-
Notifications
You must be signed in to change notification settings - Fork 0
Securonix.CLI.SCC
Get an entities threat model.
Get-SecuronixEntityThreatModel
[-Url] <string>
[-Token] <string>]
[-DocumentId] <string>
[-TenantName <string>]
Get-SecuronixEntityThreatModel makes an API call to the sccWidget/GetEntityThreatDetails Securonix Web API with the supplied parameters. If the token and parameters are valid, the API responds with an object containing the entities threat model and policies violated.
Request
Get-SecuronixEntityThreatModel -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -DocumentId '2^~A^~7|NULL|AW2385^~C^~1^~EP^~66)'
Response
{
"Response": {
"Total records": 1,
"threats": [{
"tenantid": 2,
"tenantname": "India",
"violator": "Activityaccount",
"entityid": "AW2385",
"resourcegroupname": "ADEventDataSecond28Oct2020",
"threatname": "TM - Catch all activity accounts on 2nd AD Data set 28 Oct 2020",
"category": "ALERT",
"resourcename": "ADEVENTDATASECOND28OCT2020",
"generationtime": "Wed, 28 Oct 2020 @ 07:25:40 AM",
"generationtime_epoch": 1603887940344,
"policies": [
"Test_IEE_ActivityAccount",
"Test_IEE_NetworkAddress"
]
}]
}
}
Get-SecuronixEntityThreatModel -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -DocumentId '2^~A^~7|NULL|AW2385^~C^~1^~EP^~66)' -TenantName 'PA-Scranton'
Url endpoint for your Securonix instance. It must be in the following format:
https://<hostname or IPaddress>/Snypr
Valid authentication token.
A required API Parameter, enter a RiskScore document ID.
Enter the name of the tenant the threat model belongs to. This parameter is optional for non-MSSP.
Securonix 6.4 REST API Categories - Security Command Center
Get a list of threats from Securonix.
Get-SecuronixThreatList
[-Url] <string>
[-Token] <string>
[-TimeStart] <string>
[-TimeEnd] <string>
[-Offset <int>]
[-Max <int>]
[-TenantName <string>]
Get-SecuronixThreatList makes an API call to the sccWidget/GetThreats Securonix Web API with the supplied parameters. If the token and parameters are valid, the API responds with an object containing a list of threats.
Request
Get-SecuronixThreatList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -TimeStart 299721600 -TimeEnd 299807999
Response
{
"Response": {
"Total records": 863778,
"offset": 0,
"max": 1000,
"threats": [{
"tenantid": 2,
"tenantname": "a1t1said",
"violator": "RTActivityAccount",
"entityid": "TESTUSER-FEB 01 01:26:12-33593400",
"resourcegroupname": "RG_TestA",
"threatname": "Test_ThreatModel",
"category": "ALERT",
"resourcename": "TEST-HOST-QALAB.LOCAL",
"resourcetype": "RT_TestA",
"generationtime": "Tue, 1 Feb 2022 @ 02:06:23 AM",
"generationtime_epoch": 1643702783965,
"policies": [
"Test_IEE_ActivityAccount",
"Test_IEE_NetworkAddress"
]
}]
}
}
Get-SecuronixThreatList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -TimeStart 299721600 -TimeEnd 299807999 -TenantName 'PA-Scranton'
Url endpoint for your Securonix instance. It must be in the following format:
https://<hostname or IPaddress>/Snypr
Valid authentication token.
A required API Parameter, enter starting point for the search. Time (epoch) in ms or Date Time in 'mm/dd/YYYY HH:MM:SS-00'.
A required API Parameter, enter ending point for the search. Time (epoch) in ms or Date Time in 'mm/dd/YYYY HH:MM:SS-00'.
An optional API Parameter, used for pagination of the request.
An optional API Parameter, enter maximum number of records the API will display.
Enter the name of the tenant the threat model belongs to. This parameter is optional for non-MSSP.
Securonix 6.4 REST API Categories - Security Command Center
Get a list of top threats from Securonix.
Get-SecuronixTopThreatsList
[[-Url]<string>]
[[-Token]<string>]
[[-Days]<int>]
[-Offset <int>]
[-Max <int>]
Get-SecuronixTopThreatsList
[[-Url]<string>]
[[-Token]<string>]
[[-Hours]<int>]
[-Offset <int>]
[-Max <int>]
Get-SecuronixThreatsList makes an API call to the sccWidget/GetTopThreats Securonix Web API with the supplied parameters. If the token and parameters are valid, the API responds with an object containing a list of top threats for the supplied time range.
Request
Get-SecuronixTopThreatsList-Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Days 90
Response
{
"Response": {
"Date range": [
"Jun 11, 2018 11:18:09 AM",
"Sep 9, 2018 11:18:09 AM"
],
"Total records": 8,
"Docs": [
{
"Threat model id": 118,
"Threat nodel name": "Patient Data Compromise",
"Description": "No of Stages: 4, Risk Scoring Scheme:STATIC, Weight:100.0",
"Criticality": "Low",
"No of violator": 1,
"Generation time": 1532388410500
},{
"Threat model id": 194,
"Threat nodel name": "Privileged IT User-Sabotage",
"Description": "No of Stages: 4, Risk Scoring Scheme:STATIC, Weight:100.0",
"Criticality": "Medium",
"No of violator": 1,
"Generation time": 1532372629487
}
]
}
}
Get-SecuronixTopThreatsList-Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Hours 12 -Max 10
Url endpoint for your Securonix instance. It must be in the following format:
https://<hostname or IPaddress>/Snypr
Valid authentication token.
