Smokescreen IllusionBLACK

Smokescreen IllusionBLACK is a deception-based threat defense platform designed to accurately and efficiently detect targeted threats including reconnaissance, lateral movement, malware-less attacks, social engineering, Man-in-the-Middle attacks, and ransomware in real-time.

Deception & Breach Simulation · Smokescreen IllusionBLACK

Configuration parameters

  • url — Server URL (e.g. https://example.net) (required)
  • client_id — IllusionBLACK API Client Id (required)
  • token — IllusionBLACK External API Token (required)
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings
  • first_fetch — First fetch time for fetching incidents (2 days, 3 weeks, etc)
  • isFetch — Fetch incidents
  • incidentType — Incident type

Commands (8)

  • illusionblack-get-ad-decoys

    Gets a list of Active Directory decoys.

  • illusionblack-get-event-by-id

    Gets a single event by the event ID.

  • illusionblack-get-events

    Gets events from IllusionBLACK.

  • illusionblack-get-network-decoys

    Gets a list of Network decoys.

  • illusionblack-get-ti-decoys

    Gets a list of Threat Intel decoys.

  • illusionblack-is-host-decoy

    Checks if a host or IP address is a network decoy.

  • illusionblack-is-subdomain-decoy

    Checks if a subdomain is a Threat Intel decoy.

  • illusionblack-is-user-decoy

    Checks if an Active Directory user is a decoy.