Trusted Activities Commands¶
trusted-activities¶
View and manage trusted activities.
Usage:
trusted-activities [OPTIONS] COMMAND [ARGS]...
Options:
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities add¶
Add a new trusted activity.
Usage:
trusted-activities add [OPTIONS] COMMAND [ARGS]...
Options:
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities add account¶
Trust activity for a specific corporate account specified by ACCOUNT_NAME for cloud sync apps installed on user devices.
Use the --dropbox and/or --one-drive options to indicate trusted cloud sync services for this account.
Usage:
trusted-activities add account [OPTIONS] ACCOUNT_NAME
Options:
--description TEXT Optional description.
--dropbox Trust Dropbox as a cloud sync service.
--one-drive Trust OneDrive as a cloud sync service.
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities add domain¶
Trust activity across an entire DOMAIN (ex: my-domain.com).
The following activities can be configured:
--file-upload- Trust file uploads to this domain. Defaults to false.--git-push- Trust git push events to this domain. Defaults to false.--cloud-sync-services[BOX|GOOGLE_DRIVE|ICLOUD|ONE_DRIVE] - Trust cloud sync activity from the specified service(s) if the username signed into the sync app is on this domain. If you want to only trust activity for a specific corporate account, add a trusted account name instead.--cloud-share-services[BOX|GOOGLE_DRIVE|ONE_DRIVE] - Trust cloud share activity from the specified service(s) if the user its shared with is on this domain. You must have a cloud connector configured for your tenant to support this trusted action.--email-share-services[GMAIL|MICROSOFT_365] - Trust email share activity from the specified service(s) if the email recipient is on this domain. You must have an email connector configured for your tenant to support this trusted action.
Multiple options can be supplied to specify cloud-share, cloud-sync, and email-share services.
For example, the following command will create a trusted domain that trusts file-uploads to the domain and cloud sync events from BOX and ICLOUD.
trusted-activities add domain --file-upload --cloud-sync-services BOX --cloud-sync-services ICLOUD
Usage:
trusted-activities add domain [OPTIONS] DOMAIN
Options:
--description TEXT Optional description.
--file-upload Trust file upload events to where the tab
URL or title includes this domain.
--git-push Trust git push events to this domain.
--cloud-sync [BOX|GOOGLE_DRIVE|ICLOUD|ONE_DRIVE]
Specify which cloud sync service(s) to
trust.
--cloud-share [BOX|GOOGLE_DRIVE|ONE_DRIVE]
Specify which cloud share service(s) to
trust.
--email-share [GMAIL|MICROSOFT_365]
Specify which email share service(s) to
trust.
-f, --format SINGLEFORMAT Format to print result. One of 'rich',
'json-pretty', or 'json-lines'. If
environment has INCYDR_USE_RICH=false set,
defaults to 'json-lines', else defaults to
'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities add git-repo¶
Trust file upload activity to a git repository. Requires a GIT_URI path (ex: bitbucket.org:exampleent/myrepo).
Usage:
trusted-activities add git-repo [OPTIONS] GIT_URI
Options:
--description TEXT Optional description.
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities add slack-workspace¶
Trust activity uploaded through a Slack workspace specified by WORKSPACE_NAME.
Usage:
trusted-activities add slack-workspace [OPTIONS] WORKSPACE_NAME
Options:
--description TEXT Optional description.
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities add url-path¶
Trust browser uploads to only part of a domain by trusting a specific URL_PATH (ex: my-domain.com/path).
Usage:
trusted-activities add url-path [OPTIONS] URL_PATH
Options:
--description TEXT Optional description.
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities delete¶
Delete a trusted activity.
Usage:
trusted-activities delete [OPTIONS] ACTIVITY_ID
Options:
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities list¶
List all trusted activities.
Usage:
trusted-activities list [OPTIONS]
Options:
--activity-type ACTIVITYTYPE
-f, --format TABLEFORMAT Format to print result. One of 'table', 'json-
pretty', 'json-lines', or 'csv. If environment
has INCYDR_USE_RICH=false set, defaults to
'json-lines', else defaults to 'table'.
--columns TEXT Comma-delimited string of column names. Nested
values should be specified in dot-notation.
Limits output to contain only the specified
columns in CSV or Table format. Ignored for
JSON output formats.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities show¶
Show details for a single trusted activity.
Includes general info on the trusted activity, as well as any 'Activity Action Groups', which specify
various trusted service configurations (if applicable). For example, a trusted domain may include an activity
action group indicating GMAIL as a trusted email sharing service.
Usage:
trusted-activities show [OPTIONS] ACTIVITY_ID
Options:
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.
trusted-activities update¶
Update a trusted activity.
Usage:
trusted-activities update [OPTIONS] ACTIVITY_ID
Options:
--type TEXT
--value TEXT
--description TEXT
--high-value-source BOOLEAN
-f, --format SINGLEFORMAT Format to print result. One of 'rich', 'json-
pretty', or 'json-lines'. If environment has
INCYDR_USE_RICH=false set, defaults to 'json-
lines', else defaults to 'rich'.
--log-stderr Enable logging to stderr.
--log-file TEXT Specify file path to write log output to.
--log-level TEXT Set level for Incydr client logging.
--help Show this message and exit.