (systemDefensePolicyInstance.GetProperty("InstanceID").Equals(instanceID))
{
heuristicPacketFilterInterfacePolicyRef =
heuristicPacketFilterInterfacePolicyItem.Object.ToReference("Antecedent");
//, "Dependent");
heuristicPacketFilterInterfacePolicyRef.Delete();
}
}
}
}
///
/// Get Heuristic Filter Statistics.
///
/// Use verbose mode
/// Heuristic Filter Statistics Instance
public IManagedInstance GetHeurtisticFilterStatistics(bool verbose)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine(
"\nCannot get Heuristic Filter Statistics. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
return null;
}
// Create a reference to the CIM_EthernetPort instance.
ethernetPortRef =
wsmanClient.NewReference(
"SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'");
IManagedReference elementStatisticalDataRef = wsmanClient.NewReference("CIM_ElementStatisticalData");
elementStatisticalDataRef.AddSelector("ManagedElement", ethernetPortRef);
// Traverse to the CIM_ElementStatisticalData instances that are connected to the CIM_EthernetPort instance.
foreach (
IWsmanItem elementStatisticalDataItem in
elementStatisticalDataRef.Enumerate(
"http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null))
{
// For each instance, check if it is associated to the AMT_HeuristicsPacketFilterStatiistics instance.
if (elementStatisticalDataItem.Object.GetProperty("Stats").IsA("AMT_HeuristicPacketFilterStatistics"))
{
//Get the AMT_HeuristicPacketFilterStatistics object using its EPR.
IManagedReference heuristicPacketFilterStatisticsRef =
elementStatisticalDataItem.Object.GetProperty("Stats").Ref;
IManagedInstance heuristicPacketFilterStatisticsInstance =
heuristicPacketFilterStatisticsRef.Get();
if (verbose)
DisplayHpFilterStatistics(heuristicPacketFilterStatisticsInstance);
return heuristicPacketFilterStatisticsInstance;
}
}
return null;
}
///
/// Update Policy Statistics.
/// This function is performed by default in the wired interface.
///
/// The policy to update
/// Use verbose mode
/// true- for performing the operation in the wireless. else- false
public void UpdadeStatistics(IManagedReference systemDefensePolicyRef, bool verbose, bool isWireless)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port " + (isWireless ? "1'" : "0'"));
IManagedInstance inputObject = systemDefensePolicyRef.CreateMethodInput("UpdateStatistics");
inputObject.SetProperty("NetworkInterface", ethernetPortRef);
inputObject.SetProperty("ResetOnRead", "true");
IManagedInstance outputObject = systemDefensePolicyRef.InvokeMethod(inputObject);
IWsmanItem returnValue = outputObject.GetProperty("ReturnValue");
if (Int16.Parse(returnValue.ToString()) != 0)
throw new Exception("Failed to Update Statistics. Return value = " + returnValue.ToString());
}
public void UpdadeStatistics(IManagedReference systemDefensePolicyRef, bool verbose)
{
UpdadeStatistics(systemDefensePolicyRef, verbose, false);
}
///
/// Outputs the Heuristic Packet Filter Statistics.
///
///
public static void DisplayHpFilterStatistics(IManagedInstance hpFilterStatistics)
{
Console.WriteLine("\n\nHeuristic Packet Filter Statistics:");
Console.WriteLine("Instance ID: {0}", hpFilterStatistics.GetProperty("InstanceID"));
Console.WriteLine("Blocked All: {0}", hpFilterStatistics.GetProperty("BlockedAllExist").IsNull == false ? hpFilterStatistics.GetProperty("BlockedAll").ToString() : "Not Specified");
Console.WriteLine("Blocked Offensive Port: {0}", hpFilterStatistics.GetProperty("BlockedOffensivePortExist").IsNull == false ? hpFilterStatistics.GetProperty("BlockedOffensivePort").ToString() : "Not Specified");
Console.WriteLine("Blocked Offensive Port Protocol: {0}", hpFilterStatistics.GetProperty("BlockedOffensivePortProtocolExist").IsNull == false ? hpFilterStatistics.GetProperty("BlockedOffensivePortProtocol").ToString() : "Not Specified");
Console.WriteLine("Enabled SD Policy: {0}", hpFilterStatistics.GetProperty("EnabledPolicyExist").IsNull == false ? hpFilterStatistics.GetProperty("EnabledPolicy").ToString() : "Not Specified");
}
///
/// Queries Intel AMT System Defense Capabilities.
///
/// Use verbose mode
/// Intel AMT System Defense Capabilities Instance
public IManagedInstance QueryAMTSystemSdCapabilities(bool verbose)
{
IManagedReference generalSystemDefenseCapabilitiesRef = wsmanClient.NewReference("SELECT * FROM AMT_GeneralSystemDefenseCapabilities WHERE InstanceID='Intel(r) AMT:Handle:1'");
IManagedInstance generalSystemDefenseCapabilitiesInstance = generalSystemDefenseCapabilitiesRef.Get();
IWsmanItem globalMaxSupportedPolicies = generalSystemDefenseCapabilitiesInstance.GetProperty("GlobalMaxSupportedPolicies");
IWsmanItem globalMaxSupportedFilters = generalSystemDefenseCapabilitiesInstance.GetProperty("GlobalMaxSupportedFilters");
if (verbose)
{
Console.WriteLine("\n\tGlobal Max Supported Policies: {0}", globalMaxSupportedPolicies.ToString());
Console.WriteLine("\tGlobal Max Supported Filters: {0}", globalMaxSupportedFilters.ToString());
}
return generalSystemDefenseCapabilitiesInstance;
}
///
/// Create a policy with a policyName CREATE_POLICY_NAME.
