Skip to content
CyCLI Powershell module
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information. Fixed extraneous policy check bug in Set-CyPolicyForDevice Mar 8, 2019 Added file. Jan 7, 2019
CyAPI.ps1 Significant performance improvement in type conversion Feb 1, 2019
CyCLI.psd1 Fixed extraneous policy check bug in Set-CyPolicyForDevice Mar 8, 2019
CyCLI.psm1 v0.9.4 Jan 29, 2019
CyConvenience.ps1 Application definitions only support ONE file now Dec 4, 2018
CyCrypto.ps1 Renamed Get-JWTToken, added first OPTICS API, prepared for auto-renew… Jul 26, 2018
CyDATA_ApplicationDefinitions.json Updated app definitions with valid paths for script control for SCCM Mar 8, 2019
CyDevices.ps1 Updated Convert-CyObject to support 'Fields' parameter, Read-CyData s… Jan 25, 2019
CyGlobalLists.ps1 Reverted a change because it caused a regression Feb 1, 2019
CyHelper.ps1 Created generic dynamic parameter generator for Powershell Dec 4, 2018
CyInstallers.ps1 Added support for token auto-renewal, Clear-CyAPIHandle, "set policy"… Jul 31, 2018
CyOpticsDetections.ps1 Added values for $Fields parameter Jan 29, 2019
CyOpticsInstaQuery.ps1 Added convenience method to default to 'Name' for 'Description' for n… Jan 15, 2019
CyOpticsPackages.ps1 Added more OPTICS APIs + reorganized files due to number of APIs that… Dec 4, 2018
CyOpticsRules.ps1 Optics rules and exceptions support Jan 25, 2019
CyPolicies.ps1 Fixed extraneous policy check bug in Set-CyPolicyForDevice Mar 8, 2019
CyTDR.ps1 Added cmdlet to download all TDRs from consoles.json Oct 8, 2018
CyThreats.ps1 Added checks, changed formatting Jan 29, 2019
CyUsers.ps1 Added more user transactions Oct 6, 2018
CyZones.ps1 Updated Get-CyZone to fix a bug Mar 8, 2019 Updated links to FAQ, examples repo in README and FAQ Aug 11, 2018
Invoke-InstallModule.ps1 Support Optics rules Jan 25, 2019
LICENSE.txt Rename license.txt to LICENSE.txt Apr 4, 2018 Clarified docs Aug 20, 2018 Fixed noun names for Get-CyDeviceDetail in examples (used to be Get-C… May 26, 2018 Typo corrected from issue #5, added example Feb 4, 2019


API & CLI tools for Cylance


You can find the FAQ here in this repository.


You can find the CyCLI examples on Github, too.

Prerequisites & Installation

All instructions assume PowerShell 5.0 or greater. Download the latest Microsoft Management Framework if you are on an earlier version.

Install from PowerShell Gallery

  1. From an administrative PowerShell prompt, enter Install-Module CyCLI
  2. To use, Import-Module CyCLI

You can install from source too, but only do this if you want to contribute new code to the module, and know what you are doing and why.. Instructions for manual install.

If you receive this error message this:

WARNING: The specified module 'CyCLI' with PowerShellGetFormatVersion '2.0' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this module, 'CyCLI'.

Then you need to upgrade PowerShellGet to install. This is caused by a change in the minimum required PowerShellGet package version for To fix it, from an administrative PowerShell prompt, enter Update-Module PowerShellGet -force, and after it completes successfully, restart the administrative PowerShell prompt and follow the instructions above again.

See all verbs

get-help *-cy*

Getting started

API credentials: Persistent Storage

The module uses a consoles.json file that can reside in your user profile path ($HOME) or a special subdirectory ($HOME\TDRs\). The module will automatically create the file in your user profile path if none exists when you add your first console entry, or use an existing file in either path (with precedence for $HOME\TDRs).

It will also automatically create the consoles.json file for you when you run any New-CyConsoleConfig commands.

Import the module

All examples assume you have imported the module using Import-Module CyCLI first.

Proxy support

If you need to use a proxy, run Set-CyGlobalSettings as the first cmdlet in any API session to configure proxy settings.

Create your first API connection

To get started, run New-CyConsoleConfig and answer all prompts. Run get-help New-CyConsoleConfig to look up the possible values for the Region argument.

Note: If you choose to supply parameters rather than answering prompts, please note that the API secret cannot be given as a literal string command line argument because it is processed as a secure string (and stored using DPAPI).

The Console argument throughout the module is a string that you can use to reference a set of credentials, so you do not have to remember/reference it yourself. An added advantage is that credentials are stored protected by DPAPI and you do not need to worry about accidentally sharing them when sharing your scripts.

Example use of Powershell cmdlets for the console API

To obtain API authorization valid for 30 minutes if you have configured your Consoles.json file:

Get-CyAPI -Console <myconsoleID>

If you did not configure Consoles.json, you can provide the secrets directly:

Get-CyAPI -APIId $APIId -APISecret $APIsecret -APITenantId $TenantId

To obtain collections of all devices, zones, and policies:

Get-CyDeviceList | Get-CyDeviceDetail

To obtain the detailed information for one particular device:

$devices = Get-CyDeviceList
Get-CyDeviceDetail -Device $devices[0]

To add all devices that have names like JTIETZE-* to a new zone TESTOMAT with policy Default:

Create-CyZone -Name "TESTOMAT" -Policy 
$d = Get-CyDeviceList | Where name -like "*JTIETZE-*"
$z = Create-CyZone -Name "TESTOMAT" -Criticality Low
$d | Add-CyDeviceToZone -Zone $z

To obtain the details of all threats in the environment, you can either enumerate all threats for each device:

$threats = Get-CyDeviceList | Get-CyDeviceThreatList
$threatDetails = $threats.sha256 | Get-CyThreatDetails

Or get the whole list of threats:

$threats = Get-CyThreatList

(and then, if you need instance details, use Get-CyThreatDeviceList)


  • Automatic substitution of illegal characters in e.g. zone names to prevent API errors
You can’t perform that action at this time.