auth.ps1
# Helpers $sslverificationcode = @" using System.Net.Security; using System.Security.Cryptography.X509Certificates; public static class TrustEverything { private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; } public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; } } "@ function _DisableSSLVerification { Write-Verbose "Disabling SSL Verification!" if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type) { Add-Type -TypeDefinition $sslverificationcode } [TrustEverything]::SetCallback() } # Generate an API token in the web console's profile or admin section. # You can save tokens and proxy info to disk as well with the -Save switch. function Set-ICToken { [cmdletbinding()] [alias("Set-ICInstance")] param( [parameter(Mandatory=$true, HelpMessage="Infocyte Cloud Instance Name (e.g. 'clouddemo') or Full URL of Server/API (e.g. https://CloudDemo.infocyte.com)'")] [ValidateNotNullOrEmpty()] [alias("HuntServer")] [String]$Instance, [parameter(HelpMessage="API Token from Infocyte App. Omit if using saved credentials.")] [String]$Token, [parameter(HelpMessage="Proxy Address and port: e.g. '192.168.1.5:8080'")] [String]$Proxy, [String]$ProxyUser, [String]$ProxyPass, [Switch]$DisableSSLVerification, [parameter(HelpMessage="Will save provided token and proxy settings to disk for future use with this Infocyte Instance.")] [Switch]$Save ) if ($DisableSSLVerification) { _DisableSSLVerification } Write-Verbose "Setting Security Protocol to TLS1.2" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 [System.Net.ServicePointManager]::MaxServicePointIdleTime = 60000 if ($Instance -match "https://*") { $Global:HuntServerAddress = $Instance } elseif ($Instance -match ".*infocyte.com") { $Global:HuntServerAddress = "https://$Instance" } else { $Global:HuntServerAddress = "https://$Instance.infocyte.com" } Write-Verbose "Setting Global API URL to $Global:HuntServerAddress/api" if ($IsWindows -OR $env:OS -match "windows") { $credentialfile = "$env:appdata/infocyte/credentials.json" } else { $credentialfile = "$env:HOME/infocyte/credentials.json" } $Global:ICCredentials = @{} if (Test-Path $credentialfile) { (Get-Content $credentialfile | ConvertFrom-JSON).psobject.properties | ForEach-Object { $Global:ICCredentials[$_.Name] = $_.Value } } else { if (-NOT (Test-Path (Split-Path $credentialfile))) { New-Item -ItemType "directory" -Path (Split-Path $credentialfile) | Out-Null } } if ($Token) { # Set Token to global variable if ($Token.length -eq 64) { $Global:ICToken = $Token Write-Verbose "Setting Auth Token for $Global:HuntServerAddress to $Token" } else { Throw "Invalide token. Must be a 64 character string generated within your profile or admin panel within Infocyte HUNT's web console" return } } else { # Load from file if ($Global:ICCredentials[$Global:HuntServerAddress]) { Write-Verbose "Setting auth token from credential file: $credentialfile" $Global:ICToken = $Global:ICCredentials[$Global:HuntServerAddress] } else { Throw "No Token found for $($Global:HuntServerAddress) in credential file! Please provide credentials with -Save switch to save them to credential file first." } } if ($Proxy) { Write-Verbose "Infocyte API functions will use Proxy: $Proxy" $Global:Proxy = $Proxy if ($ProxyUser -AND $ProxyPass) { Write-Verbose "Infocyte API functions will now use Proxy User: $ProxyUser" $pw = ConvertTo-SecureString $ProxyPass -AsPlainText -Force $Global:ProxyCredential = New-Object System.Management.Automation.PSCredential ($ProxyUser, $pw) } } else { # Load from file $Global:Proxy = $Global:ICCredentials["Proxy"] if ($Global:Proxy) { Write-Verbose "Infocyte API functions will use Proxy config loaded from credential file: $($Global:Proxy)" } if ($Global:ICCredentials["ProxyUser"]) { $pw = ConvertTo-SecureString $Global:ICCredentials["ProxyPass"] -AsPlainText -Force $Global:ProxyCredential = New-Object System.Management.Automation.PSCredential ($Global:ICCredentials["ProxyPass"], $pw) } } #Test connection $ver = Get-ICAPI -Endpoint "Version" # Set initial default boxId (change with Set-ICBox) and test connection $box = Get-ICBox -Last 7 -Global if ($box) { Write-Verbose "Successfully connected to $Global:HuntServerAddress" $Global:ICCurrentBox = $box.id Write-Verbose "`$Global:ICCurrentBox is set to $($box.targetGroup)-$($box.name) [$($box.id)]" Write-Verbose "All analysis data & object retrieval will default to this box." Write-Verbose "Use Set-ICBox to change the default in this session." } else { Throw "Your connection to $Global:HuntServerAddress failed using Infocyte API URI: $Global:HuntServerAddress`nToken: $Global:ICToken`nProxy: $Global:Proxy`nProxyUser: $($Global:ICCredentials['ProxyUser'])" } if ($Save) { Write-Verbose "Saving Token and Proxy settings to credential file: $credentialfile" $Global:ICCredentials[$Global:HuntServerAddress] = $Global:ICToken if ($Proxy) { $Global:ICCredentials["Proxy"] = $Proxy if ($ProxyUser -AND $ProxyPass) { $Global:ICCredentials["ProxyUser"] = $ProxyUser $Global:ICCredentials["ProxyPass"] = $ProxyPass } } if (Test-Path $credentialfile) { # Archive current credential Write-Verbose "Previous credential file has been backed up." Copy-Item -Path $credentialfile -Destination "$($credentialfile)-OLD" } $Global:ICCredentials | ConvertTo-JSON | Out-File $credentialfile -Force Write-Verbose "Token, Hunt Server Address, and Proxy settings are stored on disk. Omit token and proxy arguments to use saved versions." } else { Write-Verbose "Token, Hunt Server Address, and Proxy settings are stored in global session variables for use in all IC cmdlets." } Return $true } # SIG # Begin signature block # MIINOAYJKoZIhvcNAQcCoIINKTCCDSUCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUGG+Ihh8NrK8voQXfFQchK48b # zFigggp2MIIFHzCCBAegAwIBAgIQA7ShIT20JORyIag/jWOSyzANBgkqhkiG9w0B # AQsFADB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBTSEEyIEhp # Z2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQTAeFw0xODA5MTIwMDAwMDBaFw0y # MDExMTgxMjAwMDBaMF4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEPMA0G # A1UEBxMGQXVzdGluMRYwFAYDVQQKEw1JbmZvY3l0ZSwgSW5jMRYwFAYDVQQDEw1J # bmZvY3l0ZSwgSW5jMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzcR # GuszlupWLdmtti4glKsr6SS2sp370yioc2XyIwPzU/etsBQa41x6VO7HXjtSXSry # p3SYaoLPQmBiAzKjDP6dzu0l7cQFbwPMky3SGqrC3Wr+Kw/qoMgn3wKBxzPJ53Gj # s1oxNwyz2N7FwN977vErW9C/FgM/XuE7Zde/HGl3oxTJNtY++BG2Ri3rwi5hNbzV # 5+avrJFW1DzHVBXYxbrE9vNy4V6s7dlZT2xZoJ3AtHoBCUMgHRKii3wHgFRaxiuz # 6XzlvHzmnh02KUfoV6cX++bP4bRtsJjmvrfJV+Mhlh/MhUidhhQQx0spLIfxv+vZ # OACP5jLm0g2fj4G4VQIDAQABo4IBvzCCAbswHwYDVR0jBBgwFoAUZ50PIAkMzIo6 # 5YJGcmL88cyQ5UAwHQYDVR0OBBYEFBqi6MjBKip4kQYxVCjC7yOrUHWFMA4GA1Ud # DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzBtBgNVHR8EZjBkMDCgLqAs # hipodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1jcy1nMS5jcmwwMKAu # oCyGKmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLWNzLWcxLmNybDBM # BgNVHSAERTBDMDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3 # dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEEATCBiAYIKwYBBQUHAQEEfDB6MCQG # CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wUgYIKwYBBQUHMAKG # Rmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJIaWdoQXNz # dXJhbmNlQ29kZVNpZ25pbmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B # AQsFAAOCAQEABnQP0mJYXNzfz4pMCc4FbQ9qe8NjloGuIlUgXaxlFAoMKZWMueXq # mciPWULaE+Wd5ChTuNsrWKG7bWYYWmmo7C1RWhdZhQT/C+k3lFcsSr6gdXAXiOmv # 3xv3d3oqfNe19G6jt6akQ6LjEauRw4xKinoK/S61Pw9c1KtEAGT8djgX74h433fy # FPiQd//ePnihKN+GXRCeLvSaDGuVrhHuI6UUhe3MK2/Nb8MzFddwkOOdpky1HBn4 # 8oFEAOzbrTVTTv4BWLNRvAiY8UO3D2Kt322UuAdXIKNxWB94UaFt2jg2QsRkTHGQ # MmbQ8OgMIWWNcE9RcVKuobYbzUAGPoMimTCCBU8wggQ3oAMCAQICEAt+EJA8OEkP # +i9nmoehp7kwDQYJKoZIhvcNAQELBQAwbDELMAkGA1UEBhMCVVMxFTATBgNVBAoT # DERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UE # AxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTAeFw0xMzEwMjIx # MjAwMDBaFw0yODEwMjIxMjAwMDBaMHYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE # aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xNTAzBgNVBAMT # LERpZ2lDZXJ0IFNIQTIgSGlnaCBBc3N1cmFuY2UgQ29kZSBTaWduaW5nIENBMIIB # IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEpefQcPQd7E9XYWNr1x/88/ # T3NLnNEN/krLV1hehRbdAhVUmfCPPC9NAngQaMjYNUs/wfdnzpgcrjO5LR2kClST # xIWi3zWx9fE8p7M0+11IyUbJYkS8SJnrKElTwz2PwA7eNZjpYlHfPWtAYe4EQdrP # p1xWltH5TLdEhIeYaeWCuRPmVb/IknCSCjFvf4syq89rWp9ixD7uvu1ZpFN/C/FS # iIp7Cmcky5DN7NJNNEyw4bWfnMb2byzN5spTdAGfZzXeOEktzu05RIIZeU4asrX7 # u3jwSWanz/pclnWSixpy2f9QklPMPsJDMgkahhNpPPuBMjMyZHVzKCYdCDA7BwID # AQABo4IB4TCCAd0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYw # EwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQGCCsGAQUFBzAB # hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKGPWh0dHA6Ly9j # YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RD # QS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu # Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9v # dENBLmNybDBPBgNVHSAESDBGMDgGCmCGSAGG/WwAAgQwKjAoBggrBgEFBQcCARYc # aHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAKBghghkgBhv1sAzAdBgNVHQ4E # FgQUZ50PIAkMzIo65YJGcmL88cyQ5UAwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1Jgm # GggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBAGoO/34TfAalS8AujPlTZAniuliR # MFDszJ/h06gvSEY2GCnQeChfmFZADx66vbE7h1zcW9ggDe0aFk3VESQhS/EnaZAT # 6xGhAdr9tU55WXW9OCpqw/aOQSuKoovXLFFR2ZygyONOumyoR9JO0WgfjAJXO7Mp # ao5qICq58gBiZLrI6QD5zKTUupo12K8sZWwWfFgh3kow0PrrJF0GyZ0Wt61KRdMl # 4gzwQKpcTax+zQaCuXZGaQjYMraC/uOpWDRDG45nZ5c/aDEWNjiVPof3x8OvnXp3 # Gdnek7X9biv8lPk9t0wSNSwwvuiNngVwmkgT9IzW5x6sOOeo860Mt3rsZ+0xggIs # MIICKAIBATCBijB2MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTUwMwYDVQQDEyxEaWdpQ2VydCBT # SEEyIEhpZ2ggQXNzdXJhbmNlIENvZGUgU2lnbmluZyBDQQIQA7ShIT20JORyIag/ # jWOSyzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkq # hkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGC # NwIBFTAjBgkqhkiG9w0BCQQxFgQUZnCWswW5fflDOqkU2jB3F+Rk79cwDQYJKoZI # hvcNAQEBBQAEggEAlivlLvwTiseHPHTxB80/VFlzFdOgXDPpOteKV6Fxd7gwwOw7 # iigp8m8Dro9kQhbabu/r++tq6JgZNJWNEdxJKl4TUiMadx88cJwLIA2WE8IUP18W # /qSbp5Hb7BfdUld2gtBiqX/q1A01XZvN9k5/gx+o7oAXrAUHKr/4FvMjRwUcv9dR # GT4QUxl6mSYwZTlKPd2mpL8zWUFaJWAfzPrjmRrgglCXON46gcdYwj5Z3cgUrLeZ # qqoSlIDnBa+LgjWqCKr4TQhYR0cGdTJorfjDc4xZI5fy6whFtwFP+LMXfkCYeWuE # 2ruQTc4XV/gvNKDQc1q7SRaUy0AnH+1Is5YkoA== # SIG # End signature block |