///
/// Use verbose mode
public IManagedReference CreatePolicy(bool verbose)
{
Console.WriteLine("\n------------Creating a System Defense Blocking policy----------\n");
if (verbose)
Console.WriteLine("Creating SystemDefense Policy");
IManagedInstance systemDefensePolicyInstance = wsmanClient.NewInstance("AMT_SystemDefensePolicy");
systemDefensePolicyInstance.SetProperty("InstanceID", STRING_NOT_APPLICABLE);
systemDefensePolicyInstance.SetProperty("PolicyName", CREATED_POLICY_NAME);
systemDefensePolicyInstance.SetProperty("PolicyPrecedence", "30");
systemDefensePolicyInstance.SetProperty("TxDefaultCount", "false");
systemDefensePolicyInstance.SetProperty("TxDefaultDrop", "false");
systemDefensePolicyInstance.SetProperty("TxDefaultMatchEvent", "false");
systemDefensePolicyInstance.SetProperty("RxDefaultCount", "false");
systemDefensePolicyInstance.SetProperty("RxDefaultDrop", "false");
systemDefensePolicyInstance.SetProperty("RxDefaultMatchEvent", "false");
//Create IP Filter.
if (verbose)
Console.WriteLine("Creating IPHeaderFilters");
//Create the IpHeadersFilter Filter.
IManagedInstance ipHeadersFilterInstance = wsmanClient.NewInstance("AMT_IPHeadersFilter");
ipHeadersFilterInstance.SetProperty("InstanceID", "0");
ipHeadersFilterInstance.SetProperty("Name", IP_HEADER_FILTER_NAME);
ipHeadersFilterInstance.SetProperty("CreationClassName", STRING_NOT_APPLICABLE);
ipHeadersFilterInstance.SetProperty("SystemName", STRING_NOT_APPLICABLE);
ipHeadersFilterInstance.SetProperty("SystemCreationClassName", STRING_NOT_APPLICABLE);
ipHeadersFilterInstance.SetProperty("FilterProfile", "1");
ipHeadersFilterInstance.SetProperty("FilterDirection", "0");
ipHeadersFilterInstance.SetProperty("ActionEventOnMatch", "true");
ipHeadersFilterInstance.SetProperty("HdrIPVersion", "4");
// The ipHeadersFilterRef is an EPR to the new AMT_IPHeadersFilter object.
IManagedReference ipHeadersFilterRef = ipHeadersFilterInstance.Create();
// ipHeadersFilterRef is an EPR to the AMT_IPHeadersFilter object created by the 'Create an IP Filter' use case.
ipHeadersFilterInstance = ipHeadersFilterRef.Get();
IWsmanItem ipFilterInstanceID = ipHeadersFilterInstance.GetProperty("InstanceID");
if (verbose)
Console.WriteLine("Creating Hdr8021Filter");
//Create Ethernet Filter.
IManagedInstance hdr8021FilterInstance = wsmanClient.NewInstance("AMT_Hdr8021Filter");
hdr8021FilterInstance.SetProperty("InstanceID", "0");
hdr8021FilterInstance.SetProperty("Name", HDR8021_FILTER_NAME);
hdr8021FilterInstance.SetProperty("CreationClassName", STRING_NOT_APPLICABLE);
hdr8021FilterInstance.SetProperty("SystemName", STRING_NOT_APPLICABLE);
hdr8021FilterInstance.SetProperty("SystemCreationClassName", STRING_NOT_APPLICABLE);
hdr8021FilterInstance.SetProperty("HdrProtocolID8021", "33024");
hdr8021FilterInstance.SetProperty("FilterProfile", "3");
hdr8021FilterInstance.SetProperty("FilterDirection", "1");
hdr8021FilterInstance.SetProperty("ActionEventOnMatch", "false");
//The hdr8021FilterRef is an EPR to the new AMT_Hdr8021Filter object.
IManagedReference hdr8021FilterRef = hdr8021FilterInstance.Create();
//hdr8021FilterInstance is an EPR to the AMT_Hdr8021Filter object created by the 'Create an Ethernet Filter' use case.
hdr8021FilterInstance = hdr8021FilterRef.Get();
IWsmanItem ethernetFilterInstanceID = hdr8021FilterInstance.GetProperty("InstanceID");
//UInt32 filterCreationHandles = @(ipFilterInstanceID.ToString(), ethernetFilterInstanceID.ToString()); //??
systemDefensePolicyInstance.SetProperty("FilterCreationHandles", ipFilterInstanceID.ToString());
systemDefensePolicyInstance.AddProperty("FilterCreationHandles", ethernetFilterInstanceID.ToString());
// The systemDefensePolicyRef is an EPR to the new AMT_SystemDefensePolicy object.
IManagedReference systemDefensePolicyRef = systemDefensePolicyInstance.Create();
// Enable Policy
if (verbose)
Console.WriteLine("\nEnable the SystemDefensePolicy");
Console.WriteLine("\nCreating System Defense Policy -- Done");
return systemDefensePolicyRef;
}
///
/// Enables AMT_NetworkPortSystemDefensePolicy to the given policy.
