InfocyteHUNTAPI.psm1
#Variables $GUID_REGEX = "^[A-Z0-9]{8}-([A-Z0-9]{4}-){3}[A-Z0-9]{12}$" Write-Verbose "Importing Infocyte HUNT API Powershell Module" $PS = $PSVersionTable.PSVersion.tostring() if ($PSVersionTable.PSVersion.Major -lt 5) { Write-Warning "Powershell Version not supported. Install version 5.x or higher" return } else { Write-Verbose "Checking PSVersion [Minimum Supported: 5.0]: PASSED [$PS]!`n" } function Get-ICHelp { $Version = (Get-Module -Name InfocyteHUNTAPI).Version.ToString() Write-Host "Infocyte Powershell Module version $Version" Write-Host "Pass your Infocyte API Token into Set-ICToken to connect to an instance of Infocyte." Write-Host "`tThis will store your login token and server into a global variable for use by the other commands" Write-Host "`n" Write-Host "## Help ##" Write-Host -ForegroundColor Cyan "`tGet-ICHelp`n" Write-Host "## Authentication Functions ##" Write-Host -ForegroundColor Cyan "`tSet-ICToken (alias: Set-ICInstance)`n" Write-Host "## Generic API Functions ##" Write-Host -ForegroundColor Cyan "`tGet-ICAPI, Invoke-ICAPI`n" Write-Host "## Extension Development Functions ##" Write-Host -ForegroundColor Cyan "`tNew-ICExtension, Get-ICExtension, Update-ICExtension, Remove-ICExtension," Write-Host -ForegroundColor Cyan "`tTest-ICExtension (Runs the extension locally for testing" Write-Host -ForegroundColor Cyan "`tImport-ICExtension -> Loads an extension into your instance " Write-Host -ForegroundColor Cyan "`tImport-ICOfficialExtensions -> Imports all official extensions from Infocyte`n" Write-Host "## Admin/Misc Functions ##" Write-Host -ForegroundColor Cyan "`tGet-ICUser, Get-ICUserAuditLog," Write-Host -ForegroundColor Cyan "`tAdd-ICComment", "Get-ICDwellTime`n" Write-Host "## Target Group Management Functions ##" Write-Host -ForegroundColor Cyan "`tNew-ICTargetGroup, Get-ICTargetGroup, Remove-ICTargetGroup," Write-Host -ForegroundColor Cyan "`tNew-ICCredential, Get-ICCredential, Remove-ICCredential," Write-Host -ForegroundColor Cyan "`tNew-ICQuery, Get-ICQuery, Remove-ICQuery," Write-Host -ForegroundColor Cyan "`tGet-ICAddress, Remove-ICAddress," Write-Host -ForegroundColor Cyan "`tGet-ICAgent, Remove-ICAgent`n" Write-Host "## Analysis Data Retrieval Functions ##" Write-Host -ForegroundColor Cyan "`tGet-ICScan`n" Write-Host -ForegroundColor Cyan "`tGet-ICBox, Set-ICBox -> Boxes are 7 (default), 30, or 90 day aggregations" Write-Host -ForegroundColor Cyan "`tGet-ICObject (alias: Get-ICData) -> The primary data retrieval function" Write-Host -ForegroundColor Cyan "`tGet-ICVulnerability, Get-ICNote" Write-Host -ForegroundColor Cyan "`tGet-ICAlert, Get-ICFileDetail, Get-ICActivityTrace`n" Write-Host "## Scanning Functions ##" Write-Host -ForegroundColor Cyan "`tNew-ICScanOptions" Write-Host -ForegroundColor Cyan "`tInvoke-ICFindHosts, Invoke-ICScan" Write-Host "## Response Functions ##" Write-Host -ForegroundColor Cyan "`tInvoke-ICScanTarget -> Scans the specified host" Write-Host -ForegroundColor Cyan "`tInvoke-ICResponse -> Runs an extension on a specified host" Write-Host -ForegroundColor Cyan "`tGet-ICHostScanResult, Get-ICResponseResult`n" Write-Host "## Task Status Functions ##" Write-Host -ForegroundColor Cyan "`tGet-ICTask, Get-ICTaskItems`n" Write-Host "## Offline Scan Import Functions ##" Write-Host -ForegroundColor Cyan "`tImport-ICSurvey`n" Write-Host "`n" Write-Host "FAQ:" Write-Host "- Most data within HUNT are tagged and filterable by Scan (" -NoNewLine Write-Host -ForegroundColor