InfocyteHUNTAPI

1.6.5

auth.ps1

                                # Helpers

$sslverificationcode = @"

        using System.Net.Security;

        using System.Security.Cryptography.X509Certificates;

        public static class TrustEverything

        {

                private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain,

                        SslPolicyErrors sslPolicyErrors) { return true; }

                public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; }

                public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; }

        }

"@

function _DisableSSLVerification {

    Write-Verbose "Disabling SSL Verification!"

    if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type) {

        Add-Type -TypeDefinition $sslverificationcode

    }

    [TrustEverything]::SetCallback()

}

# Generate an API token in the web console's profile or admin section.

# You can save tokens and proxy info to disk as well with the -Save switch.

function Set-ICToken {

    [cmdletbinding()]

    [alias("Set-ICInstance")]

    param(

        [parameter(Mandatory=$true, HelpMessage="Infocyte Cloud Instance Name (e.g. 'clouddemo') or Full URL of Server/API (e.g. https://CloudDemo.infocyte.com)'")]

        [ValidateNotNullOrEmpty()]

        [alias("HuntServer")]

        [String]$Instance,

        [parameter(HelpMessage="API Token from Infocyte App. Omit if using saved credentials.")]

        [String]$Token,

        [parameter(HelpMessage="Proxy Address and port: e.g. '192.168.1.5:8080'")]

        [String]$Proxy,

        [String]$ProxyUser,

        [String]$ProxyPass,

        [Switch]$DisableSSLVerification,

        [parameter(HelpMessage="Will save provided token and proxy settings to disk for future use with this Infocyte Instance.")]

        [Switch]$Save

    )

    if ($DisableSSLVerification) {

        _DisableSSLVerification

    }

    Write-Verbose "Setting Security Protocol to TLS1.2"

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    [System.Net.ServicePointManager]::MaxServicePointIdleTime = 60000

    if ($Instance -match "https://*") {

        $Global:HuntServerAddress = $Instance

    } elseif ($Instance -match ".*infocyte.com") {

        $Global:HuntServerAddress = "https://$Instance"

    } else {

        $Global:HuntServerAddress = "https://$Instance.infocyte.com"

    }

    Write-Verbose "Setting Global API URL to $Global:HuntServerAddress/api"

    if ($IsWindows -OR $env:OS -match "windows") {

        $credentialfile = "$env:appdata/infocyte/credentials.json"

    } 

    else {

        $credentialfile = "$env:HOME/infocyte/credentials.json"

    }

    $Global:ICCredentials = @{}

    if (Test-Path $credentialfile) {

        (Get-Content $credentialfile | ConvertFrom-JSON).psobject.properties | ForEach-Object {

            $Global:ICCredentials[$_.Name] = $_.Value

        }

    } else {

        if (-NOT (Test-Path (Split-Path $credentialfile))) {

            New-Item -ItemType "directory" -Path (Split-Path $credentialfile) | Out-Null

        }

    }

    if ($Token) {

        # Set Token to global variable

        if ($Token.length -eq 64) {

                $Global:ICToken = $Token

                Write-Verbose "Setting Auth Token for $Global:HuntServerAddress to $Token"

        } else {

            Throw "Invalide token. Must be a 64 character string generated within your profile or admin panel within Infocyte HUNT's web console"

            return

        }

    } else {

        # Load from file

        if ($Global:ICCredentials[$Global:HuntServerAddress]) {

            Write-Verbose "Setting auth token from credential file: $credentialfile"

            $Global:ICToken = $Global:ICCredentials[$Global:HuntServerAddress]

        } else {

            Throw "No Token found for $($Global:HuntServerAddress) in credential file! Please provide credentials with -Save switch to save them to credential file first."

        }

    }

    if ($Proxy) {

            Write-Verbose "Infocyte API functions will use Proxy: $Proxy"

            $Global:Proxy = $Proxy

            if ($ProxyUser -AND $ProxyPass) {

                Write-Verbose "Infocyte API functions will now use Proxy User: $ProxyUser"

                $pw = ConvertTo-SecureString $ProxyPass -AsPlainText -Force

                $Global:ProxyCredential = New-Object System.Management.Automation.PSCredential ($ProxyUser, $pw)

            }

    } else {

        # Load from file

        $Global:Proxy = $Global:ICCredentials["Proxy"]

        if ($Global:Proxy) {

            Write-Verbose "Infocyte API functions will use Proxy config loaded from credential file: $($Global:Proxy)"

        }

        if ($Global:ICCredentials["ProxyUser"]) {

            $pw = ConvertTo-SecureString $Global:ICCredentials["ProxyPass"] -AsPlainText -Force

