Infocyte

Infocyte can pivot off incidents to automate triage, validate events with forensic data and enabling dynamic response actions against any or all host using both agentless or agented endpoint access.

Endpoint · Infocyte

Configuration parameters

  • InstanceName — Instance Name (e.g., https://<cname>.infocyte.com) (required)
  • APIKey — API Key (required)
  • isFetch — Fetch incidents
  • incidentType — Incident type
  • max_fetch — Maximum number of incidents per fetch
  • first_fetch — Initial fetch time (days)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (12)

  • infocyte-collect-evidence

    Collects Forensic Evidence to an S3 bucket (data files, event logs, etc.)

  • infocyte-get-alerts

    Retrieves alerts triggered since the last alert was pulled.

  • infocyte-get-hostscanresult

    Retrieves results for a scan that was run on a target host.

  • infocyte-get-responseresult

    Gets the results of a response action.

  • infocyte-get-scanresult

    Retrieves metadata and results for a scan that was run against multiple hosts.

  • infocyte-get-taskstatus

    Gets the status of an Infocyte task (scan, response action, etc.).

  • infocyte-isolate-host

    Isolates a host to only communicate to Infocyte and other security tools.

  • infocyte-kill-process

    Kills a process on the target endpoint.

  • infocyte-recover-file

    Recovers a file on an endpoint to your defined recovery point (S3, FTP, share).

  • infocyte-restore-host

    Restores an isolated host.

  • infocyte-run-response

    Runs the named Infocyte extension on the target host.

  • infocyte-scan-host

    Initiates a scan (forensic collection) of the specified endpoint