InfocyteHUNTAPI

1.6.5

InfocyteHUNTAPI.psm1

                                #Variables

$GUID_REGEX = "^[A-Z0-9]{8}-([A-Z0-9]{4}-){3}[A-Z0-9]{12}$"

Write-Verbose "Importing Infocyte HUNT API Powershell Module"

$PS = $PSVersionTable.PSVersion.tostring()

if ($PSVersionTable.PSVersion.Major -lt 5) {

  Write-Warning "Powershell Version not supported. Install version 5.x or higher"

  return

} else {

    Write-Verbose "Checking PSVersion [Minimum Supported: 5.0]: PASSED [$PS]!`n"

}

function Get-ICHelp {

  $Version = (Get-Module -Name InfocyteHUNTAPI).Version.ToString()

    Write-Host "Infocyte Powershell Module version $Version"

    Write-Host "Pass your Infocyte API Token into Set-ICToken to connect to an instance of Infocyte."

    Write-Host "`tThis will store your login token and server into a global variable for use by the other commands"

    Write-Host "`n"

    Write-Host "## Help ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICHelp`n"

    Write-Host "## Authentication Functions ##"

    Write-Host -ForegroundColor Cyan "`tSet-ICToken (alias: Set-ICInstance)`n"

    Write-Host "## Generic API Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICAPI, Invoke-ICAPI`n"

    Write-Host "## Extension Development Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICExtension, Get-ICExtension, Update-ICExtension, Remove-ICExtension,"

    Write-Host -ForegroundColor Cyan "`tTest-ICExtension (Runs the extension locally for testing"

    Write-Host -ForegroundColor Cyan "`tImport-ICExtension -> Loads an extension into your instance "

    Write-Host -ForegroundColor Cyan "`tImport-ICOfficialExtensions -> Imports all official extensions from Infocyte`n" 

    Write-Host "## Admin/Misc Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICUser, Get-ICUserAuditLog,"

    Write-Host -ForegroundColor Cyan "`tAdd-ICComment", "Get-ICDwellTime`n"

    Write-Host "## Target Group Management Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICTargetGroup, Get-ICTargetGroup, Remove-ICTargetGroup,"

    Write-Host -ForegroundColor Cyan "`tNew-ICCredential, Get-ICCredential, Remove-ICCredential,"

    Write-Host -ForegroundColor Cyan "`tNew-ICQuery, Get-ICQuery, Remove-ICQuery,"

    Write-Host -ForegroundColor Cyan "`tGet-ICAddress, Remove-ICAddress,"

    Write-Host -ForegroundColor Cyan "`tGet-ICAgent, Remove-ICAgent`n"

    Write-Host "## Analysis Data Retrieval Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICScan`n"

    Write-Host -ForegroundColor Cyan "`tGet-ICBox, Set-ICBox -> Boxes are 7 (default), 30, or 90 day aggregations"

    Write-Host -ForegroundColor Cyan "`tGet-ICObject (alias: Get-ICData) -> The primary data retrieval function"

    Write-Host -ForegroundColor Cyan "`tGet-ICVulnerability, Get-ICNote"

    Write-Host -ForegroundColor Cyan "`tGet-ICAlert, Get-ICFileDetail, Get-ICActivityTrace`n"

    Write-Host "## Scanning Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICScanOptions"

    Write-Host -ForegroundColor Cyan "`tInvoke-ICFindHosts, Invoke-ICScan"

    Write-Host "## Response Functions ##"

    Write-Host -ForegroundColor Cyan "`tInvoke-ICScanTarget -> Scans the specified host"

    Write-Host -ForegroundColor Cyan "`tInvoke-ICResponse -> Runs an extension on a specified host"

    Write-Host -ForegroundColor Cyan "`tGet-ICHostScanResult, Get-ICResponseResult`n"

    Write-Host "## Task Status Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICTask, Get-ICTaskItems`n"

    Write-Host "## Offline Scan Import Functions ##"

    Write-Host -ForegroundColor Cyan "`tImport-ICSurvey`n"

    Write-Host "`n"

    Write-Host "FAQ:"

    Write-Host "- Most data within HUNT are tagged and filterable by Scan (" -NoNewLine

    Write-Host -ForegroundColor Cyan "scanId" -NoNewLine

    Write-Host "), Time Boxes (" -NoNewLine

    Write-Host -ForegroundColor Cyan "boxId" -NoNewLine

    Write-Host "), and Target Groups (" -NoNewLine

    Write-Host -ForegroundColor Cyan "targetGroupId" -NoNewLine

    Write-Host ")"

    Write-Host "- Time Boxes are Last 7, 30, and 90 Day filters for all data within range"

    Write-Host "- GET Results are capped at $resultlimit results unless you use -NoLimit`n----------------`n"

