Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

We separate the Webhook listener from the Admin Portal because we need to open access from Microsoft via the outside to Microsoftinternet. This Listener Server can be installed in the DMZ of the organization.

It is recommended to install the WLS on a separate site with a separate application pool. When the deployment is large (1000 user and more ) it is best to be done on a separate host

 Installation

  • Enable IIS on target machine (all the checkboxes)

  • Copy all the content from the package payload: C:\Agat\SphereShield.Setup\Payload\SphereShield.Listener into a new folder under Inetpub.

  • Replace these files with the ones from AccessPortal folder:

    • SphereShield.CasbCommon.dll

    • SphereShield.CasbMessagingBL.dll

    • SkypeShield.Infrastructure.dll

    • SkypeShield.Cryptography.dll

    • SkypeShield.File.dll

    • SkypeShield.Ldap.dll

    • SkypeShield.Mdm.dll

    • SkypeShield.Messaging.dll

    • SkypeShield.ServiceManagement.dll

    • SkypeShield.Settings.dll

    • SkypeShield.Skype.dll

    • SkypeShield.Validation.dll

    • SphereShield.Common.dll

    • SkypeShield.Infrastructure.Entities.dll

    • CasbMsOfficeApplication.dll

  • Create new site in the IIS manager and set the Physical path to new folder created.

  • Make sure all options under IIS are selected for the server, especially the development ones which include ASP versions.

  • Create an https URL for this site , then Microsoft could be send event so that Microsoft can send events to the site. ( We can use Teams7 for this, we then need to add a DNS record, like we do with other portals. A.L. Mar 28, 2022). We should give should assign a hostname like “listener”.

  • Set ConnectionString and IV / KEY .

  • Set Webhook certificate in the Configuration folder, you can verify it in following page Production Key Vault and Certificate

  • Change the C:\Agat\Listener_site\Configuration\Log4net.config file so the logs will write in this location: D:\Agat\Logs\ListenerSite

  • Make sure the AWS instance has the Security group that leaves 443 open to all.

  • Navigate to the site and you should see this Welcome page:

...

open Advanced Settings of your portal

set “Load User Profile” to “True”

open Advanced Settings of your Listener

set “Load User Profile” to “True”

...

Need to Enter the URL of the Webhook site created.

In case that AP already gets Webhooks, You will need to turn off the CasbAdapter for 1 hour, for new Webhook Subscription to be created.

Note: When external site url URL is left empty the Webhook will be set to the portal url URL as before this change.

Slack

In order to get webhooks for Slack, need the followings:

  • Update the bin folder with the latest dlls

  • Add CasbSlackApplication version 1.2.0 on

  • Settings table , add “Slack” to the value of CasbCloudServices (update this row)

  • Update in Settings table where name is CasbSlackAccessBotToken with the encrypted bot token taken from Slack configuration

  • Insert to settings table an empty value for SlackBotConfigurations, if no record is found for this name

  • Update Slack with the new URL. Should look like https://listener-bgd15.agatdemo.com/rest/v1/casb/webhook/slack/inspect , convention is https://{your-domain}/rest/v1/casb/webhook/slack/inspect

  • In applicationSettings.config of the listener add this line for the BusinessGPT address

<add key="BusinessGPTApiUrl" value="https://bgd15-firewall.agatdemo.com/firewallApi/v1/chat" />