chg: [doc] some more examples

main
Alexandre Dulaunoy 2021-06-01 12:22:26 +02:00
parent daa4ae1436
commit 6944a40980
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 120 additions and 0 deletions

120
README.md
View File

@ -38,6 +38,126 @@ Searching for all the known items in CyCAT about the MITRE ATT&CK T1216 returns
]
~~~
### Fetch item by UUID
~~~
curl -X 'GET' \
'https://api.cycat.org/lookup/4cd29327-685a-460e-9dac-c3ab96e549dc' \
-H 'accept: application/json'
~~~
~~~json
{
"description": "Detects Execution via SyncInvoke in CL_Invocation.ps1 module",
"raw": "author: oscd.community, Natalia Shornikova\ndate: 2020/10/14\ndescription: Detects Execution via SyncInvoke in CL_Invocation.ps1 module\ndetection:\n condition: selection\n selection:\n EventID: 4104\n ScriptBlockText|contains|all:\n - CL_Invocation.ps1\n - SyncInvoke\nfalsepositives:\n- Unknown\nid: 4cd29327-685a-460e-9dac-c3ab96e549dc\nlevel: high\nlogsource:\n product: windows\n service: powershell\nmodified: 2021/05/21\nreferences:\n- https://github.com/LOLBAS-Project/LOLBAS/blob/master/yml/OSScripts/Cl_invocation.yml\n- https://twitter.com/bohops/status/948061991012327424\nstatus: experimental\ntags:\n- attack.defense_evasion\n- attack.t1216\ntitle: Execution via CL_Invocation.ps1\n",
"sigma:id": "4cd29327-685a-460e-9dac-c3ab96e549dc",
"title": "Execution via CL_Invocation.ps1",
"_cycat_type": "Item"
}
~~~
### Fetch relationships of an UUID
~~~
curl -X 'GET' \
'https://api.cycat.org/relationships/fbd29c89-18ba-4c2d-b792-51c0adee049f' \
-H 'accept: application/json'
~~~
~~~json
[
"24bfaeba-cb0d-4525-b3dc-507c77ecec41",
"b21c3b2d-02e6-45b1-980b-e69051040839",
"e6919abc-99f9-4c6c-95a5-14761e7b2add",
"cb69b20d-56d0-41ab-8440-4a4b251614d4",
"2dc2b567-8821-49f9-9045-8740f3d0b958",
"692074ae-bb62-4a5e-a735-02cb6bde458c",
"b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"837f9164-50af-4ac0-8219-379d8a74cefc",
"df8b2a25-8bdf-4856-953c-a04372b1c161",
"8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
"e85cae1a-bce3-4ac4-b36b-b00acac0567b",
"005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"fb8d023d-45be-47e9-bc51-f56bcae6435b",
"b76b2d94-60e4-4107-a903-4a3a7622fb3b",
"3433a9e8-1c47-4320-b9bf-ed449061d1c3",
"910906dd-8c0a-475a-9cc1-5e029e2fad58",
"cf23bf4a-e003-4116-bbae-1ea6c558d565",
"13cd9151-83b7-410d-9f98-25d0f0d1d80d",
"afc079f3-c0ea-4096-b75d-3f05338b7f60",
"ef67e13e-5598-4adc-bdb2-998225874fa9",
"2b742742-28c3-4e1b-bab7-8350d6300fa7",
"be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"9efb1ea7-c37b-4595-9640-b7680cd84279",
"c5e3cdbc-0387-4be9-8f83-ff5c0865f377",
"03342581-f790-4f03-ba41-e82e67392e23",
"4b57c098-f043-4da2-83ef-7588a6d426bc",
"db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
"232b7f21-adf9-4b42-b936-b9d6f7df856e",
"2a70812b-f1ef-44db-8578-a496a227aef2",
"6add2ab5-2711-4e9d-87c8-7a0be8531530",
"f5352566-1a64-49ac-8f7f-97e1d1a03300",
"b17a1a56-e99c-403c-8948-561df0cffe81",
"3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
"00f90846-cbd1-4fc5-9233-df5c2bf2a662",
"3257eb21-f9a7-4430-8de1-d8b6e288f529",
"04fd5427-79c7-44ea-ae13-11b24778ff1c",
"65f2d882-3f41-4d48-8a06-29af77ec9f90",
"970a3432-3237-47ad-bcca-7d8cbb217736",
"b18eae87-b469-4e14-b454-b171b416bc18",
"dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"b4d80f8b-d2b9-4448-8844-4bef777ed676",
"c848fcf7-6b62-4bde-8216-b6c157d48da0",
"648f995e-9c3a-41e4-aeee-98bb41037426",
"90ac9266-68ce-46f2-b24f-5eb3b2a8ea38",
"8dbadf80-468c-4a62-b817-4e4d8b606887",
"f232fa7a-025c-4d43-abc7-318e81a73d65",
"2e34237d-8574-43f6-aace-ae2915de8597"
]
~~~
### Full-text search on CyCAT backend
~~~
curl -X 'GET' \
'https://api.cycat.org/search/APT33' \
-H 'accept: application/json'
~~~
Will return all the UUIDs matching the keyword queried. Then the returned UUIDs can be used to find relationships and corresponding items.
~~~
[
"db1355a7-e5c9-4e2c-8da7-eccf2ae9bf5c",
"fbd29c89-18ba-4c2d-b792-51c0adee049f",
"4f69ec6d-cb6b-42af-b8e2-920a2aa4be10",
"2a70812b-f1ef-44db-8578-a496a227aef2",
"2a70812b-f1ef-44db-8578-a496a227aef2",
"8dbadf80-468c-4a62-b817-4e4d8b606887",
"fab34d66-5668-460a-bc0f-250b9417cdbf",
"e85cae1a-bce3-4ac4-b36b-b00acac0567b",
"5de6335d-e128-4bc0-87e2-4db4950d210f",
"08d5b8a4-e752-48f3-ac6d-944807146ce7",
"15dd8386-f11a-485a-b719-440c0a47dee6",
"ab603f29-9c10-4fb0-9fa3-e123fad11a31",
"cfdb02f2-a767-4abb-b04c-333a02cdd7e2",
"0c5bc5c8-5136-413a-bc5a-e13333271f49",
"f9aa9004-8811-4091-a471-38f81dbcadc4",
"5086a6e0-53b2-4d96-9eb3-a0237da2e591",
"8a789016-5f8d-4cd9-ba96-ba253db42fd8",
"f29b7c5e-2439-42ad-a86f-9f8984fafae3",
"1acd0c6c-7aff-462e-94ff-7544b1692740",
"accd848b-b8f4-46ba-a408-9063b35cfbf2",
"2894aee2-e0ec-417a-811e-74a68ab967b2",
"05252643-093b-4070-b62f-d5836683a9fa",
"b18eae87-b469-4e14-b454-b171b416bc18",
"588fb91d-59c6-4667-b299-94676d48b17b",
"036bd099-fe80-46c2-9c4c-e5c6df8dcdee",
"d29eb927-d53d-4af2-b6ce-17b3a1b34fe7"
]
~~~
## Crawler