.NET Configuration API
Monitor for .NET provides a fluent configuration API for standalone applications and middleware integration for ASP.NET Core.
Standalone Configuration (Console, Desktop, Mobile, IoT)
Use Bytehide.Monitor.Payload.ConfigureAsync for non-web applications:
C#
using Bytehide.Monitor.Core.Actions;
using Bytehide.Monitor.Core.Protection;
await Bytehide.Monitor.Payload.ConfigureAsync(config =>
{
// Enable all protections with a default action
config.EnableAllProtections(ActionType.Close, intervalMs: 60000);
});using Bytehide.Monitor.Core.Actions;
using Bytehide.Monitor.Core.Protection;
await Bytehide.Monitor.Payload.ConfigureAsync(config =>
{
// Enable all protections with a default action
config.EnableAllProtections(ActionType.Close, intervalMs: 60000);
});Protection Group Methods
C#
// Enable all protections (desktop + mobile + web)
config.EnableAllProtections(ActionType.Close, intervalMs: 60000);
// Enable only desktop-specific protections
config.EnableDesktopProtections(ActionType.Close, intervalMs: 60000);
// Enable only mobile-specific protections
config.EnableMobileProtections(ActionType.Close, intervalMs: 60000);// Enable all protections (desktop + mobile + web)
config.EnableAllProtections(ActionType.Close, intervalMs: 60000);
// Enable only desktop-specific protections
config.EnableDesktopProtections(ActionType.Close, intervalMs: 60000);
// Enable only mobile-specific protections
config.EnableMobileProtections(ActionType.Close, intervalMs: 60000);Individual Protection Selection
C#
config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close, intervalMs: 30000);
config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Close, intervalMs: 120000);
config.AddProtection(ProtectionModuleType.EmulatorDetection, ActionType.Log, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.ClockTampering, ActionType.Log, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.MemoryDumpDetection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.ProcessInjection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.NetworkTampering, ActionType.Log, intervalMs: 60000);config.AddProtection(ProtectionModuleType.DebuggerDetection, ActionType.Close, intervalMs: 30000);
config.AddProtection(ProtectionModuleType.VirtualMachineDetection, ActionType.Close, intervalMs: 120000);
config.AddProtection(ProtectionModuleType.EmulatorDetection, ActionType.Log, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.ClockTampering, ActionType.Log, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.MemoryDumpDetection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.TamperingDetection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.ProcessInjection, ActionType.Close, intervalMs: 60000);
config.AddProtection(ProtectionModuleType.NetworkTampering, ActionType.Log, intervalMs: 60000);ASP.NET Core Configuration
Use dependency injection and middleware for web applications:
C#
// Program.cs
builder.Services.AddByteHideMonitor(monitor => monitor
.WithProtection(ProtectionModuleType.SqlInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.CrossSiteScripting, ActionType.Block)
.WithProtection(ProtectionModuleType.PathTraversal, ActionType.Block)
.WithProtection(ProtectionModuleType.CommandInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.ServerSideRequestForgery, ActionType.Block)
.WithProtection(ProtectionModuleType.LdapInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.XmlExternalEntity, ActionType.Block)
.WithProtection(ProtectionModuleType.NoSqlInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.LlmPromptInjection, ActionType.Block)
);
// Add middleware to the pipeline
app.UseByteHideMonitor();// Program.cs
builder.Services.AddByteHideMonitor(monitor => monitor
.WithProtection(ProtectionModuleType.SqlInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.CrossSiteScripting, ActionType.Block)
.WithProtection(ProtectionModuleType.PathTraversal, ActionType.Block)
.WithProtection(ProtectionModuleType.CommandInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.ServerSideRequestForgery, ActionType.Block)
.WithProtection(ProtectionModuleType.LdapInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.XmlExternalEntity, ActionType.Block)
.WithProtection(ProtectionModuleType.NoSqlInjection, ActionType.Block)
.WithProtection(ProtectionModuleType.LlmPromptInjection, ActionType.Block)
);
// Add middleware to the pipeline
app.UseByteHideMonitor();Custom Action Handlers
Create custom threat response logic with named handlers:
C#
config.RegisterCustomAction("secure-shutdown", async (threat) =>
{
// 1. Log incident
await LogIncidentAsync(threat);
// 2. Encrypt sensitive data
await EncryptSensitiveDataAsync();
// 3. Notify administrators
await NotifyAdminsAsync(threat);
// 4. Secure shutdown
await SecureShutdownAsync();
});
config.EnableDesktopProtections(
action: "secure-shutdown",
intervalMs: 60000
);config.RegisterCustomAction("secure-shutdown", async (threat) =>
{
// 1. Log incident
await LogIncidentAsync(threat);
// 2. Encrypt sensitive data
await EncryptSensitiveDataAsync();
// 3. Notify administrators
await NotifyAdminsAsync(threat);
// 4. Secure shutdown
await SecureShutdownAsync();
});
config.EnableDesktopProtections(
action: "secure-shutdown",
intervalMs: 60000
);Inline Custom Actions
C#
config.AddProtection(
ProtectionModuleType.DebuggerDetection,
"secure-shutdown",
intervalMs: 30000
);config.AddProtection(
ProtectionModuleType.DebuggerDetection,
"secure-shutdown",
intervalMs: 30000
);Available Action Types
| Type | Description | Use Case |
|---|---|---|
| Close | Terminates application immediately | Critical threats |
| Log | Logs incident locally and to backend | Monitoring and analytics |
| None | Detects but takes no action | Testing and development |
| Block | Blocks the specific operation | Web interceptors (SQL injection, XSS) |
| Erase | Erases sensitive data before closing | Data protection scenarios |
| Custom | Executes your custom handler | Advanced scenarios |
Configuration Loading Order
When combining cloud, JSON, and programmatic configuration:
- Monitor checks for
monitor-config.jsonin the application directory - If no JSON file, fetches configuration from cloud (dashboard)
- Applies programmatic configuration (
ConfigureAsync/AddByteHideMonitor) - Programmatic configuration overrides automatic configuration