Follow these necessary steps to write and run a simple PowerShell script that queries the Red Canary API.
Prerequisites
Before running any code, ensure you have the following:
Create your PowerShell script
Create a PowerShell script called example.ps1, which fetches a list of endpoints from a subdomain.
In your working directory, create a new file called
example.ps1, and then copy the following code into it.# Create a GET request and save the response. $response = Invoke-WebRequest https://.my.redcanary.co/openapi/v3/endpoints ` -Headers @{'X-Api-Key' = ''} ` -Method GET # Print the body of the response. $response.ContentIn
example.ps1, replace with the Red Canary subdomain you want to query.In
example.ps1, replace with your API key.Save
example.ps1.
Run the example
Open PowerShell, and run your example.
.\example.ps1The script should print a JSON object containing the first page of endpoints associated with the subdomain.
Note: You might need to change PowerShell’s execution policy to
RemoteSignedto run your script. For more information, see Change the execution policy in the Microsoft docs.
Customize your request with parameters
You can use HTTP parameters to customize the results of your request. Visit the Red Canary API docs for a list of supported parameters for each API endpoint.
Example: Limit the number of endpoints returned
Limit the number of endpoints returned by example.ps1 using the per_page parameter.
Open
example.ps1, and edit the response to include the-Bodyparameter.$response = Invoke-WebRequest https://.my.redcanary.co/openapi/v3/endpoints ` -Headers @{'X-Api-Key' = ''} ` -Method GET ` -Body @{'per_page' = '1'}This sets the number of requested endpoints to one.
Save
example.ps1, and then run the example. The program should print a JSON object containing exactly one endpoint.