    Write-Host "Examples:"

    Write-Host -ForegroundColor Cyan 'PS> Set-ICInstance -Instance "clouddemo" -Token ASDFASDASFASDASF -Save'

    Write-Host -ForegroundColor Cyan 'PS> $Box = Get-ICBox -Last30 | where { $_.TargetGroup -eq "Brooklyn Office"}'

    Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type Process -BoxId $Box.Id -NoLimit'

    Write-Host 'Using custom loopback filters: [HashTable]$where = @{ term1 = "asdf1"; term2 = "asdf2" }'

    Write-Host 'Note: Best time format is ISO 8601 or Get-Dates type code "o". i.e. 2019-05-03T00:37:40.0056344-05:00'

    Write-Host 'For more information on filtering, see loopbacks website here: https://loopback.io/doc/en/lb2/Where-filter.html'

    Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type File -BoxId $Box.Id -where @{ path = @{ regexp = "/roaming/i" } }'

    Write-Host -ForegroundColor Cyan 'PS> $customfilter = @{ threatName = "Unknown"; modifiedOn = @{ gt = $((Get-Date).AddDays(-10).GetDateTimeFormats('o')) }; size = @{ lt = 1000000 } }'

    Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type Artifact -BoxId $Box.Id -where $customfilter'

    Write-Host "Offline Scan Processing Example (Default Target Group = OfflineScans):"

    Write-Host -ForegroundColor Cyan 'PS> Import-ICSurvey -Path .\surveyresult.json.gz'

    Write-Host "Offline Scan Processing Example (Default Target Group = OfflineScans):"

    Write-Host -ForegroundColor Cyan 'PS> Get-ICTargetGroup'

    Write-Host -ForegroundColor Cyan 'PS> Get-ChildItem C:\FolderOfSurveyResults\ -filter *.json.gz | Import-ICSurvey -Path .\surveyresult.json.gz -TargetGroupId b3fe4271-356e-42c0-8d7d-01041665a59b'

}

# Read in all ps1 files

. "$PSScriptRoot\requestHelpers.ps1"

. "$PSScriptRoot\auth.ps1"

. "$PSScriptRoot\data.ps1"

. "$PSScriptRoot\targetgroupmgmt.ps1"

. "$PSScriptRoot\status.ps1"

. "$PSScriptRoot\scan.ps1"

. "$PSScriptRoot\scan_schedule.ps1"

. "$PSScriptRoot\admin.ps1"

. "$PSScriptRoot\extensions.ps1"

# SIG # Begin signature block

# MIINOAYJKoZIhvcNAQcCoIINKTCCDSUCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB

# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR

# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUp/BB/AyA29q7/6X09vys/LgH

# eh+gggp2MIIFHzCCBAegAwIBAgIQA7ShIT20JORyIag/jWOSyzANBgkqhkiG9w0B

# AQsFADB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD

# VQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBTSEEyIEhp

# Z2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQTAeFw0xODA5MTIwMDAwMDBaFw0y

# MDExMTgxMjAwMDBaMF4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0G

# A1UEBxMGQXVzdGluMRYwFAYDVQQKEw1JbmZvY3l0ZSwgSW5jMRYwFAYDVQQDEw1J

# bmZvY3l0ZSwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzcR

# GuszlupWLdmtti4glKsr6SS2sp370yioc2XyIwPzU/etsBQa41x6VO7HXjtSXSry

# p3SYaoLPQmBiAzKjDP6dzu0l7cQFbwPMky3SGqrC3Wr+Kw/qoMgn3wKBxzPJ53Gj

# s1oxNwyz2N7FwN977vErW9C/FgM/XuE7Zde/HGl3oxTJNtY++BG2Ri3rwi5hNbzV

# 5+avrJFW1DzHVBXYxbrE9vNy4V6s7dlZT2xZoJ3AtHoBCUMgHRKii3wHgFRaxiuz

# 6XzlvHzmnh02KUfoV6cX++bP4bRtsJjmvrfJV+Mhlh/MhUidhhQQx0spLIfxv+vZ

# OACP5jLm0g2fj4G4VQIDAQABo4IBvzCCAbswHwYDVR0jBBgwFoAUZ50PIAkMzIo6

# 5YJGcmL88cyQ5UAwHQYDVR0OBBYEFBqi6MjBKip4kQYxVCjC7yOrUHWFMA4GA1Ud

# DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAs

# hipodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1jcy1nMS5jcmwwMKAu

# oCyGKmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLWNzLWcxLmNybDBM

# BgNVHSAERTBDMDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3

# dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEEATCBiAYIKwYBBQUHAQEEfDB6MCQG

# CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKG

# Rmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNz

# dXJhbmNlQ29kZVNpZ25pbmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B

# AQsFAAOCAQEABnQP0mJYXNzfz4pMCc4FbQ9qe8NjloGuIlUgXaxlFAoMKZWMueXq

# mciPWULaE+Wd5ChTuNsrWKG7bWYYWmmo7C1RWhdZhQT/C+k3lFcsSr6gdXAXiOmv

# 3xv3d3oqfNe19G6jt6akQ6LjEauRw4xKinoK/S61Pw9c1KtEAGT8djgX74h433fy

# FPiQd//ePnihKN+GXRCeLvSaDGuVrhHuI6UUhe3MK2/Nb8MzFddwkOOdpky1HBn4

# 8oFEAOzbrTVTTv4BWLNRvAiY8UO3D2Kt322UuAdXIKNxWB94UaFt2jg2QsRkTHGQ

# MmbQ8OgMIWWNcE9RcVKuobYbzUAGPoMimTCCBU8wggQ3oAMCAQICEAt+EJA8OEkP

# +i9nmoehp7kwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoT

# DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UE

# AxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIx

# MjAwMDBaFw0yODEwMjIxMjAwMDBaMHYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE

# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNTAzBgNVBAMT

# LERpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgQ29kZSBTaWduaW5nIENBMIIB

# IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEpefQcPQd7E9XYWNr1x/88/

# T3NLnNEN/krLV1hehRbdAhVUmfCPPC9NAngQaMjYNUs/wfdnzpgcrjO5LR2kClST

# xIWi3zWx9fE8p7M0+11IyUbJYkS8SJnrKElTwz2PwA7eNZjpYlHfPWtAYe4EQdrP

# p1xWltH5TLdEhIeYaeWCuRPmVb/IknCSCjFvf4syq89rWp9ixD7uvu1ZpFN/C/FS

# iIp7Cmcky5DN7NJNNEyw4bWfnMb2byzN5spTdAGfZzXeOEktzu05RIIZeU4asrX7

# u3jwSWanz/pclnWSixpy2f9QklPMPsJDMgkahhNpPPuBMjMyZHVzKCYdCDA7BwID

# AQABo4IB4TCCAd0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYw

# EwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzAB

# hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9j

# YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RD

# QS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu

# Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0

# cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9v

# dENBLmNybDBPBgNVHSAESDBGMDgGCmCGSAGG/WwAAgQwKjAoBggrBgEFBQcCARYc

# aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAKBghghkgBhv1sAzAdBgNVHQ4E

# FgQUZ50PIAkMzIo65YJGcmL88cyQ5UAwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1Jgm

# GggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBAGoO/34TfAalS8AujPlTZAniuliR

# MFDszJ/h06gvSEY2GCnQeChfmFZADx66vbE7h1zcW9ggDe0aFk3VESQhS/EnaZAT

# 6xGhAdr9tU55WXW9OCpqw/aOQSuKoovXLFFR2ZygyONOumyoR9JO0WgfjAJXO7Mp

# ao5qICq58gBiZLrI6QD5zKTUupo12K8sZWwWfFgh3kow0PrrJF0GyZ0Wt61KRdMl

# 4gzwQKpcTax+zQaCuXZGaQjYMraC/uOpWDRDG45nZ5c/aDEWNjiVPof3x8OvnXp3

# Gdnek7X9biv8lPk9t0wSNSwwvuiNngVwmkgT9IzW5x6sOOeo860Mt3rsZ+0xggIs

# MIICKAIBATCBijB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j

# MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBT

# SEEyIEhpZ2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQQIQA7ShIT20JORyIag/

# jWOSyzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkq

# hkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGC

# NwIBFTAjBgkqhkiG9w0BCQQxFgQUbhAo9T6bK6XF5JJSu89ba4ORP/wwDQYJKoZI

# hvcNAQEBBQAEggEAGRP7P0wes9k7YpFdBUDPu5d98rxCx75PnxspfIAidfjaqKqy

# SekT6Sm91FGVNOqT+RNpNSQkxdqfHQcSr2d9wmTeqqSjCNVUwKV6lZ/03yPXZgOa

# sG/mjP6P1cMeTHQ3vcKiBabyNEElt+n2TJgLd09i1/9jNtckEdNGpeRaulmNIcKo

# z66kbyQrbJDNuka92M5YJtBayAsPmzHNYzG4gN4sBJnYrG2eU+qBkqt4jbO75w/2

# YoAz/I4zjbfakOkUPCzBX4HLkSOcj4xmiczSKvpc4cIu8PWsKUNiRNpnjOhbx0Xo

# 5KXtAO1i3CUGkF1OEjWyDsSszlZRUp6Alf3Ndw==

# SIG # End signature block