InfocyteHUNTAPI

1.8.0

InfocyteHUNTAPI.psm1

                                #Variables

$GUID_REGEX = "^[A-Z0-9]{8}-([A-Z0-9]{4}-){3}[A-Z0-9]{12}$"

Write-Verbose "Importing Infocyte HUNT API Powershell Module"

$PS = $PSVersionTable.PSVersion.tostring()

if ($PSVersionTable.PSVersion.Major -lt 5) {

  Write-Warning "Powershell Version not supported. Install version 5.x or higher"

  return

} else {

    Write-Verbose "Checking PSVersion [Minimum Supported: 5.0]: PASSED [$PS]!`n"

}

function Get-ICHelp {

  $Version = (Get-Module -Name InfocyteHUNTAPI).Version.ToString()

    Write-Host "Infocyte Powershell Module version $Version"

    Write-Host "Pass your Infocyte API Token into Set-ICToken to connect to an instance of Infocyte."

    Write-Host "`tThis will store your login token and server into a global variable for use by the other commands"

    Write-Host "`n"

    Write-Host "## Help ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICHelp`n"

    Write-Host "## Authentication Functions ##"

    Write-Host -ForegroundColor Cyan "`tSet-ICToken (alias: Set-ICInstance)`n"

    Write-Host "## Generic API Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICAPI, Invoke-ICAPI`n"

    Write-Host "## Extension Development Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICExtension, Get-ICExtension, Update-ICExtension, Remove-ICExtension,"

    Write-Host -ForegroundColor Cyan "`tTest-ICExtension (Runs the extension locally for testing"

    Write-Host -ForegroundColor Cyan "`tImport-ICExtension -> Loads an extension into your instance "

    Write-Host -ForegroundColor Cyan "`tImport-ICOfficialExtensions -> Imports all official extensions from Infocyte`n" 

    Write-Host "## Rule Development Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICRule, Get-ICRule, Update-ICRule, Remove-ICRule,"

    Write-Host -ForegroundColor Cyan "`tTest-ICRule (Runs the extension locally for testing"

    Write-Host -ForegroundColor Cyan "`tImport-ICRule -> Loads an extension into your instance "

    Write-Host -ForegroundColor Cyan "`tImport-ICOfficialRules -> Imports all official extensions from Infocyte`n" 

    Write-Host "## Admin/Misc Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICUser, Get-ICUserAuditLog,"

    Write-Host -ForegroundColor Cyan "`tAdd-ICComment", "Get-ICDwellTime`n"

    Write-Host "## Target Group Management Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICTargetGroup, Get-ICTargetGroup, Remove-ICTargetGroup,"

    Write-Host -ForegroundColor Cyan "`tNew-ICCredential, Get-ICCredential, Remove-ICCredential,"

    Write-Host -ForegroundColor Cyan "`tNew-ICQuery, Get-ICQuery, Remove-ICQuery,"

    Write-Host -ForegroundColor Cyan "`tGet-ICAddress, Remove-ICAddress,"

    Write-Host -ForegroundColor Cyan "`tGet-ICAgent, Remove-ICAgent`n"

    Write-Host "## Task Status Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICTask, Get-ICTaskItems`n"

    Write-Host "## Scanning Functions ##"

    Write-Host -ForegroundColor Cyan "`tNew-ICScanOptions"

    Write-Host -ForegroundColor Cyan "`tInvoke-ICFindHosts, Invoke-ICScan"

    Write-Host "## Offline Scan Import Functions ##"

    Write-Host -ForegroundColor Cyan "`tImport-ICSurvey`n"

    Write-Host "## Response Functions ##"

    Write-Host -ForegroundColor Cyan "`tInvoke-ICScanTarget -> Scans the specified host"

    Write-Host -ForegroundColor Cyan "`tInvoke-ICResponse -> Runs an extension on a specified host"

    Write-Host -ForegroundColor Cyan "`tGet-ICHostScanResult, Get-ICResponseResult`n"

    Write-Host "## Analysis Data Retrieval Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICScan`n"

    Write-Host -ForegroundColor Cyan "`tGet-ICBox, Set-ICBox -> Boxes are 7 (default), 30, or 90 day aggregations"

    Write-Host -ForegroundColor Cyan "`tGet-ICObject (alias: Get-ICData) -> The primary data retrieval function"

    Write-Host -ForegroundColor Cyan "`tGet-ICVulnerability, Get-ICNote"

    Write-Host -ForegroundColor Cyan "`tGet-ICAlert, Get-ICFileDetail, Get-ICActivityTrace`n"

    Write-Host "## Cloud App Compliance Functions ##"

    Write-Host -ForegroundColor Cyan "`tGet-ICComplianceResults"

    Write-Host "`n"

    Write-Host "FAQ:"

    Write-Host "- Most data within HUNT are tagged and filterable by Scan (" -NoNewLine

    Write-Host -ForegroundColor Cyan "scanId" -NoNewLine

    Write-Host "), Time Boxes (" -NoNewLine

    Write-Host -ForegroundColor Cyan "boxId" -NoNewLine

    Write-Host "), and Target Groups (" -NoNewLine

    Write-Host -ForegroundColor Cyan "targetGroupId" -NoNewLine

    Write-Host ")"