/// This function is performed by default in the wired interface.
///
/// the policy to enable
/// true- for performing the operation in the wireless. else- false
public IManagedReference EnableSystemDefencePolicy(IManagedReference systemDefensePolicyRef, bool isWireless)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID=" +
"'Intel(r) AMT Ethernet Port Settings " + (isWireless ? "1'" : "0'"));
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
if (!isWireless)
Console.WriteLine($"\nCannot enable AMT_NetworkPortSystemDefensePolicy for the given policy (wired) in a LAN-less machine. " +
$"To run over wireless, please add the '-wireless' argument");
else
Console.WriteLine("Failed to enable AMT_NetworkPortSystemDefensePolicy for the given policy");
return null;
}
// Select the wired interface.
ethernetPortRef =
wsmanClient.NewReference(
"SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port " +
(isWireless ? "1'" : "0'"));
IManagedInstance networkPortSystemDefensePolicyInstance =
wsmanClient.NewInstance("AMT_NetworkPortSystemDefensePolicy");
networkPortSystemDefensePolicyInstance.SetProperty("Antecedent", ethernetPortRef);
//systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create System Defense Policy' use case.
networkPortSystemDefensePolicyInstance.SetProperty("Dependent", systemDefensePolicyRef);
networkPortSystemDefensePolicyInstance.SetProperty("Enabled", "true");
try
{
networkPortSystemDefensePolicyInstance.Create();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot enable the given policy. Please check if you already have an identical policy, and delete it first");
return null;
}
Console.WriteLine("\nEnabling System Defense Policy -- Done");
return systemDefensePolicyRef;
}
public IManagedReference EnableSystemDefencePolicy(IManagedReference systemDefensePolicyRef)
{
return EnableSystemDefencePolicy(systemDefensePolicyRef, false);
}
///
/// Disable AMT_NetworkPortSystemDefensePolicy interface from the policy created using CreateAndEnablePolicy method.
/// This function is performed by default in the wired interface.
///
/// Use verbose mode
/// true- for performing the operation in the wireless. else- false
public void DisablePolicy(bool verbose, bool isWireless)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID=" +
"'Intel(r) AMT Ethernet Port Settings " + (isWireless ? "1'" : "0'"));
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
if (!isWireless)
Console.WriteLine($"\nCannot disable the SystemDefence policy (wired) in a LAN-less machine. " +
$"To run over wireless, please add the '-wireless' argument");
else
Console.WriteLine("Failed to disable the SystemDefence policy");
return;
}
Console.WriteLine("\nGet SystemDefensePolicy");
//systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create System Defense Policy' use case.
IManagedReference systemDefensePolicyRef =
wsmanClient.NewReference("SELECT * FROM AMT_SystemDefensePolicy");
// WHERE InstanceID='Intel(r) AMT:Handle:x'
//IManagedInstance systemDefensePolicyInstance = systemDefensePolicyRef.Get();
IWsmanItem instanceID = null;
IWsmanEnumeration systemDefensePolicyInstances = systemDefensePolicyRef.Enumerate(null, null);
foreach (IWsmanItem systemDefensePolicyInstance in systemDefensePolicyInstances)
{
if (
systemDefensePolicyInstance.Object.GetProperty("PolicyName").ToString().CompareTo(
CREATED_POLICY_NAME) == 0)
{
instanceID = systemDefensePolicyInstance.Object.GetProperty("InstanceID");
break;
}
}
//Create a reference to the CIM_EthernetPort instance;
ethernetPortRef =
wsmanClient.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port " + (isWireless ? "1'" : "0'"));
IManagedReference networkPortSystemDefensePolicyRef =
wsmanClient.NewReference("AMT_NetworkPortSystemDefensePolicy");
networkPortSystemDefensePolicyRef.AddSelector("Antecedent", ethernetPortRef);
//Traverse to the AMT_NetworkPortSystemDefensePolicy instances that are connected to the CIM_EthernetPort instance.
var networkPortSystemDefensePolicies = networkPortSystemDefensePolicyRef.Enumerate(
"http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
if(networkPortSystemDefensePolicies == null || networkPortSystemDefensePolicies.HasNext == false)
{
Console.WriteLine("\nNo AMT_NetworkPortSystemDefense Policies to disable");
return;
}
foreach (IWsmanItem networkPortSystemDefensePolicyItem in networkPortSystemDefensePolicies)
{
//For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
IManagedInstance systemDefensePolicyInstance1 =
networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref.Get();
if (
systemDefensePolicyInstance1.GetProperty("InstanceID").ToString().CompareTo(
instanceID?.ToString()) == 0)
{
IManagedReference networkPortSystemDefensePolicyRef1 =
networkPortSystemDefensePolicyItem.Object.ToReference("Dependent");
//"Antecedent", "Dependent")
networkPortSystemDefensePolicyRef1.Delete();
Console.WriteLine($"\nPolicy: {systemDefensePolicyInstance1.GetProperty("PolicyName").ToString()} was disabled successfully");
}
}
}
}
public void DisablePolicy(bool verbose)
{
DisablePolicy(verbose, false);
}
///
/// Gets the Heuristic Packet Filter Settings.
