Skip to content
/ tg-amp-03-get-samples-add-to-scd Public

Get samples from Threat Grid and add the SHA256 to AMP Simple Custom Detection

1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

CiscoSecurity/tg-amp-03-get-samples-add-to-scd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
get_samples_add_sha256_to_scd.py
get_samples_add_sha256_to_scd.py
 
 

Repository files navigation

Gitter chat

Get samples from Threat Grid and add the SHA256 to AMP for Endpoint Simple Custom Detection:

This is an example script for getting samples that score 95 or greater in Threat Grid and adding their SHA256's to a Simple Custom Detection in AMP for Endpoints. This script is intended to show the bare minimum required to query Threat Grid and POST to a Simple Custom Detection list. It is in no way production ready and should not be used in a production environment.

Before using you must update the following:

  • tg_api_key
  • amp_client_id
  • amp_api_key
  • scd_guid

Usage:

python get_samples_add_sha256_to_scd.py

Example script output:

b6eab2191d00eac62989f7a0309e5c07cdf5dfc566756c4910dbc12664096480 - Successfully added to SCD
8a1a0c32f0cb66d5053d00e766d02b4db9443ccfd61e62ee62d921b27beeeb15 - Successfully added to SCD
08d1f13364d0545366318872894e8085758bb0cf69dd5755b9538c1fe0f9ff09 - Successfully added to SCD

About

Get samples from Threat Grid and add the SHA256 to AMP Simple Custom Detection

Topics

amp-for-endpoints threat-grid

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages