Skip to content

task shell

Jump to bottom
MBromiley edited this page May 16, 2019 · 1 revision

Pollen Logo

pollen has a command shell which allows you to interact with TheHive without having to leave the command line. The command shell is based off of Python's Cmd class, and is dynamic in that it changes as you move through cases and tasks. There are technically four different shells within pollen; in this page we're examining the 'task' shell.

Accessing the pollen shell

To hop into pollen's case shell, run the following:

python3 pollen.py -c
(pollen) case

Select a case, which will change your prompt to the following:

(pollen) (case: <selected_case_title>)

Select a task using take, which will change your prompt to the following

(pollen) (case: <selected_case_title>) take
...
(pollen) (case: <selected_case_title>) (task: <selected_task_title)

If you are greeted with a question to setup your configuration, please check out the configuration Wiki page first!

Navigation Notes

pollen is built on multiple shells that have situational-awareness. Meaning, you cannot add a task log without first being in a case and task command prompt! However, each shell has the following options:

  • back: Back to the previous shell
  • exit: Exit back to the previous shell
  • clear: Clear the screen (simply runs the Linux clear command)
  • All inputs will accept Ctrl+C to drop you back to the previous menu

task shell

Your command prompt will look like: (pollen) (case: <selected_case_title>) (task: <selected_task_title>)

This is your task shell prompt, which means you've selected a particular case AND task and can perform operations that impact that task. Your options include:

log

The log command allows you to store a new log entry/finding/detail with that particular task. Note that log is merely meant for text updates; these can be as long as you want. Anything after the word log is recorded as a note.

Here's some sample input and output:

(pollen) (case: Sample Case Title) (task: Yet another sample task) log Here is a sample log entry
Inserting the following log entry:

Here is a sample log entry

logfile

Similar to the log command, logfile allows you to store a log entry AND upload a corresponding file. You'll need to separate the log entry from the file location with the symbols &&. For example, your input may look like the following:

(pollen) (case: Sample Case Title) (task: Yet another sample task) logfile I found suspicious DNS requests to the known-bad C2 && /path/to/dns/log/entries.log

pollen will split on the && characters, treating the first field as the text and the second as the file. Note that you'll need to provide a full path to the file you want to upload. Future versions will likely work on making this a bit cleaner.

pollen wiki

Clone this wiki locally