///
/// Use verbose mode
/// Heuristic Packet Filter Settings Reference
public IManagedReference GetHeurtisticPacketFilterSettings(bool verbose)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{ Console.WriteLine("\nCannot get Heuristic Settings. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
return null;
}
// Create a reference to the CIM_EthernetPort instance.
ethernetPortRef =
wsmanClient.NewReference(
"SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'");
IManagedReference elementSettingDataRef = wsmanClient.NewReference("CIM_ElementSettingData");
elementSettingDataRef.AddSelector("ManagedElement", ethernetPortRef);
// Traverse to the CIM_ElementSettingData instances that are connected to the CIM_EthernetPort instance.
foreach (
IWsmanItem elementSettingDataItem in
elementSettingDataRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter",
null))
{
// For each instance, check if it is associated to the AMT_HeuristicPacketFilterSettings instance.
if (elementSettingDataItem.Object.GetProperty("SettingData").IsA("AMT_HeuristicPacketFilterSettings"))
{
// Get the AMT_HeuristicPacketFilterSettings object using its EPR.
IManagedReference heuristicPacketFilterSettingsRef =
elementSettingDataItem.Object.GetProperty("SettingData").Ref;
IManagedInstance heuristicPacketFilterSettingsInstance = heuristicPacketFilterSettingsRef.Get();
if (verbose)
DisplayHpFilterSettings(heuristicPacketFilterSettingsInstance);
return heuristicPacketFilterSettingsRef;
//break;
}
}
return null;
}
///
/// Outputs the Heuristic Packet Filter Settings.
///
public static void DisplayHpFilterSettings(IManagedInstance hpFilterSettings)
{
// Console.WriteLine("\n\n{0}", curHpFilter.ElementName);
Console.WriteLine("\n\nFilter Settings:");
Console.WriteLine("Instance ID: {0}", hpFilterSettings.GetProperty("InstanceID"));
Console.WriteLine("Fast Connection Rate:");
Console.WriteLine("\tThreshold Counter = {0}", hpFilterSettings.GetProperty("FastConnectionRateThreshold").IsNull ? "Not Specified" : hpFilterSettings.GetProperty("FastConnectionRateThreshold").ToString());//.ToString() : "Not Specified");
Console.WriteLine("\tClear Time (in milliseconds) = {0}", hpFilterSettings.GetProperty("FastConnectionRateClearTime").IsNull ? "Not Specified" : hpFilterSettings.GetProperty("FastConnectionRateClearTime").ToString());//.ToString() : "Not Specified");
Console.WriteLine("Slow Connection Rate:");
Console.WriteLine("\tThreshold Counter = {0}", hpFilterSettings.GetProperty("SlowConnectionRateThreshold").IsNull ? "Not Specified" : hpFilterSettings.GetProperty("SlowConnectionRateThreshold").ToString());//.ToString() : "Not Specified");
Console.WriteLine("\tClear Time (in milliseconds) = {0}", hpFilterSettings.GetProperty("SlowConnectionRateClearTime").IsNull ? "Not Specified" : hpFilterSettings.GetProperty("SlowConnectionRateClearTime").ToString());//.ToString() : "Not Specified");
Console.WriteLine("Block All: {0}", hpFilterSettings.GetProperty("BlockAll").IsNull ? "Not Specified" : hpFilterSettings.GetProperty("BlockAll").ToString());//.ToString() : "Not Specified");
Console.WriteLine("EncounterTimeout: {0}", hpFilterSettings.GetProperty("EncounterTimeout"));
Console.WriteLine("Block Offensive Port: {0}", hpFilterSettings.GetProperty("BlockOffensivePort").IsNull ? "Not Specified" : hpFilterSettings.GetProperty("BlockOffensivePort").ToString());//.ToString() : "Not Specified");
Console.WriteLine("Enabled: {0}", hpFilterSettings.GetProperty("Enabled"));
}
///
/// Configure AMT_HeuristicPacketFilterInterfacePolicy to the policy created using CreateAndEnablePolicy method.
///
/// Use verbose mode
public void ConfigureHeuristic(bool verbose)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot configure heuristic packet policy. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
return;
}
//Get Heuristic Packet Filter Settings.
if (verbose)
Console.WriteLine("\nGet Heuristic Packer Filter Settings");
IManagedReference hpFilterSettings = GetHeurtisticPacketFilterSettings(verbose);
if (hpFilterSettings == null)
{
Console.WriteLine("Error occurred in ConfigureHeuristic:");
throw new Exception(
"Operation cannot be performed on the Intel(R) AMT system: \nThere is no instance of Heuristic Packet Filter. Note: This method was deprecated in CSME 12.0");
}
if (hpFilterSettings.Get().GetProperty("Enabled").Equals(false))
{
Console.WriteLine("Error occurred in ConfigureHeuristic");
throw new Exception(
"\nAborting: Heuristic Packet Filter Settings is disabled while it must be enabled in order to configure Heuristic!" +
"\nNote that -enableheuristic option is available for enabling the Heuristic Packet Filter Settings");
}
// Get the created policy
if (verbose)
Console.WriteLine("\nGet created policy");
//get a Reference of system Defense Policy thats been created.
IManagedReference policy = GetPolicy();
if (policy == null)
{
Console.WriteLine("Error occurred in ConfigureHeuristic");
throw new Exception("\nAborting: System Defense Policy was not found!" +
"\nNote that -createpolicy option should be called before this option");
}
// Must enable heuristic first
EnableHeuristic(verbose);
// Configure heuristic to policy
if (verbose)
Console.WriteLine("\nConfigure Heuristic Packet Policy");
bool heuristicPolicyExist = false;
ConfigureHeuristicPacketPolicy(policy, out heuristicPolicyExist);
if (!heuristicPolicyExist)
Console.WriteLine("\nConfigure Heuristic to System Defense Policy - Done");
}
///
/// Create an instance of the Heuristic Packet Filter Interface Policy in order to set a
/// Heuristic Packet Filter configuration that should be 'Enabled' in case of a threshold breach.
/// (Create an instance which associates between Ethernet Port and the given System Defense policy.)
///
/// Instance of the System Defense Policy which will be used
/// for the HeuristicPacketPolicy configuration
/// An out parameter which indicates if the Heuristic Packet Policy
/// was configured by the function or if it already exists
/// Reference of the created AMT_HeuristicPacketFilterInterfacePolicy association class
public IManagedReference ConfigureHeuristicPacketPolicy(IManagedReference sdPolicy, out bool heuristicPolicyExist)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot configure heuristic packet policy. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
heuristicPolicyExist = false; return null;
}
ethernetPortRef =
wsmanClient.NewReference(
"SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'");
IManagedReference heuristicPacketFilterInterfacePolicyRef =
wsmanClient.NewReference("SELECT * FROM AMT_HeuristicPacketFilterInterfacePolicy");
IWsmanEnumeration heuristicPacketFilterInterfacePolicies =
heuristicPacketFilterInterfacePolicyRef.Enumerate(null, null);
foreach (IWsmanItem heuristicPacketFilterInterfacePolicy in heuristicPacketFilterInterfacePolicies)
{
Console.WriteLine("\nWarning:");
Console.WriteLine("There is already an instance of Heuristic Packet System Defense Interface");
Console.WriteLine("Policy on the Intel(R) AMT platform; skipping the configuration.");
heuristicPolicyExist = true;
return null;
}
IManagedInstance heuristicPacketFilterInterfacePolicyInstance =
wsmanClient.NewInstance("AMT_HeuristicPacketFilterInterfacePolicy");
// heuristicPacketFilterInterfacePolicyInstance.SetProperty("Antecedent", ethernetPortRef);
//if(ethernetPortRef.count >0)
//{
heuristicPacketFilterInterfacePolicyInstance.SetProperty("Antecedent", ethernetPortRef);
// systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create a System Defense Policy' use case.
heuristicPacketFilterInterfacePolicyInstance.SetProperty("Dependent", sdPolicy);
heuristicPacketFilterInterfacePolicyRef = heuristicPacketFilterInterfacePolicyInstance.Create();
heuristicPolicyExist = false;
// heuristicsSdPolicy.Antecedent = portsList[0].Reference;
// heuristicsSdPolicy.Dependent = sdPolicy.Reference;
return heuristicPacketFilterInterfacePolicyRef;
//}
/*else
{
Console.WriteLine("Failed - there is no CIM_EthernetPort to enable on the policy");
return null;
} */
}
///
/// Disable AMT_HeuristicPacketFilterInterfacePolicy interface from the policy created
/// using CreateAndEnablePolicy method.
///
/// Use verbose mode
public void RemoveHeuristic(bool verbose)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot remove Heuristic. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine"); return;
}
// Get the created policy.
if (verbose)
{
Console.WriteLine("\nGet SystemDefensePolicy");
}
//Get reference to the system Defense Policy.
IManagedReference policy = GetPolicy();
if (null == policy)
{
Console.WriteLine("\nAborting: System Defense Policy was not found!" +
"\nNote that -createpolicy option should be called before this option");
return;
}
//Remove heuristic from policy.
if (verbose)
{
Console.WriteLine("\nRemove Heuristic Filter From Policy");
}
RemoveHeuristicFromPolicy(policy);
}
///
/// Disable Heuristic Packet Filter.
///
/// Use verbose mode
public void DisableHeuristic(bool verbose)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot disable Heuristic Packet Filter. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine"); return;
}
// Get Heuristic Packet Filter Settings
if (verbose)
Console.WriteLine("\nGet Heuristic Packet Filter Settings");
IManagedReference hpFilterSettings = GetHeurtisticPacketFilterSettings(verbose);
if(hpFilterSettings == null)
{
Console.WriteLine("\nCannot get Heuristic Packet Filter Settings." +
"\nNote: This method was deprecated in CSME 12.0 ");
return;
}
// Set the Heuristic Packet Filter Settings
if (verbose)
Console.WriteLine("\nSet Heuristic Packet Filter Settings");
SetHeuristicPacketFilterSettings(hpFilterSettings, false);
// hpFilterSettings.Get().GetProperty("InstanceID"), hpFilterSettings.Get().GetProperty("ElementName"), false);
Console.WriteLine("\nDisable heuristic packet filter settings - Done");
}
///
/// Enable Heuristic Packet Filter.
///
/// Use verbose mode
public void EnableHeuristic(bool verbose)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot enable Heuristic Packet Filter. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine"); return;
}
// Get Heuristic Packet Filter Settings.
if (verbose)
Console.WriteLine("\nGet Heuristic Packet Filter Settings");
IManagedReference hpFilterSettings = GetHeurtisticPacketFilterSettings(verbose);
if (hpFilterSettings != null)
{
// Set the Heuristic Packet Filter Settings.
if (verbose)
Console.WriteLine("\nSet Heuristic Packet Filter Settings");
if (hpFilterSettings.Get().GetProperty("Enabled").ToString().CompareTo("false") == 0)
SetHeuristicPacketFilterSettings(hpFilterSettings, true);
Console.WriteLine("\nEnable heuristic packet filter settings - Done");
}
else
Console.WriteLine("\nCannot enable Heuristic Packet Filter. " +
"\nNote: This method was deprecated in CSME 12.0");
}
///
/// Delete the created policy and the filters connected to it.
///
/// Important Note: This function deletes the policy, 8021 filters and IP filters if
/// their names matches CREATED_POLICY_NAME, HDR8021_FILTER_NAME and
/// IP_HEADER_FILTER_NAME (accordingly). Creating policy, 8021 filters
/// or IP filters with the same names not using the sample will cause
/// this function to try and delete them and could fail the function
/// execution.
/// In order to delete a specific policy or filter, one should use the
/// handle of the policy/filter to uniquely identify it.
///
/// Use verbose mode
public void DeletePolicy(bool verbose)
{
IManagedReference systemDefensePolicyRef = wsmanClient.NewReference("SELECT * FROM AMT_SystemDefensePolicy");// WHERE InstanceID='Intel(r) AMT:Handle:x'
IWsmanEnumeration systemDefensePolicyInstances = systemDefensePolicyRef.Enumerate(null, null);
if (systemDefensePolicyInstances == null || systemDefensePolicyInstances.HasNext == false)
{
Console.WriteLine("\nNo policies to delete");
return;
}
foreach (IWsmanItem systemDefensePolicyItem in systemDefensePolicyInstances)
{
systemDefensePolicyRef = systemDefensePolicyItem.Object.ToReference("InstanceID");
IManagedInstance systemDefensePolicyInstance = systemDefensePolicyRef.Get();
if (systemDefensePolicyInstance.GetProperty("PolicyName").ToString().CompareTo(CREATED_POLICY_NAME) == 0)
{
systemDefensePolicyRef.Delete();
Console.WriteLine($"\nThe System-Defense Policy Name: {systemDefensePolicyInstance.GetProperty("PolicyName").ToString()} was deleted successfully.");
}
}
}
///
/// Enumerate and Print all available policies.
/// This function is performed by default in the wired interface.
///
/// true- for performing the operation in the wireless. else- false
public void PrintAvailablePolicies(bool isWireless)
{
// Retrieve the enabled policies triggered by System Defense.
// Create a reference to the CIM_EthernetPort instance;
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port " + (isWireless ? "1'" : "0'"));
IManagedReference networkPortSystemDefensePolicyRef = wsmanClient.NewReference("AMT_NetworkPortSystemDefensePolicy");
networkPortSystemDefensePolicyRef.AddSelector("Antecedent", ethernetPortRef);
// Traverse to the AMT_NetworkPortSystemDefensePolicy instances that are connected to the CIM_EthernetPort instance.
var networkPortSystemDefensePolicies = networkPortSystemDefensePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
if (networkPortSystemDefensePolicies == null || networkPortSystemDefensePolicies.HasNext == false)
Console.WriteLine($"\nNo policies to display for: 'Enabled policies triggered by System Defense'");
else
{
Console.WriteLine("\nEnabled policies triggered by System Defense:");
foreach (IWsmanItem networkPortSystemDefensePolicyItem in networkPortSystemDefensePolicies)
{
// For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))
{
if ((networkPortSystemDefensePolicyItem.Object.GetProperty("Active").ToString() == "true") || (networkPortSystemDefensePolicyItem.Object.GetProperty("Enabled").ToString() == "true"))
{
//Get the AMT_SystemDefensePolicy object using its EPR.
IManagedInstance systemDefensePolicyInstance = networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref.Get();
DisplaySdPolicy(systemDefensePolicyInstance);
}
}
}
}
//Retrieve the enabled policies triggered by Agent Presence.
//Create a reference to the CIM_EthernetPort instance.
ethernetPortRef = wsmanClient.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port " + (isWireless ? "1'" : "0'"));
IManagedReference agentPresenceInterfacePolicyRef = wsmanClient.NewReference("AMT_AgentPresenceInterfacePolicy");
agentPresenceInterfacePolicyRef.AddSelector("Antecedent", ethernetPortRef);
//Traverse to the AMT_AgentPresenceInterfacePolicy instances that are connected to the CIM_EthernetPort instance.
var agentPresenceInterfacePolicies = agentPresenceInterfacePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
if (agentPresenceInterfacePolicies == null || agentPresenceInterfacePolicies.HasNext == false)
Console.WriteLine($"\nNo policies to display for: 'Enabled policies triggered by Agent Presence'");
else
{
Console.WriteLine("\nEnabled policies triggered by Agent Presence:");
foreach (IWsmanItem agentPresenceInterfacePolicyItem in agentPresenceInterfacePolicies)
{
// For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (agentPresenceInterfacePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))
{
if ((agentPresenceInterfacePolicyItem.Object.GetProperty("Enabled").Equals(true)) || (agentPresenceInterfacePolicyItem.Object.GetProperty("Active").Equals(true)))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
IManagedInstance systemDefensePolicyInstance = agentPresenceInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get();
DisplaySdPolicy(systemDefensePolicyInstance);
}
}
}
}
// Retrieve the enabled policies triggered by Environment Detection.