A required API Parameter, enter the number of days to search. Not required if specifying Hours.
A required API Parameter, enter the number of hours to search. Not required if specifying Days.
An optional API Parameter, used for pagination of the request.
An optional API Parameter, enter maximum number of records the API will display.
Securonix 6.4 REST API Categories - TopN
Get a list of top threats from Securonix.
Get-SecuronixTopViolationsList
[[-Url]<string>]
[[-Token]<string>]
[[-Days]<int>]
[-Offset <int>]
[-Max <int>]
Get-SecuronixTopViolationsList
[[-Url]<string>]
[[-Token]<string>]
[[-Hours]<int>]
[-Offset <int>]
[-Max <int>]
Get-SecuronixTopViolationsList makes an API call to the sccWidget/GetTopViolations Securonix Web API with the supplied parameters. If the token and parameters are valid, the API responds with an object containing a list of top violations for the supplied time range.
Request
Get-SecuronixTopViolationsList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Days 90
Response
{
"Response": {
"Date range": [
"Jun 11, 2018 11:25:55 AM",
"Sep 9, 2018 11:25:55 AM"
],
"Total records": 38,
"Docs": [
{
"Policy id": 9237,
"Policy name": "Email to Competitor Domain",
"Criticality": "Medium",
"Violation entity": "Activityaccount",
"Policy category": "ALERT",
"Threat indicator": "Email to Competitor Domain",
"Generation time": 1533250072115,
"No of violator": 14,
"Description": "Email to Competitor Domain"
},{
"Policy id": 9236,
"Policy name": "Abnormal number of emails sent to external domain as compared to peer members",
"Criticality": "Low",
"Violation entity": "Activityaccount",
"Policy category": "ALERT",
"Threat indicator": "Abnormal number of emails sent to external domain as compared to peer members",
"Generation time": 1533171483400,
"No of violator": 1,
"Description": "Abnormal number of emails sent to external domain as compared to peer members"
}
]
}
}
Get-SecuronixTopViolationsList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Hours 12 -Max 10
Url endpoint for your Securonix instance. It must be in the following format:
https://<hostname or IPaddress>/Snypr
Valid authentication token.
A required API Parameter, enter the number of days to search. Not required if specifying Hours.
A required API Parameter, enter the number of hours to search. Not required if specifying Days.
An optional API Parameter, used for pagination of the request.
An optional API Parameter, enter maximum number of records the API will display.
Securonix 6.4 REST API Categories - TopN
Get a list of top violators from the Securonix Command Center.
Get-SecuronixTopViolatorsList
[[-Url]<string>]
[[-Token]<string>]
[[-Days]<int>]
[-Offset <int>]
[-Max <int>]
Get-SecuronixTopViolatorsList
[[-Url]<string>]
[[-Token]<string>]
[[-Hours]<int>]
[-Offset <int>]
[-Max <int>]
Get-SecuronixTopViolatorsList makes an API call to the sccWidget/GetTopViolators Securonix Web API with the supplied parameters. If the token and parameters are valid, the API responds with an object containing a list of top violations for the supplied time range.
Request
Get-SecuronixTopViolatorsList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Days 90
Response
{
"Response": {
"Date range": [
"Jun 11, 2018 11:28:44 AM",
"Sep 9, 2018 11:28:44 AM"
],
"Total records": 10,
"Docs": [
{
"Name": "212274BB375846F85252DBD2CCBE7AE4 8E2657AD25B3904CCC449C202598B9B0 ",
"Violator entity": "Users",
"Risk score": 202.4,
"Generation time": 1529035574167,
"Department": "E2DE4125FB3335921E1CC05ED00C504A1E0BBBA898C335B9BA10B29F657B9401\t"
},{
"Name": "ACF8393CF33B5115506E12D9520EDD15 0CC721E95079DA18955B82AA67F5A4F9 ",
"Violator entity": "Users",
"Risk score": 140.48,
"Generation time": 1532053492068,
"Department": "6A2B422B8F594566BA327664B83594383D1FDE1BF5ED4FC39165D247B21CBF50\t"
},
]
}
}
Get-SecuronixTopViolatorsList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Hours 12 -Max 10
Get-SecuronixTopViolatorsList -Url 'DunderMifflin.securonix.com/Snypr' -Token '12345678-90AB-CDEF-1234-567890ABCDEF' -Days 7 -Max 10 -Name 'Jim Halpert'
Url endpoint for your Securonix instance. It must be in the following format:
https://<hostname or IPaddress>/Snypr
Valid authentication token.
A required API Parameter, enter the number of days to search. Not required if specifying Hours.
A required API Parameter, enter the number of hours to search. Not required if specifying Days.
An optional API Parameter, used for pagination of the request.
An optional API Parameter, enter maximum number of records the API will display.
An optional API Parameter, enter the name of the user to view related Top Violators.