Infocyte Cloud instances do not come equipped with a Report Scheduler. We can solve for this by installing the Powershell Module for Infocyte, using Windows Task Scheduler, and the resources included in this article.
|Applicable to||Cloud Only|
|Endpoints||Any (Windows on one machine required to run script, Powershell, and Task Scheduler)|
|Release Date||March 2020|
- Be familiar with and have installed the Infocyte Powershell Module.
- Have a Windows 10 or Windows Server 2016 machine that is always on and connected to the internet. An Infocyte Controller should suffice provided it meets the OS Requirements.
- An API Token, generated in the Infocyte Cloud console and stored locally on the machine running the script. Compliance/Security concerns are the responsibility of the implementer and not Infocyte.
- Download the script and config file at the bottom of this article and place it on the "C:\" drive. You can place it in another location as long as you amend the command to point to the custom path.
- Open the "apiConfig.json" file and set the "huntServer" to your instance URL (e.g. "myinfocyteinstance.infocyte.com") and the "ICToken" to your API Token. Save the file in the same directory as the "generateReportGlobalLast30.ps1" script. There are also other configurable fields such as the default Executive Summary and the "Type" of report. Valid types are threatByThreat, applicationAsset, or vulnerability. Other types of reports are not currently supported by this script.
- Open a "cmd" prompt, and "Run as Administrator".
- Execute the following command. (Remember, if you copied the script and config file somewhere besides "C:" to amend the command first):
schtasks /create /tn "Monthly Threat Report" /tr "powershell.exe 'C:\generateReportGlobalLast30.ps1'" /sc daily /mo 30 /st 00:01 /ru System
- Press Enter. You should receive a success message.
- You can open Task Scheduler and look at the Task Scheduler library to confirm the creation of the task and it's next schedule time. The first report will run 30 days from now, you can run the first one by right-clicking the task and clicking Run.
That's all there is to it! As long as your machine is on and connected to the internet it should automatically generate a report every thirty days that you can view in the Reports section.