            $Global:ProxyCredential = New-Object System.Management.Automation.PSCredential ($Global:ICCredentials["ProxyPass"], $pw)

        }

    }

    #Test connection

    $ver = Get-ICAPI -Endpoint "Version"

    # Set initial default boxId (change with Set-ICBox) and test connection

    $box = Get-ICBox -Last 7 -Global

    if ($box) {

        Write-Verbose "Successfully connected to $Global:HuntServerAddress"

        $Global:ICCurrentBox = $box.id

        Write-Verbose "`$Global:ICCurrentBox is set to $($box.targetGroup)-$($box.name) [$($box.id)]"

        Write-Verbose "All analysis data & object retrieval will default to this box."

        Write-Verbose "Use Set-ICBox to change the default in this session."

    } else {

        Throw "Your connection to $Global:HuntServerAddress failed using Infocyte API URI: $Global:HuntServerAddress`nToken: $Global:ICToken`nProxy: $Global:Proxy`nProxyUser: $($Global:ICCredentials['ProxyUser'])"

    }

    if ($Save) {

        Write-Verbose "Saving Token and Proxy settings to credential file: $credentialfile"

        $Global:ICCredentials[$Global:HuntServerAddress] = $Global:ICToken

        if ($Proxy) {

            $Global:ICCredentials["Proxy"] = $Proxy

            if ($ProxyUser -AND $ProxyPass) {

                $Global:ICCredentials["ProxyUser"] = $ProxyUser

                $Global:ICCredentials["ProxyPass"] = $ProxyPass

            }

        }

        if (Test-Path $credentialfile) {

            # Archive current credential

            Write-Verbose "Previous credential file has been backed up."

            Copy-Item -Path $credentialfile -Destination "$($credentialfile)-OLD"

        }

        $Global:ICCredentials | ConvertTo-JSON | Out-File $credentialfile -Force

        Write-Verbose "Token, Hunt Server Address, and Proxy settings are stored on disk. Omit token and proxy arguments to use saved versions."

    } else {

        Write-Verbose "Token, Hunt Server Address, and Proxy settings are stored in global session variables for use in all IC cmdlets."

