I’ve been developing and using these functions (one main function named “Invoke-HX_API”) for about a year and a half since I started working with HX. As such it’s been developed as needed, so there isn’t 100% coverage for all the API endpoints, but the important endpoints like hosts (including file acquisitions), alert_groups, and policies are included which covers about 99% of my activities.
Analysts will like the ability grab thousands of alert groups for analysis. Admins will like the ability to pull down their entire host set for evaluation, as well as the ability to programmatically edit policies. One of the design principles of our HX instance is to create separate malware policies based on BU. However, HX policies are not additive; e.g. if you want to make a global exclusion, those exclusions will need to be added to about 10 different polices, and clicking around the webUI is a good way to make a mistake, so doing it via script is much neater, and safer.
Hopefully y’all like it and want to contribute to the project, it’s been an indispensable tool for me as it’s used for several automations that wouldn’t be possible otherwise. If you have any questions they’d probably best be posed on the GitHub page so many can benefit, but if you’d rather stay here in the trust tree that’s fine too.
I’d also be willing to walk through any use cases in a WebEX or something if FEYE wanted to collab, or just for customers, let me know.