InfocyteHUNTAPI

1.8.0

auth.ps1

                                # Helpers

$sslverificationcode = @"

        using System.Net.Security;

        using System.Security.Cryptography.X509Certificates;

        public static class TrustEverything

        {

                private static bool ValidationCallback(object sender, X509Certificate certificate, X509Chain chain,

                        SslPolicyErrors sslPolicyErrors) { return true; }

                public static void SetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = ValidationCallback; }

                public static void UnsetCallback() { System.Net.ServicePointManager.ServerCertificateValidationCallback = null; }

        }

"@

function _DisableSSLVerification {

    Write-Verbose "Disabling SSL Verification!"

    if (-not ([System.Management.Automation.PSTypeName]"TrustEverything").Type) {

        Add-Type -TypeDefinition $sslverificationcode

    }

    [TrustEverything]::SetCallback()

}

# Generate an API token in the web console's profile or admin section.

# You can save tokens and proxy info to disk as well with the -Save switch.

function Set-ICToken {

    [cmdletbinding()]

    [alias("Set-ICInstance")]

    param(

        [parameter(Mandatory=$true, HelpMessage="Infocyte Cloud Instance Name (e.g. 'clouddemo') or Full URL of Server/API (e.g. https://CloudDemo.infocyte.com)'")]

        [ValidateNotNullOrEmpty()]

        [alias("HuntServer")]

        [String]$Instance,

        [parameter(HelpMessage="API Token from Infocyte App. Omit if using saved credentials.")]

        [String]$Token,

        [parameter(HelpMessage="Proxy Address and port: e.g. '192.168.1.5:8080'")]

        [String]$Proxy,

        [String]$ProxyUser,

        [String]$ProxyPass,

        [Switch]$DisableSSLVerification,

        [parameter(HelpMessage="Will save provided token and proxy settings to disk for future use with this Infocyte Instance.")]

        [Switch]$Save

    )

    if ($DisableSSLVerification) {

        _DisableSSLVerification

    }

    Write-Verbose "Setting Security Protocol to TLS1.2"

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    [System.Net.ServicePointManager]::MaxServicePointIdleTime = 60000

    if ($Instance -match "https://*") {

        $Global:HuntServerAddress = $Instance

    } elseif ($Instance -match ".*infocyte.com") {

        $Global:HuntServerAddress = "https://$Instance"

    } else {

        $Global:HuntServerAddress = "https://$Instance.infocyte.com"

    }

    Write-Verbose "Setting Global API URL to $Global:HuntServerAddress/api"

    if ($IsWindows -OR $env:OS -match "windows") {

        $credentialfile = "$env:appdata/infocyte/credentials.json"

    } 

    else {

        $credentialfile = "$env:HOME/infocyte/credentials.json"

    }

    $Global:ICCredentials = @{}

    if (Test-Path $credentialfile) {

        (Get-Content $credentialfile | ConvertFrom-JSON).psobject.properties | ForEach-Object {

            $Global:ICCredentials[$_.Name] = $_.Value

        }

    } else {

        if (-NOT (Test-Path (Split-Path $credentialfile))) {

            New-Item -ItemType "directory" -Path (Split-Path $credentialfile) | Out-Null

        }

    }

    if ($Token) {

        # Set Token to global variable

        if ($Token.length -eq 64) {

                $Global:ICToken = $Token

                Write-Verbose "Setting Auth Token for $Global:HuntServerAddress to $Token"

        } else {

            Throw "Invalide token. Must be a 64 character string generated within your profile or admin panel within Infocyte HUNT's web console"

            return

        }

    } else {

        # Load from file

        if ($Global:ICCredentials[$Global:HuntServerAddress]) {

            Write-Verbose "Setting auth token from credential file: $credentialfile"

            $Global:ICToken = $Global:ICCredentials[$Global:HuntServerAddress]

        } else {

            Throw "No Token found for $($Global:HuntServerAddress) in credential file! Please provide credentials with -Save switch to save them to credential file first."

        }

    }

    if ($Proxy) {

            Write-Verbose "Infocyte API functions will use Proxy: $Proxy"

            $Global:Proxy = $Proxy

            if ($ProxyUser -AND $ProxyPass) {

                Write-Verbose "Infocyte API functions will now use Proxy User: $ProxyUser"

                $pw = ConvertTo-SecureString $ProxyPass -AsPlainText -Force

                $Global:ProxyCredential = New-Object System.Management.Automation.PSCredential ($ProxyUser, $pw)

            }

    } else {

        # Load from file

        $Global:Proxy = $Global:ICCredentials["Proxy"]

        if ($Global:Proxy) {

            Write-Verbose "Infocyte API functions will use Proxy config loaded from credential file: $($Global:Proxy)"

