Infocyte
Infocyte can pivot off incidents to automate triage, validate events with forensic data and enabling dynamic response actions against any or all host using both agentless or agented endpoint access.
Endpoint · Infocyte
Configuration parameters
InstanceName— Instance Name (e.g., https://<cname>.infocyte.com) (required)APIKey— API Key (required)isFetch— Fetch incidentsincidentType— Incident typemax_fetch— Maximum number of incidents per fetchfirst_fetch— Initial fetch time (days)insecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (12)
-
infocyte-collect-evidenceCollects Forensic Evidence to an S3 bucket (data files, event logs, etc.)
-
infocyte-get-alertsRetrieves alerts triggered since the last alert was pulled.
-
infocyte-get-hostscanresultRetrieves results for a scan that was run on a target host.
-
infocyte-get-responseresultGets the results of a response action.
-
infocyte-get-scanresultRetrieves metadata and results for a scan that was run against multiple hosts.
-
infocyte-get-taskstatusGets the status of an Infocyte task (scan, response action, etc.).
-
infocyte-isolate-hostIsolates a host to only communicate to Infocyte and other security tools.
-
infocyte-kill-processKills a process on the target endpoint.
-
infocyte-recover-fileRecovers a file on an endpoint to your defined recovery point (S3, FTP, share).
-
infocyte-restore-hostRestores an isolated host.
-
infocyte-run-responseRuns the named Infocyte extension on the target host.
-
infocyte-scan-hostInitiates a scan (forensic collection) of the specified endpoint