exports/ProxyCmdletDefinitions.ps1
# ---------------------------------------------------------------------------------- # # Copyright Microsoft Corporation # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ---------------------------------------------------------------------------------- <# .Synopsis Query the API for Directory Insights events .Description Query the API for Directory Insights events .Example PS C:\> (Get-JcSdkEvent -Service:('all') -StartTime:('2020-04-15T00:00:00Z') -EndTime:('2020-04-16T23:00:00Z')).ToJsonString() | ConvertFrom-Json Pull all event records between Tue, 14 Apr 2020 18:00:00 -0600 to Thu, 16 Apr 2020 17:00:00 -0600 .Example PS C:\> (Get-JcSdkEvent -Service:('directory') -StartTime:('2020-04-15T00:00:00Z') -Limit:('10') -EndTime:('2020-04-16T23:00:00Z')).ToJsonString() | ConvertFrom-Json Limit directory results to last 10 in the time range .Example PS C:\> (Get-JcSdkEvent -Service:('directory') -StartTime:('2020-04-15T00:00:00Z') -Sort:("DESC") -EndTime:('2020-04-16T23:00:00Z')).ToJsonString() | ConvertFrom-Json Sort directory descending results against timestamp value .Example PS C:\> (Get-JcSdkEvent -Service:('directory') -StartTime:('2020-04-15T00:00:00Z') -Limit:('10') -EndTime:('2020-04-16T23:00:00Z') -searchTermAnd:@{"event_type" = "group_create"}).ToJsonString() | ConvertFrom-Json Get only group_create events during a time range .Example PS C:\> (Get-JcSdkEvent -Service:('all') -StartTime:('2020-04-14T00:00:00Z') -EndTime:('2020-04-20T23:00:00Z') -SearchTermOr @{"initiated_by.username" = @("user.1", "user.2")}).ToJsonString() | ConvertFrom-Json Get login events initiated by either "user.1" or "user.2" .Example PS C:\> (Get-JCEvent -Service:('all') -StartTime:('2020-04-14T00:00:00Z') -EndTime:('2020-04-20T23:00:00Z') -SearchTermAnd @{"event_type" = "admin_login_attempt"; "resource.email" = "admin.user@adminbizorg.com"}).ToJsonString() | ConvertFrom-Json Get all events between a date range and match event_type = admin_login_attempt and resource.email = admin.user@adminbizorg.com .Example PS C:\> (Get-JcSdkEvent -Service:('sso') -StartTime:('2020-04-14T00:00:00Z') -EndTime:('2020-04-20T23:00:00Z') -SearchTermAnd @{"initiated_by.username" = "user.1"}).ToJsonString() | ConvertFrom-Json Get sso events with the search term initated_by: username with value "user.1" .Example PS C:\> (Get-JcSdkEvent -Service:('all') -StartTime:('2020-04-14T00:00:00Z') -EndTime:('2020-04-20T23:00:00Z') -SearchTermAnd @{"event_type" = "organization_update"}).ToJsonString() | ConvertFrom-Json Get all events filtered by organization_update term between a date range .Inputs JumpCloud.SDK.DirectoryInsights.Models.IEventQuery .Outputs JumpCloud.SDK.DirectoryInsights.Models.IPost200ApplicationJsonItemsItem .Outputs System.String .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. EVENTQUERYBODY <IEventQuery>: EventQuery is the users' command to search our auth logs [EndTime <String>]: optional query end time, UTC in RFC3339 format [Fields <String[]>]: optional list of fields to return from query [Limit <Int64?>]: Max number of rows to return [SearchAfter <String[]>]: Specific query to search after, see x-* response headers for next values [SearchTermAnd <ISearchTermAnd>]: list of event terms. If all terms match the event will be returned by the service. [(Any) <Object>]: This indicates any property can be added to this object. [SearchTermOr <ISearchTermOr>]: list of event terms. If any term matches, the event will be returned by the service. [(Any) <Object>]: This indicates any property can be added to this object. [Service <String[]>]: service name to query. Known services: systems,radius,sso,directory,ldap,all [Sort <String>]: ASC or DESC order for timestamp [StartTime <String>]: query start time, UTC in RFC3339 format .Link https://docs.microsoft.com/en-us/powershell/module/jumpcloud.sdk.directoryinsights/get-jcsdkevent #> function Get-JcSdkEvent { [OutputType([JumpCloud.SDK.DirectoryInsights.Models.IPost200ApplicationJsonItemsItem], [System.String])] [CmdletBinding(DefaultParameterSetName='GetExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Get', Mandatory, ValueFromPipeline)] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [JumpCloud.SDK.DirectoryInsights.Models.IEventQuery] # EventQuery is the users' command to search our auth logs # To construct, see NOTES section for EVENTQUERYBODY properties and create a hash table. ${EventQueryBody}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.String] # optional query end time, UTC in RFC3339 format ${EndTime}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.String[]] # optional list of fields to return from query ${Fields}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.Int64] # Max number of rows to return ${Limit}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.String[]] # Specific query to search after, see x-* response headers for next values ${SearchAfter}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [JumpCloud.SDK.DirectoryInsights.Runtime.Info(PossibleTypes=([JumpCloud.SDK.DirectoryInsights.Models.ISearchTermAnd]))] [System.Collections.Hashtable] # list of event terms. # If all terms match the event will be returned by the service. ${SearchTermAnd}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [JumpCloud.SDK.DirectoryInsights.Runtime.Info(PossibleTypes=([JumpCloud.SDK.DirectoryInsights.Models.ISearchTermOr]))] [System.Collections.Hashtable] # list of event terms. # If any term matches, the event will be returned by the service. ${SearchTermOr}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.String[]] # service name to query. # Known services: systems,radius,sso,directory,ldap,all ${Service}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.String] # ASC or DESC order for timestamp ${Sort}, [Parameter(ParameterSetName='GetExpanded')] [JumpCloud.SDK.DirectoryInsights.Category('Body')] [System.String] # query start time, UTC in RFC3339 format ${StartTime}, [Parameter(DontShow)] [JumpCloud.SDK.DirectoryInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [JumpCloud.SDK.DirectoryInsights.Category('Runtime')] [JumpCloud.SDK.DirectoryInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [JumpCloud.SDK.DirectoryInsights.Category('Runtime')] [JumpCloud.SDK.DirectoryInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [JumpCloud.SDK.DirectoryInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [JumpCloud.SDK.DirectoryInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [JumpCloud.SDK.DirectoryInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'JumpCloud.SDK.DirectoryInsights.private\Get-JcSdkEvent_Get'; GetExpanded = 'JumpCloud.SDK.DirectoryInsights.private\Get-JcSdkEvent_GetExpanded'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } |