This is a collection of different MVISION EDR integration scripts.
To authenticate against the MVISION EDR API, client credentials need to be generated with the MVISION EDR Credential Generator first.
-
Log on to MVISION EPO Console using your credentials
-
Go to "Appliance and Server Registration" page from the menu
-
Click on "Add" button
-
Choose client type "MVISION Endpoint Detection and Response"
-
Enter number of clients (1)
-
Click on the "Save" button
-
Copy the "Token" value from the table under the section "MVISION Endpoint Detection and Response"
-
Pass the token value as the input parameter to the mvision_edr_creds_generator.py script
-
The script will generate the client_id, client_secret and print on the output console / writes the output to a file (optional)
-
Use the client_id, client_secret for authentication against the MVISION EDR API
MVISION EDR Action History: This is a script to retrieve the action history from MVISION EDR.
MVISION EDR Activity Feeds Script: This is a script to consume activity feeds from MVISION EDR. The script contains various modules to ingest trace data into e.g. ServiceNow, TheHive, Syslog or Email.
MVISION EDR Device Search: This is a script to query the device search in MVISION EDR.
MVISION EDR Real-Time-Search and Reaction Script: This is a collections of scripts that will start RTS for hashes or process and provides the ability to execute reactions.
MVISION EDR Threats: This is a script to retrieve the threat detections from MVISION EDR (Monitoring Dashboard).