GitHub - anykeypress/PSCortex: Get endpoints, incidents and alerts from the Cortex XDR API

PSCortex

Get endpoints, incidents and alerts from the Cortex XDR API.

First of all you have to obtain a API Key and API Key ID: Get Started with Cortex XDR APIs

Install-Module -Name PSCortex

Store API Key ID and API Key as $Credential and pass it to Initialize-CortexConfig.

$Credential = Get-Credential
Initialize-CortexConfig -TenantName yourcompany -SecurityLevel Advanced -Region EU -Credential $Credential

Get All Endpoints. Returns a list of all endpoints with a limited number of properties.

Get-CortexEndpointList

Get Endpoints where status is lost and Delete Endpoints. Running Get-CortexEndpoint without parameters will return all endpoints.

$LostEndpoints = Get-CortexEndpoint -EndpointStatus Lost
Remove-CortexEndpoint -EndpointId $LostEndpoints.EndpointId -WhatIf

Get Incidents. Running Get-CortexIncident without parameters will return all incidents.

Get-CortexIncident -Status New

Get Alerts. Running Get-CortexAlert without parameters will return all alerts.

Get-CortexAlert -Severity High

Get Audit Agent Reports. Running Get-CortexAuditAgentReport without parameters will return all reports.

Get-CortexAuditAgentReport -Category Status

Get Audit Management Logs. Running Get-CortexAuditManagementLog without parameters will return all logs.

Get-CortexAuditManagementLog -CreatedAfter (Get-Date).AddDays(-7)

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
PSCortex		PSCortex
images		images
.gitattributes		.gitattributes
LICENSE		LICENSE
README.md		README.md