        }

        if ($Global:ICCredentials["ProxyUser"]) {

            $pw = ConvertTo-SecureString $Global:ICCredentials["ProxyPass"] -AsPlainText -Force

            $Global:ProxyCredential = New-Object System.Management.Automation.PSCredential ($Global:ICCredentials["ProxyPass"], $pw)

        }

    }

    #Test connection

    $ver = Get-ICAPI -Endpoint "Version"

    # Set initial default boxId (change with Set-ICBox) and test connection

    $box = Get-ICBox -Last 7 -Global

    if ($box) {

        Write-Verbose "Successfully connected to $Global:HuntServerAddress"

        $Global:ICCurrentBox = $box.id

        Write-Verbose "`$Global:ICCurrentBox is set to $($box.targetGroup)-$($box.name) [$($box.id)]"

        Write-Verbose "All analysis data & object retrieval will default to this box."

        Write-Verbose "Use Set-ICBox to change the default in this session."

    } else {

        Throw "Your connection to $Global:HuntServerAddress failed using Infocyte API URI: $Global:HuntServerAddress`nToken: $Global:ICToken`nProxy: $Global:Proxy`nProxyUser: $($Global:ICCredentials['ProxyUser'])"

    }

    if ($Save) {

        Write-Verbose "Saving Token and Proxy settings to credential file: $credentialfile"

        $Global:ICCredentials[$Global:HuntServerAddress] = $Global:ICToken

        if ($Proxy) {

            $Global:ICCredentials["Proxy"] = $Proxy

            if ($ProxyUser -AND $ProxyPass) {

                $Global:ICCredentials["ProxyUser"] = $ProxyUser

                $Global:ICCredentials["ProxyPass"] = $ProxyPass

            }

        }

        if (Test-Path $credentialfile) {

            # Archive current credential

            Write-Verbose "Previous credential file has been backed up."

            Copy-Item -Path $credentialfile -Destination "$($credentialfile)-OLD"

        }

        $Global:ICCredentials | ConvertTo-JSON | Out-File $credentialfile -Force

        Write-Verbose "Token, Hunt Server Address, and Proxy settings are stored on disk. Omit token and proxy arguments to use saved versions."

    } else {

        Write-Verbose "Token, Hunt Server Address, and Proxy settings are stored in global session variables for use in all IC cmdlets."