//Create a reference to the CIM_EthernetPort instance;
IManagedReference environmentDetectionInterfacePolicyRef = wsmanClient.NewReference("AMT_EnvironmentDetectionInterfacePolicy");
environmentDetectionInterfacePolicyRef.AddSelector("Antecedent", ethernetPortRef);
// Traverse to the AMT_EnvironmentDetectionInterfacePolicy instances that are connected to the CIM_EthernetPort instance.
var environmentDetectionInterfacePolicies = environmentDetectionInterfacePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
if (environmentDetectionInterfacePolicies == null || environmentDetectionInterfacePolicies.HasNext == false)
Console.WriteLine($"\nNo policies to display for: 'Enabled policies triggered by Environment Detection'");
else
{
Console.WriteLine("\nEnabled policies triggered by Environment Detection:");
foreach (IWsmanItem environmentDetectionInterfacePolicyItem in environmentDetectionInterfacePolicies)
{
// For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (environmentDetectionInterfacePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))
{
if ((environmentDetectionInterfacePolicyItem.Object.GetProperty("Enabled").Equals(true)) || (environmentDetectionInterfacePolicyItem.Object.GetProperty("Active").Equals(true)))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
IManagedInstance systemDefensePolicyInstance = environmentDetectionInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get();
DisplaySdPolicy(systemDefensePolicyInstance);
}
}
}
}
try
{
// Retrieve the enabled policies triggered by Heuristic System Defense.
//Create a reference to the CIM_EthernetPort instance; select the wired interface.
IManagedReference heuristicPacketFilterInterfacePolicyRef = wsmanClient.NewReference("AMT_HeuristicPacketFilterInterfacePolicy");
heuristicPacketFilterInterfacePolicyRef.AddSelector("Antecedent", ethernetPortRef);
// Traverse to the AMT_HeuristicsPacketFilterInterfacePolicy instances that are connected to the CIM_EthernetPort instance.
var heuristicPacketFilterInterfacePolicies = heuristicPacketFilterInterfacePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
if (heuristicPacketFilterInterfacePolicies == null || heuristicPacketFilterInterfacePolicies.HasNext == false)
Console.WriteLine($"\nNo policies to display for: 'Enabled policies triggered by Heuristic System Defense'");
else
{
Console.WriteLine("\nEnabled policies triggered by Heuristic System Defense:");
foreach (IWsmanItem heuristicPacketFilterInterfacePolicyItem in heuristicPacketFilterInterfacePolicies)
{
// For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))
{
if ((heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Enabled").Equals(true)) || (heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Active").Equals(true)))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
IManagedInstance systemDefensePolicyInstance = heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get();
DisplaySdPolicy(systemDefensePolicyInstance);
break;
}
}
}
}
}
catch(NullReferenceException)
{
Console.WriteLine($"\nCannot retrieve the 'Enabled policies triggered by Heuristic System-Defense'. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine");
}
}
public void PrintAvailablePolicies()
{
PrintAvailablePolicies(false);
}
#endregion FLOWS
#region FUNCTIONS
///
/// Outputs the SystemDefense Policy.
///
/// >Instance of the SystemDefense Policy
public void DisplaySdPolicy(IManagedInstance sdPolicy)
{
Console.WriteLine("\n{0}", sdPolicy.GetProperty("ElementName"));
Console.WriteLine("Instance ID: {0}", sdPolicy.GetProperty("InstanceID"));
Console.WriteLine("Policy Precedence: {0}", sdPolicy.GetProperty("PolicyPrecedence"));
Console.WriteLine("AntiSpoofing Support: {0}", sdPolicy.GetProperty("AntiSpoofingSupport"));
Console.WriteLine("Policy Name: {0}", sdPolicy.GetProperty("PolicyName"));
//List filterCreationHandles = GetFilterHandlesOfPolicy(sdPolicy);
IWsmanItem filterCreationHandles = sdPolicy.GetProperty("FilterCreationHandles");
if (filterCreationHandles.Count != 0)
{
Console.Write("Filter Creation Handles: ");
int i = 0;
foreach (IWsmanItem handle in filterCreationHandles)
{
Console.Write("{0}", handle.ToString());
if ((i + 1) != filterCreationHandles.Count)
{
Console.Write(", ");
}
i++;
}
Console.WriteLine();
}
Console.WriteLine("Rx Default Count: {0}", sdPolicy.GetProperty("RxDefaultCount"));
Console.WriteLine("Rx Default Drop: {0}", sdPolicy.GetProperty("RxDefaultDrop"));
Console.WriteLine("Rx Default Match Event: {0}", sdPolicy.GetProperty("RxDefaultMatchEvent"));
Console.WriteLine("Tx Default Count: {0}", sdPolicy.GetProperty("TxDefaultCount"));
Console.WriteLine("Tx Default Drop: {0}", sdPolicy.GetProperty("TxDefaultDrop"));
Console.WriteLine("Tx Default Match Event: {0}", sdPolicy.GetProperty("TxDefaultMatchEvent"));
}
///
/// Set the Heuristic Packet Filter Settings using the InstanceID, ElementName and Enabled properties.
