Skip to content

Latest commit

 

History

History
 
 

iocs

README.md

Edit-CsIoc

Update an IOC by providing a type and value

References

Documentation, Swagger

Parameters

-Type: The type of the indicator

-Value: The string representation of the indicator

-Body: A hashtable of IOC properties to modify

Example

PS> Edit-CsIoc -Type <string> -Value <string> -Body @(@{ source = <string>; description = <string> })

Get-CsIoc

Search the custom IOCs in your account

References

Documentation, Swagger

Parameters

-Type: Type of the indicator

-Value: String representation of the indicator

-After: Find custom IOCs created after this time (RFC-3339 timestamp)

-Before: Find custom IOCs created before this time (RFC-3339 timestamp)

-Policy: Find custom IOCs within a policy [default: 'detect']

-Source: Source where this indicator originated

-Share: Share level of indicator [default: 'red']

-CreatedBy: User who created the custom IOC

-DeletedBy: User who deleted the custom IOC

-Deleted: Include deleted IOCs [default: False]

-Limit: The maximum records to return [default: 500]

-Offset: The offset to start retrieving records from [default: 0]

-All: Repeat requests until all results are retrieved

Example

PS> Get-CsIoc

Get-CsIocHostId

Find Host IDs that have observed a custom IOC

References

Documentation, Swagger

Parameters

-Type: The type of the indicator

-Value: The string representation of the indicator

-Limit: The maximum records to return [default: 100]

-Offset: The offset to start retrieving records from [default: 0]

-All: Repeat requests until all results are retrieved

Example

PS> Get-CsIocHostId -Type <string> -Value <string>

Get-CsIocInfo

Get details about a custom IOC

References

Documentation, Swagger

Parameters

-Type: The type of the indicator

-Value: The string representation of the indicator

Example

PS> Get-CsIocInfo -Type <string> -Value <string>

Get-CsIocProcessId

Find processes on a Host associated with a custom IOC

References

Documentation, Swagger

Parameters

-Type: The type of the indicator

-Value: The string representation of the indicator

-Id: Target Host ID

-Limit: The maximum records to return [default: 100]

-Offset: The offset to start retrieving records from [default: 0]

-All: Repeat requests until all results are retrieved

Example

PS> Get-CsIocProcessId -Type <string> -Value <string> -Id <string>

Get-CsIocProcessInfo

Return details about Process IDs

References

Documentation, Swagger

Parameters

-Id: Target Process IDs

Example

PS> Get-CsIocProcessInfo -Id @(<string>, <string>)

New-CsIoc

Create a new IOC

References

Documentation, Swagger

Parameters

-Body: An array of IOC properties

Example

PS> New-CsIoc -Body @(@{ type = <string>; value = <string>; policy = <string>})

Remove-CsIoc

Delete an IOC by providing a type and value

References

Documentation, Swagger

Parameters

-Type: The type of the indicator

-Value: The string representation of the indicator

Example

PS> Remove-CsIoc -Type <string> -Value <string>