    }

    Return $true

}

# SIG # Begin signature block

# MIINFwYJKoZIhvcNAQcCoIINCDCCDQQCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB

# gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR

# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUGG+Ihh8NrK8voQXfFQchK48b

# zFigggpZMIIFITCCBAmgAwIBAgIQD1SHruUyzkN01AFx5d7oATANBgkqhkiG9w0B

# AQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD

# VQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFz

# c3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMB4XDTIwMTExNzAwMDAwMFoXDTIyMTEy

# OTIzNTk1OVowXjELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQH

# EwZBdXN0aW4xFjAUBgNVBAoTDUluZm9jeXRlLCBJbmMxFjAUBgNVBAMTDUluZm9j

# eXRlLCBJbmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNUhaEiZbu

# H7Q6oqA0uq0klkstXkdJU3eJukMrrLpxKdtFqtJwFXcSYp5G/WFlwDRJ8v8fisfp

# SiPS1WajFUHe3EWLh2oXjf44eQYVWQ8SqAn2J8dDLNJ5bWY0w7MD2GrSiTwN0Vi9

# X9pJKJDdm7mJo7bSlZ9p7XvNoraSAx/hkODalPSMvCIVAEOZutlzeWyJ4p0DbTDA

# kjQPF4EZ7JqxYXFeItoi0uYZQNEHbBxr+5SG45ziC8vuwyljIbo+mKD/PwT48OQl

# 9cdnI651Hz+r5kL3t48WvxYrAUJ7g8EJyw2uYnVnSroIC3TmUQHeXS6FuqeObuX7

# MqapBKRcTHvxAgMBAAGjggHFMIIBwTAfBgNVHSMEGDAWgBRaxLl7KgqjpepxA8Bg

# +S32ZXUOWDAdBgNVHQ4EFgQUxKDwshqav/aGaGVOFv67CuwSjcYwDgYDVR0PAQH/

# BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMHcGA1UdHwRwMG4wNaAzoDGGL2h0

# dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtY3MtZzEuY3JsMDWg

# M6Axhi9odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1hc3N1cmVkLWNzLWcx

# LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRw

# czovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAEEATCBhAYIKwYBBQUHAQEE

# eDB2MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTgYIKwYB

# BQUHMAKGQmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJB

# c3N1cmVkSURDb2RlU2lnbmluZ0NBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3

# DQEBCwUAA4IBAQByJW5tIcmouIY7tdngPLdEOM4FYqLGf9IjKPMS0s+NeTaP/0hp

# dmNeGFEvMozfgDA/gPFCUaRVJwy4rKsGnCznCE1YDA6UFDGZq3VLUbzC6GDP4aY8

# EbfDMbF54TVuOKRue9a6KnVE67gOj+g862qAR6fm/GdeO/KrdvCT1A7xbyg02cCq

# +QgdkYoxI3bsiUwgZ33I2rn2T2zSp8C+RX2bZ8rgtXHxgYLCJdayqMptRsPbxOlQ

# Z7dRhkQXg5D/PyUnpWASF+sLQQ0IMvx8ZKy/P01IhKU0pTJ8OFSYKwPLQnYm1Zp0

# JT/IXZ/tzmtY/StdhaCs3LlOkuHxl2iERxdtMIIFMDCCBBigAwIBAgIQBAkYG1/V

# u2Z1U0O1b5VQCDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UE

# ChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD

# VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAw

# WhcNMjgxMDIyMTIwMDAwWjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl

# cnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdp

# Q2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMIIBIjANBgkqhkiG

# 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+NOzHH8OEa9ndwfTCzFJGc/Q+0WZsTrbRPV/

# 5aid2zLXcep2nQUut4/6kkPApfmJ1DcZ17aq8JyGpdglrA55KDp+6dFn08b7KSfH

# 03sjlOSRI5aQd4L5oYQjZhJUM1B0sSgmuyRpwsJS8hRniolF1C2ho+mILCCVrhxK

# hwjfDPXiTWAYvqrEsq5wMWYzcT6scKKrzn/pfMuSoeU7MRzP6vIK5Fe7SrXpdOYr

# /mzLfnQ5Ng2Q7+S1TqSp6moKq4TzrGdOtcT3jNEgJSPrCGQ+UpbB8g8S9MWOD8Gi

# 6CxR93O8vYWxYoNzQYIH5DiLanMg0A9kczyen6Yzqf0Z3yWT0QIDAQABo4IBzTCC

# AckwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAww

# CgYIKwYBBQUHAwMweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8v

# b2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRp

# Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6

# MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3Vy

# ZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E

# aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwTwYDVR0gBEgwRjA4BgpghkgBhv1s

# AAIEMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw

# CgYIYIZIAYb9bAMwHQYDVR0OBBYEFFrEuXsqCqOl6nEDwGD5LfZldQ5YMB8GA1Ud

# IwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBCwUAA4IBAQA+

# 7A1aJLPzItEVyCx8JSl2qB1dHC06GsTvMGHXfgtg/cM9D8Svi/3vKt8gVTew4fbR

# knUPUbRupY5a4l4kgU4QpO4/cY5jDhNLrddfRHnzNhQGivecRk5c/5CxGwcOkRX7

# uq+1UcKNJK4kxscnKqEpKBo6cSgCPC6Ro8AlEeKcFEehemhor5unXCBc2XGxDI+7

# qPjFEmifz0DLQESlE/DmZAwlCEIysjaKJAL+L3J+HNdJRZboWR3p+nRka7LrZkPa

# s7CM1ekN3fYBIM6ZMWM9CBoYs4GbT8aTEAb8B4H6i9r5gkn3Ym6hU/oSlBiFLpKR

# 6mhsRDKyZqHnGKSaZFHvMYICKDCCAiQCAQEwgYYwcjELMAkGA1UEBhMCVVMxFTAT

# BgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEx

# MC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENvZGUgU2lnbmluZyBD

# QQIQD1SHruUyzkN01AFx5d7oATAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEK

# MAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3

# AgELMQ4wDAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUZnCWswW5fflDOqkU

# 2jB3F+Rk79cwDQYJKoZIhvcNAQEBBQAEggEAde1uqtlpzbu3hFCh7lLx4zxVYIsE

# ZigmXiVQbnStBd1mW8BIql50qvxHvrhx8vnfs5T7EGQgRPvZY4uXf3G3BQ7Ye9b1

# PyC0jNLvK6aEopP72XgjhrDuNR4/mzDTD2PrbUdSWHXwS8gZ/kzIwf28EwQVbwVr

# gR1EHfAa9v2XXEbBQckuC6yPIokmXoq7g6v/WJ3HoXyG8r4B4ONpoR2RlXheZl/O

# PMfdTDf+iEiZqoemtnTfQkcnAupsRwOm6fO2ayAcdnYKRi27u3OI/wAb6BEkTNaQ

# liz1O7Wq2g9+EFz98Bt9FWp9TdeATy21Znw3LszcplF8yMigQQqbHfPeZw==

# SIG # End signature block