    }

    Return $true

}

# SIG # Begin signature block

# MIINOAYJKoZIhvcNAQcCoIINKTCCDSUCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB

# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR

# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUGG+Ihh8NrK8voQXfFQchK48b

# zFigggp2MIIFHzCCBAegAwIBAgIQA7ShIT20JORyIag/jWOSyzANBgkqhkiG9w0B

# AQsFADB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD

# VQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBTSEEyIEhp

# Z2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQTAeFw0xODA5MTIwMDAwMDBaFw0y

# MDExMTgxMjAwMDBaMF4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0G

# A1UEBxMGQXVzdGluMRYwFAYDVQQKEw1JbmZvY3l0ZSwgSW5jMRYwFAYDVQQDEw1J

# bmZvY3l0ZSwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzcR

# GuszlupWLdmtti4glKsr6SS2sp370yioc2XyIwPzU/etsBQa41x6VO7HXjtSXSry

# p3SYaoLPQmBiAzKjDP6dzu0l7cQFbwPMky3SGqrC3Wr+Kw/qoMgn3wKBxzPJ53Gj

# s1oxNwyz2N7FwN977vErW9C/FgM/XuE7Zde/HGl3oxTJNtY++BG2Ri3rwi5hNbzV

# 5+avrJFW1DzHVBXYxbrE9vNy4V6s7dlZT2xZoJ3AtHoBCUMgHRKii3wHgFRaxiuz

# 6XzlvHzmnh02KUfoV6cX++bP4bRtsJjmvrfJV+Mhlh/MhUidhhQQx0spLIfxv+vZ

# OACP5jLm0g2fj4G4VQIDAQABo4IBvzCCAbswHwYDVR0jBBgwFoAUZ50PIAkMzIo6

# 5YJGcmL88cyQ5UAwHQYDVR0OBBYEFBqi6MjBKip4kQYxVCjC7yOrUHWFMA4GA1Ud

# DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAs

# hipodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1jcy1nMS5jcmwwMKAu

# oCyGKmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLWNzLWcxLmNybDBM

# BgNVHSAERTBDMDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3

# dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEEATCBiAYIKwYBBQUHAQEEfDB6MCQG

# CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKG

# Rmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNz

# dXJhbmNlQ29kZVNpZ25pbmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B

# AQsFAAOCAQEABnQP0mJYXNzfz4pMCc4FbQ9qe8NjloGuIlUgXaxlFAoMKZWMueXq

# mciPWULaE+Wd5ChTuNsrWKG7bWYYWmmo7C1RWhdZhQT/C+k3lFcsSr6gdXAXiOmv

# 3xv3d3oqfNe19G6jt6akQ6LjEauRw4xKinoK/S61Pw9c1KtEAGT8djgX74h433fy

# FPiQd//ePnihKN+GXRCeLvSaDGuVrhHuI6UUhe3MK2/Nb8MzFddwkOOdpky1HBn4

# 8oFEAOzbrTVTTv4BWLNRvAiY8UO3D2Kt322UuAdXIKNxWB94UaFt2jg2QsRkTHGQ

# MmbQ8OgMIWWNcE9RcVKuobYbzUAGPoMimTCCBU8wggQ3oAMCAQICEAt+EJA8OEkP

# +i9nmoehp7kwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoT

# DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UE

# AxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIx

# MjAwMDBaFw0yODEwMjIxMjAwMDBaMHYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE

# aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNTAzBgNVBAMT

# LERpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgQ29kZSBTaWduaW5nIENBMIIB

# IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEpefQcPQd7E9XYWNr1x/88/

# T3NLnNEN/krLV1hehRbdAhVUmfCPPC9NAngQaMjYNUs/wfdnzpgcrjO5LR2kClST

# xIWi3zWx9fE8p7M0+11IyUbJYkS8SJnrKElTwz2PwA7eNZjpYlHfPWtAYe4EQdrP

# p1xWltH5TLdEhIeYaeWCuRPmVb/IknCSCjFvf4syq89rWp9ixD7uvu1ZpFN/C/FS

# iIp7Cmcky5DN7NJNNEyw4bWfnMb2byzN5spTdAGfZzXeOEktzu05RIIZeU4asrX7

# u3jwSWanz/pclnWSixpy2f9QklPMPsJDMgkahhNpPPuBMjMyZHVzKCYdCDA7BwID

# AQABo4IB4TCCAd0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYw

# EwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzAB

# hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9j

# YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RD

# QS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu

# Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0

# cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9v

# dENBLmNybDBPBgNVHSAESDBGMDgGCmCGSAGG/WwAAgQwKjAoBggrBgEFBQcCARYc

# aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAKBghghkgBhv1sAzAdBgNVHQ4E

# FgQUZ50PIAkMzIo65YJGcmL88cyQ5UAwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1Jgm

# GggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBAGoO/34TfAalS8AujPlTZAniuliR

# MFDszJ/h06gvSEY2GCnQeChfmFZADx66vbE7h1zcW9ggDe0aFk3VESQhS/EnaZAT

# 6xGhAdr9tU55WXW9OCpqw/aOQSuKoovXLFFR2ZygyONOumyoR9JO0WgfjAJXO7Mp

# ao5qICq58gBiZLrI6QD5zKTUupo12K8sZWwWfFgh3kow0PrrJF0GyZ0Wt61KRdMl

# 4gzwQKpcTax+zQaCuXZGaQjYMraC/uOpWDRDG45nZ5c/aDEWNjiVPof3x8OvnXp3

# Gdnek7X9biv8lPk9t0wSNSwwvuiNngVwmkgT9IzW5x6sOOeo860Mt3rsZ+0xggIs

# MIICKAIBATCBijB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j

# MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBT

# SEEyIEhpZ2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQQIQA7ShIT20JORyIag/

# jWOSyzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkq

# hkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGC

# NwIBFTAjBgkqhkiG9w0BCQQxFgQUZnCWswW5fflDOqkU2jB3F+Rk79cwDQYJKoZI

# hvcNAQEBBQAEggEAlivlLvwTiseHPHTxB80/VFlzFdOgXDPpOteKV6Fxd7gwwOw7

# iigp8m8Dro9kQhbabu/r++tq6JgZNJWNEdxJKl4TUiMadx88cJwLIA2WE8IUP18W

# /qSbp5Hb7BfdUld2gtBiqX/q1A01XZvN9k5/gx+o7oAXrAUHKr/4FvMjRwUcv9dR

# GT4QUxl6mSYwZTlKPd2mpL8zWUFaJWAfzPrjmRrgglCXON46gcdYwj5Z3cgUrLeZ

# qqoSlIDnBa+LgjWqCKr4TQhYR0cGdTJorfjDc4xZI5fy6whFtwFP+LMXfkCYeWuE

# 2ruQTc4XV/gvNKDQc1q7SRaUy0AnH+1Is5YkoA==

# SIG # End signature block