infocyteapiquery 1.1.16
Infocyte API Query
Description:
Python module | Used to get API data from Infocyte Cloud Instances into the pandas DataFrame | Defaults to 90 days
Required Modules (Installed as prerequisite)
requests (Addition)
pandas (Addition)
paginateit (Addition)
tqdm (Addition)
json
subprocess
re
Installation
pip install --upgrade infocyteapiquery
How to use API Query?
Takes 3 arguments:
cname --> Cloud Instance Name <cname.infocyte.com>
apikey --> APIKEY or the API Token
apiquery --> API GET Method
>>> from infocyteapiquery import infocyteapiquery as ic
>>> cname = "m...n"
>>> apikey = "J8ARPa3iQR6...8HGUkElBBXra4mdEq"
>>> apiquery = "ModuleDetails"
>>>
>>> icdata = ic.query(cname, apikey, apiquery)
Loading ModuleDetails: 100%|█████████████████████████████████████████████████████████████ | 9/9 Loop(s)
>>>
>>> icdata.shape
(9183, 37)
>>>
>>> icdata.columns
Index(['size', 'signatureType', 'serialNumber', 'subjectName', 'issuerName', 'timestampIssuer', 'timestampSubject', 'id', 'fileRepId', 'staticAnalysis', 'dynamicAnalysis', 'localBlacklist', 'localWhitelist', 'blacklist', 'whitelist',
'malicious', 'notMalicious', 'suspicious', 'unknown', 'threatScore', 'threatName', 'threatWeight', 'compromised', 'failed', 'hasAvScan', 'avPositives', 'avTotal', 'synapse', 'flagId', 'flagName', 'flagColor', 'flagWeight',
'name', 'path', 'managed', 'signed', 'md5', 'sha1', 'sha256', 'ssdeep'],
(dtype='object')
How to use PowerShell Query?
Takes 3 arguments:
cname --> Cloud Instance Name <cname.infocyte.com>
apikey --> APIKEY or the API Token
pscmd --> PowerShell Script Commands
>>> from infocyteapiquery import infocyteapiquery as ic
>>> cname = "m...n"
>>> apikey = "J8ARPa3iQR6...8HGUkElBBXra4mdEq"
>>>
>>>pscmd = '''
... $psvariable = Get-ICAlert
... ($psvariable).name
... '''
>>> psdata = ic.ps(cname, apikey, pscmd)
Loading : 100%|███████████████████████████████████████████████████████████████████████ | 1/1 Line(s)
>>>
>>> print(psdata)
rdpwrap.dll
calculator.exe
rundll32.exe
...
...
cmd.exe
python.exe
cmd.exe
How to use Encoded PowerShell Query?
Takes 3 arguments:
cname --> Cloud Instance Name <cname.infocyte.com>
apikey --> APIKEY or the API Token
psecmd --> PowerShell Script Commands Support Pipe and Complex filters
>>> from infocyteapiquery import infocyteapiquery as ic
>>> cname = "m...n"
>>> apikey = "J8ARPa3iQR6...8HGUkElBBXra4mdEq"
>>>
>>>psecmd = '$man = Get-ICAlert;($man).name|Sort-Object|Get-Unique'
>>> psedata = ic.pse(cname, apikey, psecmd)
Loading : 100%|███████████████████████████████████████████████████████████████████████ | 1/1 Line(s)
>>>
>>> print(psedata)
BitComet_1.74_setup.exe
bitcomet_setup_EBTmD-1.exe
calc.exe
Calculator.exe
calculator.exe
Calculator.exe
...
...
cmd.exe
python.exe
Note: PowerShell output is extracted in string format (Refer PowerShell "ConvertTo" feature for more details)
Query and PowerShell Tips & Tricks
Please refer Wiki Section of Github for details. Wiki here
License
© 2021 Manjesh N
This repository is licensed under the Apache 2.0 license. See LICENSE for more details.
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.