Skip to content
Searches an environment for a SHA256 and collects observed network connections
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Gitter chat

SHA256 to Network Connections:

This script searches an AMP for Endpoints environment for computers that have seen a SHA256, it then fetches their trajectory and parses out the observed network connections associated with that SHA256. You must provide a SHA256 as a command line argument.

NOTE: For use in large environments with over 3000 endpoints it is possible to hit the hourly API rate limit and not get a complete list.

Before using you must update the following:

The authentication parameters are set in the api.cfg

  • client_id
  • api_key


python 438b6ccd84f4dd32d9684ed7d58fd7d1e5a75fe3f3d12ab6c788e6bb0ffad5e7

Example script output:

Computers found: 2
Querying: Demo_AMP_Intel - 14dcfce3-9663-434d-9beb-c8836de035ce
Querying: Demo_Command_Line_Arguments_Kovter - 9fc87138-e65a-48cf-85c2-f5b8834e2109
  UDP ->
  TCP ->
  TCP ->
  TCP ->
  TCP <-
  UDP ->
  TCP ->
  UDP ->
You can’t perform that action at this time.