infocyteapiquery 1.1.16

Used to get API data from Infocyte Cloud Instances into the pandas DataFrame

Infocyte API Query

Description:

Python module | Used to get API data from Infocyte Cloud Instances into the pandas DataFrame | Defaults to 90 days

Required Modules (Installed as prerequisite)

• requests (Addition)
• pandas (Addition)
• paginateit (Addition)
• tqdm (Addition)
• json
• subprocess
• re

Installation

pip install --upgrade infocyteapiquery

How to use API Query?

Takes 3 arguments:

• cname --> Cloud Instance Name <cname.infocyte.com>

• apikey --> APIKEY or the API Token

• apiquery --> API GET Method

   >>> from infocyteapiquery import infocyteapiquery as ic
   >>> cname = "m...n"
   >>> apikey = "J8ARPa3iQR6...8HGUkElBBXra4mdEq"
   >>> apiquery = "ModuleDetails"
   >>>
   >>> icdata = ic.query(cname, apikey, apiquery)
   Loading ModuleDetails:  100%|█████████████████████████████████████████████████████████████ | 9/9 Loop(s)
   >>>
   >>> icdata.shape
   (9183, 37)
   >>>
   >>> icdata.columns
   Index(['size', 'signatureType', 'serialNumber', 'subjectName', 'issuerName', 'timestampIssuer', 'timestampSubject', 'id', 'fileRepId', 'staticAnalysis', 'dynamicAnalysis', 'localBlacklist', 'localWhitelist', 'blacklist', 'whitelist',
  'malicious', 'notMalicious', 'suspicious', 'unknown', 'threatScore', 'threatName', 'threatWeight', 'compromised', 'failed', 'hasAvScan', 'avPositives', 'avTotal', 'synapse', 'flagId', 'flagName', 'flagColor', 'flagWeight',
  'name', 'path', 'managed', 'signed', 'md5', 'sha1', 'sha256', 'ssdeep'],
   (dtype='object')
  

How to use PowerShell Query?

Takes 3 arguments:

• cname --> Cloud Instance Name <cname.infocyte.com>

• apikey --> APIKEY or the API Token

• pscmd --> PowerShell Script Commands

   >>> from infocyteapiquery import infocyteapiquery as ic
   >>> cname = "m...n"
   >>> apikey = "J8ARPa3iQR6...8HGUkElBBXra4mdEq"
   >>> 
   >>>pscmd = '''
   ... $psvariable = Get-ICAlert
   ... ($psvariable).name
   ... '''
   >>> psdata = ic.ps(cname, apikey, pscmd)
   Loading : 100%|███████████████████████████████████████████████████████████████████████ | 1/1 Line(s)
   >>>
   >>> print(psdata)
   rdpwrap.dll
   calculator.exe
   rundll32.exe
   ...
   ...
   cmd.exe
   python.exe
   cmd.exe
  

How to use Encoded PowerShell Query?

Takes 3 arguments:

• cname --> Cloud Instance Name <cname.infocyte.com>

• apikey --> APIKEY or the API Token

• psecmd --> PowerShell Script Commands Support Pipe and Complex filters

   >>> from infocyteapiquery import infocyteapiquery as ic
   >>> cname = "m...n"
   >>> apikey = "J8ARPa3iQR6...8HGUkElBBXra4mdEq"
   >>> 
   >>>psecmd = '$man = Get-ICAlert;($man).name|Sort-Object|Get-Unique'
   >>> psedata = ic.pse(cname, apikey, psecmd)
   Loading : 100%|███████████████████████████████████████████████████████████████████████ | 1/1 Line(s)
   >>>
   >>> print(psedata)
   BitComet_1.74_setup.exe
   bitcomet_setup_EBTmD-1.exe
   calc.exe
   Calculator.exe
   calculator.exe
   Calculator.exe
   ...
   ...
   cmd.exe
   python.exe
  

Note: PowerShell output is extracted in string format (Refer PowerShell "ConvertTo" feature for more details)

Query and PowerShell Tips & Tricks

Please refer Wiki Section of Github for details. Wiki here

License

© 2021 Manjesh N

This repository is licensed under the Apache 2.0 license. See LICENSE for more details.