Lib/Default/en-US/FileInspectorX.PowerShell.dll-Help.xml
|
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <!-- Cmdlet: Get-FileInsight --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-FileInsight</command:name> <command:verb>Get</command:verb> <command:noun>FileInsight</command:noun> <maml:description> <maml:para>Analyzes files and returns a full FileAnalysis object by default, with optional compact views.</maml:para> <maml:para>By default (-View Raw), returns the full FileAnalysis with detection, flags, permissions (unless excluded), signatures, installer metadata, references and assessment. Use -View to project compact views (Summary/Detection/Analysis/Permissions/Signature/References/Assessment/Installer/ShellProperties). Each view exposes Raw with the full FileAnalysis for drill-down.</maml:para> </maml:description> </command:details> <command:syntax> <!-- Parameter set: Path --> <command:syntaxItem> <maml:name>Get-FileInsight</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0" aliases="FullName"> <maml:name>Path</maml:name> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ComputeSha256 --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ComputeSha256</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DetectOnly --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DetectOnly</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeAssessment --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeAssessment</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeContainer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeContainer</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeInstaller --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeInstaller</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludePermissions --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludePermissions</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeReferences --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeReferences</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeShellProperties --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeShellProperties</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeSignature --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeSignature</maml:name> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MagicHeaderBytes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MagicHeaderBytes</maml:name> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: View --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>View</maml:name> <command:parameterValue required="true">InsightView</command:parameterValue> <dev:type> <maml:name>FileInspectorX.InsightView</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Raw</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Raw</command:parameterValue> <command:parameterValue required="false" variableLength="false">Analysis</command:parameterValue> <command:parameterValue required="false" variableLength="false">Detection</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permissions</command:parameterValue> <command:parameterValue required="false" variableLength="false">Signature</command:parameterValue> <command:parameterValue required="false" variableLength="false">Summary</command:parameterValue> <command:parameterValue required="false" variableLength="false">References</command:parameterValue> <command:parameterValue required="false" variableLength="false">Assessment</command:parameterValue> <command:parameterValue required="false" variableLength="false">Installer</command:parameterValue> <command:parameterValue required="false" variableLength="false">ShellProperties</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="0" aliases="FullName"> <maml:name>Path</maml:name> <maml:description> <maml:para>One or more file paths to analyze. Accepts pipeline input of strings and resolves PowerShell provider paths.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: View --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>View</maml:name> <maml:description> <maml:para>Output shape to emit. Defaults to Raw (full FileAnalysis object). Other values: Summary, Detection, Analysis, Permissions, Signature, References, Assessment, Installer, ShellProperties.</maml:para> <maml:para>Possible values: Raw, Analysis, Detection, Permissions, Signature, Summary, References, Assessment, Installer, ShellProperties</maml:para> </maml:description> <command:parameterValue required="true">InsightView</command:parameterValue> <dev:type> <maml:name>FileInspectorX.InsightView</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Raw</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Raw</command:parameterValue> <command:parameterValue required="false" variableLength="false">Analysis</command:parameterValue> <command:parameterValue required="false" variableLength="false">Detection</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permissions</command:parameterValue> <command:parameterValue required="false" variableLength="false">Signature</command:parameterValue> <command:parameterValue required="false" variableLength="false">Summary</command:parameterValue> <command:parameterValue required="false" variableLength="false">References</command:parameterValue> <command:parameterValue required="false" variableLength="false">Assessment</command:parameterValue> <command:parameterValue required="false" variableLength="false">Installer</command:parameterValue> <command:parameterValue required="false" variableLength="false">ShellProperties</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DetectOnly --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DetectOnly</maml:name> <maml:description> <maml:para>Return only detection result (skip analysis). Back-compat shim for -View Detection.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ComputeSha256 --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ComputeSha256</maml:name> <maml:description> <maml:para>Compute SHA-256 of the file and include in output.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MagicHeaderBytes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MagicHeaderBytes</maml:name> <maml:description> <maml:para>Capture first N bytes of the header as uppercase hex.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludePermissions --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludePermissions</maml:name> <maml:description> <maml:para>Exclude permissions/ownership snapshot from the analysis.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeSignature --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeSignature</maml:name> <maml:description> <maml:para>Exclude signature/Authenticode and package signature analysis.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeReferences --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeReferences</maml:name> <maml:description> <maml:para>Exclude references extraction (Task XML, scripts.ini/xml).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeInstaller --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeInstaller</maml:name> <maml:description> <maml:para>Exclude installer/package metadata (MSIX/APPX/VSIX/MSI).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeContainer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeContainer</maml:name> <maml:description> <maml:para>Exclude container triage (ZIP/TAR sampling, subtype and inner hints).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeAssessment --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeAssessment</maml:name> <maml:description> <maml:para>Exclude assessment (score/decision/codes).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ExcludeShellProperties --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ExcludeShellProperties</maml:name> <maml:description> <maml:para>Exclude Windows shell properties (Explorer Details).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: AnalysisView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.AnalysisView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: AssessmentView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.AssessmentView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: DetectionView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.DetectionView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: FileAnalysis --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.FileAnalysis</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: InstallerView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.InstallerView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: PermissionsView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.PermissionsView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: ReferencesView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.ReferencesView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: ShellPropertiesView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.ShellPropertiesView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: SignatureView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.SignatureView</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: SummaryView --> <command:returnValue> <dev:type> <maml:name>FileInspectorX.SummaryView</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- Example 1 ----------</maml:title> <dev:code>Get-FileInsight -Path C:\\files\\sample.docx</dev:code> <dev:remarks> <maml:para>Analyze a single file</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 2 ----------</maml:title> <dev:code>Get-FileInsight -Path .\\payload.bin -DetectOnly</dev:code> <dev:remarks> <maml:para>Detect only (no analysis)</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 3 ----------</maml:title> <dev:code>Get-ChildItem -Filter *.exe -File -Recurse | Get-FileInsight -View Detection</dev:code> <dev:remarks> <maml:para>Detect only for all EXE files under current directory</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 4 ----------</maml:title> <dev:code>Get-ChildItem -File -Recurse | Get-FileInsight -View Summary -ExcludeSignature -ExcludeInstaller</dev:code> <dev:remarks> <maml:para>Summarize a directory, skipping signature and installer enrichment</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- Example 5 ----------</maml:title> <dev:code>Get-FileInsight -Path .\\app.exe -ComputeSha256 -MagicHeaderBytes 16</dev:code> <dev:remarks> <maml:para>Include SHA-256 and first 16 bytes header (hex)</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> </helpItems> |