/// Instance ID of the HeuristicPacketFilterSettings
/// Element Name of the HeuristicPacketFilterSettings
/// Enabled state of the HeuristicPacketFilterSettings
///
public void SetHeuristicPacketFilterSettings(IManagedReference heuristicPacketFilterSettingsRef, bool enable)// string instanceID, string elementName, bool enable)
{
//heuristicPacketFilterSettingsRef is an EPR to the AMT_HeuristicPacketFilterSettings object returned by the 'Get Heuristics Settings' use case.
IManagedInstance heuristicPacketFilterSettingsInstance = heuristicPacketFilterSettingsRef.Get();
heuristicPacketFilterSettingsInstance.SetProperty("Enabled", enable.ToString().ToLower()); //true or false
heuristicPacketFilterSettingsInstance.SetProperty("FastConnectionRateThreshold", "100");
heuristicPacketFilterSettingsInstance.SetProperty("FastConnectionRateClearTime", "100");
heuristicPacketFilterSettingsInstance.SetProperty("BlockOffensivePort", "true");
heuristicPacketFilterSettingsInstance.SetProperty("EncounterTimeout", "0");
heuristicPacketFilterSettingsRef.Put(heuristicPacketFilterSettingsInstance);
}
///
/// Remove heuristic from policy.
///
/// the policy to remove
public void RemoveHeuristicFromPolicy(IManagedReference systemDefensePolicyRef)
{
IManagedReference ethernetPortRef = wsmanClient.NewReference("SELECT * FROM AMT_EthernetPortSettings WHERE InstanceID='Intel(r) AMT Ethernet Port Settings 0'");
try
{
ethernetPortRef.Get();
}
catch (NullReferenceException)
{
Console.WriteLine("\nCannot remove Heuristic from policy. " +
"\nNotes: \ta) This method was deprecated in CSME 12.0 \n\tb) This method is not supported in a LAN-less machine"); return;
}
// systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create a System Defense Policy' use case.
IManagedInstance systemDefensePolicyInstance = systemDefensePolicyRef.Get();
IWsmanItem instanceID = systemDefensePolicyInstance.GetProperty("InstanceID");
// Create a reference to the CIM_EthernetPort instance.
ethernetPortRef =
wsmanClient.NewReference(
"SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'");
IManagedReference heuristicPacketFilterInterfacePolicyRef =
wsmanClient.NewReference("AMT_HeuristicPacketFilterInterfacePolicy");
heuristicPacketFilterInterfacePolicyRef.AddSelector("Antecedent", ethernetPortRef);
// Traverse to the AMT_HeuristicPacketFilterInterfacePolicy instances that are connected to the CIM_EthernetPort instance.
try
{
var heuristicPacketFilterInterfacePolicies = heuristicPacketFilterInterfacePolicyRef.Enumerate(
"http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null);
foreach (IWsmanItem heuristicPacketFilterInterfacePolicyItem in heuristicPacketFilterInterfacePolicies)
{
// For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (
heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").IsA(
"AMT_SystemDefensePolicy"))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
systemDefensePolicyInstance =
heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get();
if (
systemDefensePolicyInstance.GetProperty("InstanceID").ToString().CompareTo(
instanceID.ToString()) == 0)
{
heuristicPacketFilterInterfacePolicyRef =
heuristicPacketFilterInterfacePolicyItem.Object.ToReference("Dependent");
//"Antecedent", "Dependent");
heuristicPacketFilterInterfacePolicyRef.Delete();
}
}
}
Console.WriteLine("\nRemove Heuristic From Policy - Done");
}
catch(NullReferenceException)
{
Console.WriteLine("\nCannot remove Heuristic from policy. " +
"\nNote: This method was deprecated in CSME 12.0 ");
return;
}
}
///
/// Enumerate machine's SystemDefense policies.
///
/// use the wireless interface
/// Instance of System defense Policy
public IManagedReference GetPolicy(bool isWireless)
{
// Create a reference to the CIM_EthernetPort instance; select the wired interface.
IManagedReference ethernetPortRef =
wsmanClient.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port " +
(isWireless ? "1'" : "0'"));
IManagedReference networkPortSystemDefensePolicyRef = wsmanClient.NewReference("AMT_NetworkPortSystemDefensePolicy");
networkPortSystemDefensePolicyRef.AddSelector("Antecedent", ethernetPortRef);
// Traverse to the AMT_NetworkPortSystemDefensePolicy instances that are connected to the CIM_EthernetPort instance.
foreach (IWsmanItem networkPortSystemDefensePolicyItem in networkPortSystemDefensePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", null))
{
// For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.
if (networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))
{
if ((networkPortSystemDefensePolicyItem.Object.GetProperty("Active").ToString().Equals("true")) || (networkPortSystemDefensePolicyItem.Object.GetProperty("Enabled").ToString().Equals("true")))
{
// Get the AMT_SystemDefensePolicy object using its EPR.
IManagedInstance systemDefensePolicyInstance = networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref.Get();
IManagedReference systemDefensePolicyRef = networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref;
return systemDefensePolicyRef;
}
}
}
return null;
}
public IManagedReference GetPolicy()
{
return GetPolicy(false);
}
#endregion
}
}