The InTrust SDK makes InTrust functionality available to applications. At this time, the SDK includes the following components:
The InTrust SDK is included in the InTrust Server component and works on any computer where InTrust Server is deployed.
If you want to install the SDK separately from InTrust Server, the computer must meet the following requirements (similar to the requirements for InTrust Server):
Architecture |
x64 |
Operating System |
Any of the following:
|
Memory |
Min. 6GB |
Additional Software and Services |
|
|
Caution: To use the InTrust API with old versions of Windows PowerShell (2.0 and earlier), make sure you configure PowerShell to use the version of the .NET runtime that the SDK requires. For that, create the powershell.exe.config (or powershell_ise.exe.config) file in the same folder as powershell.exe (or powershell_ise.exe) file with content like the following: <?xml version="1.0"?> |
To be able to use the features of the InTrust SDK, your code must be run under an account that is listed as an InTrust organization administrator. For details about setting up this privilege, see InTrust Organization Administrators.
To install the InTrust SDK separately from InTrust Server, run the INTRUST_SDK.11.5.1.*.*.msi installation package provided to you. It is located in the InTrust\Server folder in your InTrust distribution.
To make sure that C# bindings work, enable references to the following COM type libraries:
For each of them, open the properties and set the Embed Interop Types parameter to False.
This topic describes the API that InTrust provides for repositories. This API lets you do the following:
The API is implemented as a collection of COM objects that become available after you have installed the InTrust SDK. Use the interfaces described in the topics listed below; call the methods of those interfaces for access to records and repositories.
Use the interfaces listed below for access to an InTrust repository. Once you have gained access, you can search for records in the repository (see Getting Records) and write records to it (see Writing Records).
The following diagram shows the relationships between the InTrust SDK's interfaces used for getting access to a repository. An arrow indicates that an interface returns another interface.
Before you can have access to an InTrust repository, you need to initialize the InTrust environment. For that, create an object that implements the IInTrustEnvironment interface. This object makes the current InTrust organization, its servers and its repositories available to you. The relationships between these items are as follows:
The IInTrustEnvironment interface provides the environment for working with all available InTrust organizations. You can use two methods to get the organization you need:
Once you have gained access to an organization, use its interface (IInTrustOrganization3) to get a collection of the repositories in it (IInTrustRepositoryCollection2) and get the repository you are looking for (IInTrustRepository3).
The information above concerns access to regular production repositories. However, a valid file structure with data can also act as an InTrust repository for the purposes of searching and writing, even if it is not included in InTrust configuration. It is called an idle repository. An idle repository has no representation in the InTrust environment, so you need to construct its interface to gain access. For details, see Creating and Removing Repositories.
If you know the name of the organization for a specific repository, follow the organization → repository chain of access:
{
IInTrustEnvironment intrust_environment = new InTrustEnvironment();
IInTrustOrganizationCollection organizations = intrust_environment.Organizations;
IInTrustOrganization3 intrust_organization = organizations.Cast<IInTrustOrganization3>().Where(x => x.Name == "My Organization").First();
IInTrustRepositoryCollection2 repositories = intrust_organization.Repositories2;
IInTrustRepository3 repository = repositories.Cast<IInTrustRepository3>().Where(x => x.Name == "My Repository").First();
}
If you only know the name of a server in the organization, follow the server → organization → repository chain of access:
{
IInTrustEnvironment intrust_environment = new InTrustEnvironment();
IInTrustServer intrust_server = intrust_environment.ConnectToServer("My Server");
IInTrustOrganization3 intrust_organization = intrust_server.Organization as IInTrustOrganization3;
IInTrustRepositoryCollection2 repositories = intrust_organization.Repositories2;
IInTrustRepository3 repository = repositories.Cast<IInTrustRepository3>().Where(x => x.Name == "My Repository").First();
}
Use the following interfaces for repository access and related tasks:
The InTrust repository was originally developed to store event log data, and this dictated the design choices that it is based on. However, the repository architecture is flexible enough for storing generic records containing arbitrary key-value pairs. The repository API provides tools for reading and writing both kinds of data.
Importantly, the repository is a document-oriented store. If you need to implement any inter-document relationships, you need to define them at the document contents level.
The following diagram shows the relationships between the InTrust SDK's interfaces used for reading and writing repository data. An arrow indicates that an interface returns another interface. Dashed lines between interfaces mean they don't return one another, but are used together for particular tasks.
See below for details about building program flow that uses these relationships. For a diagram of how to obtain the IInTrustRepository3 interface, see Connecting to a Repository.
Whether you want to write generic records or events, first you need access to the IRepositoryRecordInserter or IRepositoryRecordInserter2 interface. Take the following steps:
For details about the next steps, see the following topics:
Reading data from a repository means searching the repository for it. Search queries use the REL language described in InTrust Customization Kit. For a list of fields that you can use in search queries, see Searchable Event and Record Fields. For some important REL query specifics, see Composing REL Queries.
The data-retrieving functionality of the InTrust repository API is modeled after the push-based notification system used in the Microsoft .NET Framework. Therefore, the API provides similar interfaces (such as IObservable and IObserver).
To perform a repository search
Example of a helper function (C#):
static void search_events(IInTrustRepository intrust_repository, string query)
{
IObservable observable = intrust_repository.Searcher().Search(query);
MyObserver observer = new MyObserver();
observable.Subscribe(observer, out observer.m_cookie);
}
The repository API also provides a way to perform searches on multiple repositories simultaneously. The IMultiRepositorySearcher interface is provided for this purpose.
To perform a multi-repository search
Example of a multi-repository search:
IInTrustEnvironment env = new InTrustEnvironment();
IInTrustServer server = env.ConnectToServer("10.30.38.230");
IInTrustOrganization org = server.Organization;
IInTrustEventory evs = org.Eventory;
string eventory_str = evs.Eventory;
IMultiRepositorySearcherFactory multi_searcher_fac = new MultiRepositorySearcherFactory();
IMultiRepositorySearcher multi_searcher = multi_searcher_fac.CreateMultiRepositorySearcher(eventory_str);
The example above involves an explicitly specified log knowledge base (see Log Knowledge Base API for details). To use the default log knowledge base, rewrite it as follows:
IMultiRepositorySearcherFactory multi_searcher_fac = new MultiRepositorySearcherFactory();
IMultiRepositorySearcher multi_searcher = multi_searcher_fac.CreateMultiRepositorySearcher(null);
For details about the next steps, see the following topics:
The following interfaces are involved in repository searches:
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center