Skip to content
/ Block-AMPFile Public

Add a SHA256 hash to your Cisco AMP custom detections list

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cbshearer/Block-AMPFile

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
script
script
 
 
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
block-AMPfile.psm1
block-AMPfile.psm1
 
 

Repository files navigation

block-AMPFile

  • Use PowerShell to add one or more SHA256 hashes to your Cisco AMP simple custom detections list.
  • You need your own API credential pair.
  • Cisco AMP API Documentation.

To use the module

  • Import the module
PS C:\temp> Import-Module .\block-AMPFile.psm1
  • If you want to install the module for long-term use
    • See Microsoft documentation.
    • Shortcut - just copy to its own folder in this location: $Env:ProgramFiles\WindowsPowerShell\Modules
PS C:\temp> copy .\block-AMPFile.psm1 $Env:ProgramFiles\WindowsPowerShell\Modules\block-AMPFile\block-AMPFile.psm1

  • Change parameters on the following lines:

    • 24: AMP Client ID
    • 25: AMP Key
    • 36: GUID - If there isn't one saved on this line, an extra API call is run every time and the value of the GUID is displayed at the console.

  • Mandatory parameter

  • Examples:

block-AMPFile -f bd32fccef3e226d3f22d6ccbd2e74b53e04d087d6cd2fb45ebfd7431ace1a5b1
block-AMPFile 160e934c01f0137b5ff230b7d1fa6c782a3fd80c5df43b6286c56634b6042c87,7c138b4db5f2cf643f1933f5d746ae36811cf0bc3325af82b4d0cf268351bac4

About

Add a SHA256 hash to your Cisco AMP custom detections list

Topics

cisco powershell powershell-script powershell-module cisco-amp cisco-amp-api custom-detections

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Languages