Skip to content

Latest commit

 

History

History
42 lines (29 loc) · 2.09 KB

README.md

File metadata and controls

42 lines (29 loc) · 2.09 KB

MVISION EDR Integrations

This is a collection of different MVISION EDR integration scripts.

Client Credential Generator

To authenticate against the MVISION EDR API, client credentials need to be generated with the MVISION EDR Credential Generator first.

  1. Log on to MVISION EPO Console using your credentials

  2. Go to "Appliance and Server Registration" page from the menu

    1

  3. Click on "Add" button

  4. Choose client type "MVISION Endpoint Detection and Response"

  5. Enter number of clients (1)

    2

  6. Click on the "Save" button

  7. Copy the "Token" value from the table under the section "MVISION Endpoint Detection and Response"

    3

  8. Pass the token value as the input parameter to the mvision_edr_creds_generator.py script

  9. The script will generate the client_id, client_secret and print on the output console / writes the output to a file (optional)

  10. Use the client_id, client_secret for authentication against the MVISION EDR API

Sample Scripts

MVISION EDR Action History: This is a script to retrieve the action history from MVISION EDR.

MVISION EDR Activity Feeds Script: This is a script to consume activity feeds from MVISION EDR. The script contains various modules to ingest trace data into e.g. ServiceNow, TheHive, Syslog or Email.

MVISION EDR Device Search: This is a script to query the device search in MVISION EDR.

MVISION EDR Real-Time-Search and Reaction Script: This is a collections of scripts that will start RTS for hashes or process and provides the ability to execute reactions.

MVISION EDR Threats: This is a script to retrieve the threat detections from MVISION EDR (Monitoring Dashboard).