    Write-Host "- Time Boxes are Last 7, 30, and 90 Day filters for all data within range"

    Write-Host "- GET Results are capped at $resultlimit results unless you use -NoLimit`n----------------`n"

    Write-Host "Examples:"

    Write-Host -ForegroundColor Cyan 'PS> Set-ICInstance -Instance "clouddemo" -Token ASDFASDASFASDASF -Save'

    Write-Host -ForegroundColor Cyan 'PS> $Box = Get-ICBox -Last30 | where { $_.TargetGroup -eq "Brooklyn Office"}'

    Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type Process -BoxId $Box.Id -NoLimit'

    Write-Host 'Using custom loopback filters: [HashTable]$where = @{ term1 = "asdf1"; term2 = "asdf2" }'

    Write-Host 'Note: Best time format is ISO 8601 or Get-Dates type code "o". i.e. 2019-05-03T00:37:40.0056344-05:00'

    Write-Host 'For more information on filtering, see loopbacks website here: https://loopback.io/doc/en/lb2/Where-filter.html'

    Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type File -BoxId $Box.Id -where @{ path = @{ regexp = "/roaming/i" } }'

    Write-Host -ForegroundColor Cyan 'PS> $customfilter = @{ threatName = "Unknown"; modifiedOn = @{ gt = $((Get-Date).AddDays(-10).GetDateTimeFormats('o')) }; size = @{ lt = 1000000 } }'

    Write-Host -ForegroundColor Cyan 'PS> Get-ICObject -Type Artifact -BoxId $Box.Id -where $customfilter'

    Write-Host "Offline Scan Processing Example (Default Target Group = OfflineScans):"

    Write-Host -ForegroundColor Cyan 'PS> Import-ICSurvey -Path .\surveyresult.json.gz'

    Write-Host "Offline Scan Processing Example (Default Target Group = OfflineScans):"

    Write-Host -ForegroundColor Cyan 'PS> Get-ICTargetGroup'

    Write-Host -ForegroundColor Cyan 'PS> Get-ChildItem C:\FolderOfSurveyResults\ -filter *.json.gz | Import-ICSurvey -Path .\surveyresult.json.gz -TargetGroupId b3fe4271-356e-42c0-8d7d-01041665a59b'

}

# Read in all ps1 files

. "$PSScriptRoot\requestHelpers.ps1"

. "$PSScriptRoot\auth.ps1"

. "$PSScriptRoot\data.ps1"

. "$PSScriptRoot\targetgroupmgmt.ps1"

. "$PSScriptRoot\status.ps1"

. "$PSScriptRoot\scan.ps1"

. "$PSScriptRoot\scan_schedule.ps1"

. "$PSScriptRoot\admin.ps1"

. "$PSScriptRoot\extensions.ps1"

. "$PSScriptRoot\rules.ps1"

