Skip to content
/ Add-TAPMalwareToAMP Public

Add Proofpoint TAP Malware findings to Cisco AMP Simple Custom Detections list using PowerShell

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cbshearer/Add-TAPMalwareToAMP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.gitattributes
.gitattributes
 
 
Add-TAPMalwareToAMP.ps1
Add-TAPMalwareToAMP.ps1
 
 
README.md
README.md
 
 
credentials.csv
credentials.csv
 
 

Repository files navigation

Add-TAPMalwareToAMP

Use PowerShell to add Proofpoint TAP Malware findings to Cisco AMP Simple Custom Detections list.

This works well running as a scheduled task; perhaps every 15 minutes for detections within previous 901 seconds.

Input

  • Enter your TAP API and Cisco AMP API credentials in the $credfile (c:\scripts\credentials.csv)
  • Uses the location c:\scripts\ for the log and credential file.
  • The variable $seconds sets how far back in the past to look for TAP data - maximum API limit of 3600 is the default.
  • The script gets the GUID of your AMP 'Simple Custom Detections' list, once you know it, you can set it permanently as the variable $GUID (Line 77).

Processing

  • If there are results with the classification 'MALWARE' then get the threat hashes and save them in an array.
  • Loop through the unique hashes in the array and add them to Cisco AMP 'Simple Custom Detections'.

Output

  • The hash of any file added is displayed on the screen.

About

Add Proofpoint TAP Malware findings to Cisco AMP Simple Custom Detections list using PowerShell

Topics

powershell malware powershell-script proofpoint proofpoint-tap-api cisco-amp cisco-amp-api proofpoint-tap

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages