CyConvenience.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
<#
.SYNOPSIS
 A collection of convenience verbs to work with the Cylance Console API v2.
 
.DESCRIPTION
    Contains methods that are helpful, but do not represent API primitives, or are wrappers around API methods.
 
.LINK
    Blog: http://tietze.io/
    Jan Tietze
#>


<#
.SYNOPSIS
    Gets a user by email
 
.PARAMETER Email
    The user's email address
#>

function Get-CyUserByEmail {
    [CmdletBinding(DefaultParameterSetName="All")] 
    Param (
        [parameter(Mandatory=$false)]
        [CylanceAPIHandle]$API = $GlobalCyAPIHandle,
        [parameter(Mandatory=$true)]
        [string]$Email
        )

    Get-CyUserList -API $API | Where-Object email -eq $Email
}

<#
.SYNOPSIS
    Adds exclusions for a certain application (from an application definition JSON file) to a policy.
 
.PARAMETER Definitions
    The JSON file with definitions.
 
.PARAMETER Application
    The application identifier from the JSON file
 
.PARAMETER Policy
    The policy object to change.
#>

function Add-CyPolicyExclusionsForApplication {
    Param (
        [parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [CylanceAPIHandle]$API = $GlobalCyAPIHandle,
        [Parameter(Mandatory=$true,
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true)]
        [pscustomobject]$Policy
    )
    DynamicParam {
        $Options = (Get-Content "$PSScriptRoot\CyDATA_ApplicationDefinitions.json" | ConvertFrom-Json).Name
        Get-CyDynamicParam -Mandatory -AllowMultiple -ParameterName Application -Options $Options
    }

    Begin {
        $Definitions = (Get-Content "$PSScriptRoot\CyDATA_ApplicationDefinitions.json" | ConvertFrom-Json)
        $ApplicationDefinition = $Definitions | Where-Object name -eq $PSBoundParameters.Application
    }

    Process {
        $ApplicationDefinition.memory_exclusion_list | ForEach-Object {
            Add-CyPolicyListSetting -Type MemDefExclusionPath -Value $_ -Policy $Policy
        }

        $ApplicationDefinition.scan_exception_list | ForEach-Object {
            Add-CyPolicyListSetting -Type ScanExclusion -Value $_ -Policy $Policy
        }

        $ApplicationDefinition.script_allowed_folders | ForEach-Object {
            Add-CyPolicyListSetting -Type ScriptControlExclusionPath -Value $_ -Policy $Policy
        }
    }
}