Install-Module powershell-yaml -AcceptLicense -SkipPublisherCheck

# SIG # Begin signature block

# MIINFwYJKoZIhvcNAQcCoIINCDCCDQQCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB

# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR

# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUJC9pSf1QK2ju2ewoVDU/RHmE

# wqygggpZMIIFITCCBAmgAwIBAgIQD1SHruUyzkN01AFx5d7oATANBgkqhkiG9w0B

# AQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD

# VQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFz

# c3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMB4XDTIwMTExNzAwMDAwMFoXDTIyMTEy

# OTIzNTk1OVowXjELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQH

# EwZBdXN0aW4xFjAUBgNVBAoTDUluZm9jeXRlLCBJbmMxFjAUBgNVBAMTDUluZm9j

# eXRlLCBJbmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNUhaEiZbu

# H7Q6oqA0uq0klkstXkdJU3eJukMrrLpxKdtFqtJwFXcSYp5G/WFlwDRJ8v8fisfp

# SiPS1WajFUHe3EWLh2oXjf44eQYVWQ8SqAn2J8dDLNJ5bWY0w7MD2GrSiTwN0Vi9

# X9pJKJDdm7mJo7bSlZ9p7XvNoraSAx/hkODalPSMvCIVAEOZutlzeWyJ4p0DbTDA

# kjQPF4EZ7JqxYXFeItoi0uYZQNEHbBxr+5SG45ziC8vuwyljIbo+mKD/PwT48OQl

# 9cdnI651Hz+r5kL3t48WvxYrAUJ7g8EJyw2uYnVnSroIC3TmUQHeXS6FuqeObuX7

# MqapBKRcTHvxAgMBAAGjggHFMIIBwTAfBgNVHSMEGDAWgBRaxLl7KgqjpepxA8Bg

# +S32ZXUOWDAdBgNVHQ4EFgQUxKDwshqav/aGaGVOFv67CuwSjcYwDgYDVR0PAQH/

# BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMHcGA1UdHwRwMG4wNaAzoDGGL2h0

# dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtY3MtZzEuY3JsMDWg

# M6Axhi9odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1hc3N1cmVkLWNzLWcx

# LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRw

# czovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEEATCBhAYIKwYBBQUHAQEE

# eDB2MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTgYIKwYB

# BQUHMAKGQmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJB

# c3N1cmVkSURDb2RlU2lnbmluZ0NBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3

# DQEBCwUAA4IBAQByJW5tIcmouIY7tdngPLdEOM4FYqLGf9IjKPMS0s+NeTaP/0hp

# dmNeGFEvMozfgDA/gPFCUaRVJwy4rKsGnCznCE1YDA6UFDGZq3VLUbzC6GDP4aY8

# EbfDMbF54TVuOKRue9a6KnVE67gOj+g862qAR6fm/GdeO/KrdvCT1A7xbyg02cCq

# +QgdkYoxI3bsiUwgZ33I2rn2T2zSp8C+RX2bZ8rgtXHxgYLCJdayqMptRsPbxOlQ

# Z7dRhkQXg5D/PyUnpWASF+sLQQ0IMvx8ZKy/P01IhKU0pTJ8OFSYKwPLQnYm1Zp0

# JT/IXZ/tzmtY/StdhaCs3LlOkuHxl2iERxdtMIIFMDCCBBigAwIBAgIQBAkYG1/V

# u2Z1U0O1b5VQCDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UE

# ChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD

# VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAw

# WhcNMjgxMDIyMTIwMDAwWjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl

# cnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdp

# Q2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMIIBIjANBgkqhkiG

# 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+NOzHH8OEa9ndwfTCzFJGc/Q+0WZsTrbRPV/

# 5aid2zLXcep2nQUut4/6kkPApfmJ1DcZ17aq8JyGpdglrA55KDp+6dFn08b7KSfH

# 03sjlOSRI5aQd4L5oYQjZhJUM1B0sSgmuyRpwsJS8hRniolF1C2ho+mILCCVrhxK

# hwjfDPXiTWAYvqrEsq5wMWYzcT6scKKrzn/pfMuSoeU7MRzP6vIK5Fe7SrXpdOYr

# /mzLfnQ5Ng2Q7+S1TqSp6moKq4TzrGdOtcT3jNEgJSPrCGQ+UpbB8g8S9MWOD8Gi

# 6CxR93O8vYWxYoNzQYIH5DiLanMg0A9kczyen6Yzqf0Z3yWT0QIDAQABo4IBzTCC

# AckwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAww

# CgYIKwYBBQUHAwMweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8v

# b2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRp

# Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6

# MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy

# ZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E

# aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwTwYDVR0gBEgwRjA4BgpghkgBhv1s

# AAIEMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw

# CgYIYIZIAYb9bAMwHQYDVR0OBBYEFFrEuXsqCqOl6nEDwGD5LfZldQ5YMB8GA1Ud

# IwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBCwUAA4IBAQA+

# 7A1aJLPzItEVyCx8JSl2qB1dHC06GsTvMGHXfgtg/cM9D8Svi/3vKt8gVTew4fbR

# knUPUbRupY5a4l4kgU4QpO4/cY5jDhNLrddfRHnzNhQGivecRk5c/5CxGwcOkRX7

# uq+1UcKNJK4kxscnKqEpKBo6cSgCPC6Ro8AlEeKcFEehemhor5unXCBc2XGxDI+7

# qPjFEmifz0DLQESlE/DmZAwlCEIysjaKJAL+L3J+HNdJRZboWR3p+nRka7LrZkPa

# s7CM1ekN3fYBIM6ZMWM9CBoYs4GbT8aTEAb8B4H6i9r5gkn3Ym6hU/oSlBiFLpKR

# 6mhsRDKyZqHnGKSaZFHvMYICKDCCAiQCAQEwgYYwcjELMAkGA1UEBhMCVVMxFTAT

# BgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEx

# MC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENvZGUgU2lnbmluZyBD

# QQIQD1SHruUyzkN01AFx5d7oATAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEK

# MAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3

# AgELMQ4wDAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUbP3xE/6lGS2rrYwh

# M0MzMr7jusgwDQYJKoZIhvcNAQEBBQAEggEAG7gcH051tVa5XYcA/AmI1kSvXtVC

# Yf7p//UqA5OkRf6cCERPFGEk93HHENJTRrZzDLleItG69Gk29+HfVTpjlSp3CM4K

# h230newCSduYo1rGDNaGINBnjDpe6k6w/Y5eN5wRVmaNDnOBxZbzLrPcXYAx+TpV

# X02tpHS+P+fx2kZXx/xkRlTzRfI6qtpsjbqO17U+jrb9sNhu8t8GApJlURzVxbWi

# Z8wbqFwOTLtivCBrMJQ7xtNx/GtuJcQa7PtwJuPanlUsv0aHbho0D8LPtDf6318V

# DjiQrUpiGh3QzZ+a9hfebPJQkNSwwickp5aKV9Zh5BTzzTTAcZPkVx8STw==

# SIG # End signature block