PSM365Security

1.0.0.1

Submit-Indicatior.ps1

                                Function Submit-Indicatior

{

    <#

    .SYNOPSIS

        Submit Defender indicatior.

    .PARAMETER Token

        Authorization token.

    .PARAMETER Body

        Indicatior content.

    .EXAMPLE

        $Indicator = @{

            indicatorValue = $Attribute.value

            indicatorType = "IpAddress"

            action = "Block"

            title = $EventDetails.info

            severity = $Severity

            description = $Attribute.comment

            expirationTime = $MISPAddDate.AddMonths(3).ToString("yyyy-MM-ddTHH:mm:ssZ")

            recommendedActions =  $recommendedActions

        }

        Submit-Indicatior -Token $Token -Body $Indicator

    .NOTES

        Author: Michal Gajda

    .LINK

        https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/post-ti-indicator?view=o365-worldwide

    #>

    [CmdletBinding()]

    Param

    (

        [Parameter(Mandatory = $true)]

        $Token,

        [Parameter(Mandatory = $true)]

        $Body

    )

    Begin {}

    Process

    {

        $Headers = @{

            'Content-Type' = 'application/json'

            Accept = 'application/json'

            Authorization = "Bearer $Token"

        }

        $Uri = "https://api.securitycenter.windows.com/api/indicators"

        $Request = @{

            Method = "POST"

            Uri = $Uri

            Headers = $Headers

            Body = ($Body | ConvertTo-Json)

            ErrorAction = "Stop"

        }

        $Response = Invoke-RestMethod @Request

        Return $Response

    }

    End {}

}