jan-tee / tietzeio.cyshell Goto Github PK
View Code? Open in Web Editor NEWA Powershell module to interface with Cylance APIs
License: Other
A Powershell module to interface with Cylance APIs
License: Other
New-CylanceZone -Name 'Whatever' -Policy $policy -Criticality (High|Medium|Low)
Not all memory violations can be set via CyShell, missing types are
RAM Scraping
Malicious Payload
DYLD Injection (macOS and Linux only)
Zero Allocate
How to reproduce:
connect-cylance goatnet
$p = New-CylancePolicy -Name somenewtest
$p.memoryviolation_actions.memory_violations
violation_type action
lsassread Alert
outofprocessunmapmemory Alert
stackpivot Alert
stackprotect Alert
outofprocessoverwritecode Alert
outofprocesscreatethread Alert
overwritecode Alert
outofprocesswritepe Alert
outofprocessallocation Alert
outofprocessmap Alert
outofprocesswrite Alert
outofprocessapc Alert
foreach($a in $p.memoryviolation_actions.memory_violations){
$a.action = "Block"
}
$p.memoryviolation_actions.memory_violations
violation_type action
lsassread Block
outofprocessunmapmemory Block
stackpivot Block
stackprotect Block
outofprocessoverwritecode Block
outofprocesscreatethread Block
overwritecode Block
outofprocesswritepe Block
outofprocessallocation Block
outofprocessmap Block
outofprocesswrite Block
outofprocessapc Block
Update-CylancePolicy -Policy $p
When calling Invoke-CylanceDetectionRuleAnalysis it always shows that "Cache is not initialized" even if the cache has been initialized previously.
How to reproduce:
$a = get-cylancedetections
$a[44]
id : e4d0856b-36ca-4955-89a7-dd4e42ee3d69
PhoneticId : E4D0-856B
Status : New
Severity : High
Device : W********40L
DetectionRuleName : Cylance Security Masquerader
OccurrenceTime : 7/1/2019 12:46:32 PM
ReceivedTime : 7/1/2019 12:46:30 PM
$a | ?{$_.DetectionRuleName -eq " Cylance Security Masquerader"}
<no output>
Expected filtered output
@jan-tee now readable
How do we change the status of a detection by detection rule name and command line.
The below command is not working, any help is much appreciated.
Get-CylanceDetections | where DetectionRuleName -like "SVC*" |Get-CylanceDetection |Get-CylanceArtifact| where commandline -like โmsmpengโ | Update-CyDetection -Status 'False Positive'
Error:
I received a 403 Forbidden error when running Sync-CylanceCache. After troubleshooting, I determined the token I was using did not have access to OPTICS rules, thus the sync was failing to complete. Once I gave the token access, the cache sync'd perfectly.
Should the commandlet skip what you don't have access to, or allow you to choose which caches you would like to download.
When We run Get-CylanceDevices | Get-CylanceDevice | Export-Csv 'C:\data.csv', I do not see zone information.
I need this info to filter out the devices in certain zones.
Any suggestions?
Get-CylanceDetectionRule throws the following error on two of the rules in Optics:
Network Share Connection Removal (MITRE)
Bash History Modification (MITRE)
Error:
Get-CylanceDetectionRule : Error reading string. Unexpected token: StartArray. Path 'Operands[0].Data', line 1, position 579.
At /Users/tfigueroa/OneDrive - Cylance/ps_scripts/dl_all_rules_to_json.ps1:9 char:12
+ $xxx | Get-CylanceDetectionRule
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-CylanceDetectionRule], JsonReaderException
+ FullyQualifiedErrorId : Newtonsoft.Json.JsonReaderException,TietzeIO.CyShell.Cmdlets.DetectionRule.GetCylanceDetectionRule
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.