CyCLI Powershell module usage examples
(import-excel .\HashesFromExcel.xlsx).Hash | Add-CyHashToGlobalList -List GlobalQuarantineList -Category None -Reason "Test" -VerboseThis will globally safelist all Trusted-Local classified detections that are currently quarantined.
(get-cydevicelist | %{ Get-CyDeviceThreatList -Device $_ | where classification -eq "Trusted" | where status -eq "Quarantined" }).sha256 | Sort-Object -Unique | Add-CyHashToGlobalList -List GlobalSafeList -Category None -Reason "Trusted-Local"get-cydevicelist | Get-CyDeviceDetail | where date_offline -ne $null | where date_offline -lt (Get-Date).AddDays(-5)Get-CyPolicyList | %{ (Get-CyPolicy -Policy $_) | script_control.global_settings.allowed_folders }Get-CyPolicyList | Get-CyPolicy | %{ $_.memoryviolation_actions.memory_exclusion_list }get-cypolicylist | Get-CyPolicy | convertto-json | Out-File Policies.json$p = New-CyPolicy -Name "Blank Policy" -User myconsoleuser@company.com
$p | Update-CyPolicy -User myconsoleuser@company.com$policy = get-cypolicylist | where name -eq "ALLOW (Files: Alert, Mem: Alert, Script: Alert)"
$device = get-cydevicelist | where name -eq "JTIETZE-OPTICS1"
Set-CyPolicyForDevice -Device $device -Policy $policy$p = (Get-CyPolicyList)[0] | Get-CyPolicy
$p | Add-CyPolicyListSetting -Type MemDefExclusionPath -Value "\\some\app.exe"
$p | Add-CyPolicyListSetting -Type ScanExclusion -Value "c:\\somedir\\somewhere\\"
$p | Update-CyPolicy -User myconsoleuser@company.comCopy-CyPolicy -SourcePolicyName "SCADA (Files: Block, Mem: Terminate, Script: Block, App Control: On)" -TargetPolicyName "SCADA2" -User myconsoleuser@company.comGet-CyDetectionList | where severity -ne "Low" | ftUpdate all detections on one system:
(Get-CyDetectionList) | Where-Object { $_.Device.Name -eq "OCULEUS" } | Update-CyDetection -Status 'False Positive'