Cyan "scanId" -NoNewLine Write-Host "), Time Boxes (" -NoNewLine Write-Host -ForegroundColor Cyan "boxId" -NoNewLine Write-Host "), and Target Groups (" -NoNewLine Write-Host -ForegroundColor Cyan "targetGroupId" -NoNewLine Write-Host ")" Write-Host "- Time Boxes are Last 7, 30, and 90 Day filters for all data within range" Write-Host "- GET Results are capped at $resultlimit results unless you use -NoLimit`n----------------`n" Write-Host "Examples:" Write-Host -ForegroundColor Cyan 'PS> Set-ICInstance -Instance "clouddemo" -Token ASDFASDASFASDASF -Save' Write-Host -ForegroundColor Cyan 'PS> $Box = Get-ICBox -Last30 | where { $_.TargetGroup -eq "Brooklyn Office"}' Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type Process -BoxId $Box.Id -NoLimit' Write-Host 'Using custom loopback filters: [HashTable]$where = @{ term1 = "asdf1"; term2 = "asdf2" }' Write-Host 'Note: Best time format is ISO 8601 or Get-Dates type code "o". i.e. 2019-05-03T00:37:40.0056344-05:00' Write-Host 'For more information on filtering, see loopbacks website here: https://loopback.io/doc/en/lb2/Where-filter.html' Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type File -BoxId $Box.Id -where @{ path = @{ regexp = "/roaming/i" } }' Write-Host -ForegroundColor Cyan 'PS> $customfilter = @{ threatName = "Unknown"; modifiedOn = @{ gt = $((Get-Date).AddDays(-10).GetDateTimeFormats('o')) }; size = @{ lt = 1000000 } }' Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type Artifact -BoxId $Box.Id -where $customfilter' Write-Host "Offline Scan Processing Example (Default Target Group = OfflineScans):" Write-Host -ForegroundColor Cyan 'PS> Import-ICSurvey -Path .\surveyresult.json.gz' Write-Host "Offline Scan Processing Example (Default Target Group = OfflineScans):" Write-Host -ForegroundColor Cyan 'PS> Get-ICTargetGroup' Write-Host -ForegroundColor Cyan 'PS> Get-ChildItem C:\FolderOfSurveyResults\ -filter *.json.gz | Import-ICSurvey -Path .\surveyresult.json.gz -TargetGroupId b3fe4271-356e-42c0-8d7d-01041665a59b' } # Read in all ps1 files . "$PSScriptRoot\requestHelpers.ps1" . "$PSScriptRoot\auth.ps1" . "$PSScriptRoot\data.ps1" . "$PSScriptRoot\targetgroupmgmt.ps1" . "$PSScriptRoot\status.ps1" . "$PSScriptRoot\scan.ps1" . "$PSScriptRoot\scan_schedule.ps1" . "$PSScriptRoot\admin.ps1" . "$PSScriptRoot\extensions.ps1" # SIG # Begin signature block # MIINOAYJKoZIhvcNAQcCoIINKTCCDSUCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUp/BB/AyA29q7/6X09vys/LgH # eh+gggp2MIIFHzCCBAegAwIBAgIQA7ShIT20JORyIag/jWOSyzANBgkqhkiG9w0B # AQsFADB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBTSEEyIEhp # Z2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQTAeFw0xODA5MTIwMDAwMDBaFw0y # MDExMTgxMjAwMDBaMF4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0G # A1UEBxMGQXVzdGluMRYwFAYDVQQKEw1JbmZvY3l0ZSwgSW5jMRYwFAYDVQQDEw1J # bmZvY3l0ZSwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzcR # GuszlupWLdmtti4glKsr6SS2sp370yioc2XyIwPzU/etsBQa41x6VO7HXjtSXSry # p3SYaoLPQmBiAzKjDP6dzu0l7cQFbwPMky3SGqrC3Wr+Kw/qoMgn3wKBxzPJ53Gj # s1oxNwyz2N7FwN977vErW9C/FgM/XuE7Zde/HGl3oxTJNtY++BG2Ri3rwi5hNbzV # 5+avrJFW1DzHVBXYxbrE9vNy4V6s7dlZT2xZoJ3AtHoBCUMgHRKii3wHgFRaxiuz # 6XzlvHzmnh02KUfoV6cX++bP4bRtsJjmvrfJV+Mhlh/MhUidhhQQx0spLIfxv+vZ # OACP5jLm0g2fj4G4VQIDAQABo4IBvzCCAbswHwYDVR0jBBgwFoAUZ50PIAkMzIo6 # 5YJGcmL88cyQ5UAwHQYDVR0OBBYEFBqi6MjBKip4kQYxVCjC7yOrUHWFMA4GA1Ud # DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAs # hipodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1jcy1nMS5jcmwwMKAu # oCyGKmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLWNzLWcxLmNybDBM # BgNVHSAERTBDMDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3 # dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEEATCBiAYIKwYBBQUHAQEEfDB6MCQG # CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKG # Rmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNz # dXJhbmNlQ29kZVNpZ25pbmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B # AQsFAAOCAQEABnQP0mJYXNzfz4pMCc4FbQ9qe8NjloGuIlUgXaxlFAoMKZWMueXq # mciPWULaE+Wd5ChTuNsrWKG7bWYYWmmo7C1RWhdZhQT/C+k3lFcsSr6gdXAXiOmv # 3xv3d3oqfNe19G6jt6akQ6LjEauRw4xKinoK/S61Pw9c1KtEAGT8djgX74h433fy # FPiQd//ePnihKN+GXRCeLvSaDGuVrhHuI6UUhe3MK2/Nb8MzFddwkOOdpky1HBn4 # 8oFEAOzbrTVTTv4BWLNRvAiY8UO3D2Kt322UuAdXIKNxWB94UaFt2jg2QsRkTHGQ # MmbQ8OgMIWWNcE9RcVKuobYbzUAGPoMimTCCBU8wggQ3oAMCAQICEAt+EJA8OEkP # +i9nmoehp7kwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoT # DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UE # AxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIx # MjAwMDBaFw0yODEwMjIxMjAwMDBaMHYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE # aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNTAzBgNVBAMT # LERpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgQ29kZSBTaWduaW5nIENBMIIB # IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEpefQcPQd7E9XYWNr1x/88/ # T3NLnNEN/krLV1hehRbdAhVUmfCPPC9NAngQaMjYNUs/wfdnzpgcrjO5LR2kClST # xIWi3zWx9fE8p7M0+11IyUbJYkS8SJnrKElTwz2PwA7eNZjpYlHfPWtAYe4EQdrP # p1xWltH5TLdEhIeYaeWCuRPmVb/IknCSCjFvf4syq89rWp9ixD7uvu1ZpFN/C/FS # iIp7Cmcky5DN7NJNNEyw4bWfnMb2byzN5spTdAGfZzXeOEktzu05RIIZeU4asrX7 # u3jwSWanz/pclnWSixpy2f9QklPMPsJDMgkahhNpPPuBMjMyZHVzKCYdCDA7BwID # AQABo4IB4TCCAd0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYw # EwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzAB # hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9j # YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RD # QS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu # Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9v # dENBLmNybDBPBgNVHSAESDBGMDgGCmCGSAGG/WwAAgQwKjAoBggrBgEFBQcCARYc # aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAKBghghkgBhv1sAzAdBgNVHQ4E # FgQUZ50PIAkMzIo65YJGcmL88cyQ5UAwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1Jgm # GggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBAGoO/34TfAalS8AujPlTZAniuliR # MFDszJ/h06gvSEY2GCnQeChfmFZADx66vbE7h1zcW9ggDe0aFk3VESQhS/EnaZAT # 6xGhAdr9tU55WXW9OCpqw/aOQSuKoovXLFFR2ZygyONOumyoR9JO0WgfjAJXO7Mp # ao5qICq58gBiZLrI6QD5zKTUupo12K8sZWwWfFgh3kow0PrrJF0GyZ0Wt61KRdMl # 4gzwQKpcTax+zQaCuXZGaQjYMraC/uOpWDRDG45nZ5c/aDEWNjiVPof3x8OvnXp3 # Gdnek7X9biv8lPk9t0wSNSwwvuiNngVwmkgT9IzW5x6sOOeo860Mt3rsZ+0xggIs # MIICKAIBATCBijB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBT # SEEyIEhpZ2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQQIQA7ShIT20JORyIag/ # jWOSyzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkq # hkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGC # NwIBFTAjBgkqhkiG9w0BCQQxFgQUbhAo9T6bK6XF5JJSu89ba4ORP/wwDQYJKoZI # hvcNAQEBBQAEggEAGRP7P0wes9k7YpFdBUDPu5d98rxCx75PnxspfIAidfjaqKqy # SekT6Sm91FGVNOqT+RNpNSQkxdqfHQcSr2d9wmTeqqSjCNVUwKV6lZ/03yPXZgOa # sG/mjP6P1cMeTHQ3vcKiBabyNEElt+n2TJgLd09i1/9jNtckEdNGpeRaulmNIcKo # z66kbyQrbJDNuka92M5YJtBayAsPmzHNYzG4gN4sBJnYrG2eU+qBkqt4jbO75w/2 # YoAz/I4zjbfakOkUPCzBX4HLkSOcj4xmiczSKvpc4cIu8PWsKUNiRNpnjOhbx0Xo # 5KXtAO1i3CUGkF1OEjWyDsSszlZRUp6Alf3Ndw== # SIG # End signature block |