stairwell-powershell is a PowerShell module to aid in the utilization of the Stairwell platform. stairwell-powershell is comprised of the following cmdlets:
Manage and get insights about your active Stairwell forwarders.
Creates and applies a new tag for an asset.
Obtains the asset infomation for a given AssetId.
Obtains the all assets for a given Stairwell environment
Obtains the asset's tag infomation for a given AssetId
Obtains the default asset id for a given Stairwell environment
Deletes the specified tag for an asset
Tools for analyzing, classifying, or interacting with objects/files.
Creates a new comment for an object.
Creates and applies a new opinion for an object.
Creates and applies a new tag for an object.
Search all Stairwell objects using a CEL query.
Gets the object detonation report from Stairwell.
Gets the comments for a given object from Stairwell.
Gets the object metadata from Stairwell which includes: file size, various hash values, malEval analysis, Yara rule matches, etc.
Gets the most recent object opinion from Stairwell
Gets the object sightings (if any in the working environment) from Stairwell.
Gets the object tags from Stairwell.
Gets the object variants (statistically similar files) from Stairwell
Triggers a new detonation for the parent object.
Downloads the full object to the user's local device.
Deletes the specified tag for an object
Function that sends files to Stairwell for analysis.
Analyze and investigate hosts and domains associated to objects
Creates and applies a new comment for a hostname.
Creates and applies a new opinion for an object.
Creates and applies a new tag for a hostname.
Gets the host comments from Stairwell.
Gets the hostname metadata from Stairwell.
Gets the hostname opinions from Stairwell.
Gets the hostname opinions from Stairwell.
Deletes the specified tag for a hostname.
Analyze and investigate IP addresses associated to objects.
Creates a new comment for a IpAddress.
Creates and applies a new opinion for an IpAddress.
Creates and applies a new tag for a IpAddress.
Gets the IpAddress comments from Stairwell.
Gets the IpAddress metadata from Stairwell.
Gets the current IpAddress opinion from Stairwell.
Deletes the specified tag for a IpAddress.
Use Yara Rules to instantly hunt and search across all assets and author new detections.
Creates and applies a new tag for a Yara rule.
Edits/updates a given Yara rule.
Obtains the metadata and definition for a given Yara rule.
Obtains the tag metadata for a given Yara rule.
Add a new Yara rule to the given Stairwell environment
Deletes a Yara rule.
Deletes the specified tag for a Yara rule.
Miscellaneous helper functions
Gets the curretnly active Stairwell environment variables.
Enables the Stairwell module by accepting the Stairwell Environment ID and API Token.
Refer to the comment-based help in each individual script for detailed usage information.
To install this module, drop the entire stairwell-powershell folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules" The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
Depending on execution policy and where you store this module, you may need to run Get-ChildItem <path to this module folder> -recurse | Unblock-File
To use the module, type Import-Module Stairwell or Import-Module -Path <path to this module folder>
To see the commands imported, type Get-Command -Module Stairwell
(C) Stairwell 2024 | Author: JT Wells