Functions/Export-MCASBlockScript.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<#
.Synopsis
   Exports a proxy or firewall block script for the unsanctioned apps in your Cloud App Security tenant.
.DESCRIPTION
   Exports a block script, in the specified firewall or proxy device type format, for the unsanctioned apps.
 
   'Export-MCASBlockScript -DeviceType <device format>' returns the text to be used in a Websense block script. Methods available are only those available to custom objects by default.
.EXAMPLE
    PS C:\> Export-MCASBlockScript -DeviceType WEBSENSE
 
    dest_host=lawyerstravel.com action=deny
    dest_host=wellsfargo.com action=deny
    dest_host=usbank.com action=deny
    dest_host=care2.com action=deny
    dest_host=careerbuilder.com action=deny
    dest_host=abcnews.go.com action=deny
    dest_host=accuweather.com action=deny
    dest_host=zoovy.com action=deny
    dest_host=cars.com action=deny
 
    This pulls back string to be used as a block script in Websense format.
 
.EXAMPLE
    PS C:\> Export-MCASBlockScript -DeviceType BLUECOAT_PROXYSG
 
    url.domain=lawyerstravel.com deny
    url.domain=wellsfargo.com deny
    url.domain=usbank.com deny
    url.domain=care2.com deny
    url.domain=careerbuilder.com deny
    url.domain=abcnews.go.com deny
    url.domain=accuweather.com deny
    url.domain=zoovy.com deny
    url.domain=cars.com deny
 
    This pulls back string to be used as a block script in BlueCoat format.
 
.EXAMPLE
    PS C:\> Export-MCASBlockScript -DeviceType WEBSENSE | Set-Content MyWebsenseBlockScript.txt -Encoding UTF8
 
    This pulls back a Websense block script in text string format and creates a new UTF-8 encoded text file out of it.
.FUNCTIONALITY
   Export-MCASBlockScript is intended to function as an export mechanism for obtaining block scripts from Cloud App Security.
 
#>

function Export-MCASBlockScript {
    [CmdletBinding()]
    param
    (
        # Specifies the credential object containing tenant as username (e.g. 'contoso.us.portal.cloudappsecurity.com') and the 64-character hexadecimal Oauth token as the password.
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]$Credential = $CASCredential,

        # Specifies the device type to use for the format of the block script. Possible Values: BLUECOAT_PROXYSG,CISCO_ASA,FORTINET_FORTIGATE,PALO_ALTO,JUNIPER_SRX,WEBSENSE,ZSCALER
        [Parameter(Mandatory=$true,ValueFromPipeline=$false,Position=0)]
        [ValidateSet('BLUECOAT','CISCO_ASA','FORTIGATE','PALO_ALTO','JUNIPER_SRX','WEBSENSE_V7_5','ZSCALER')]
        [alias("Appliance")]
        [device_type]$DeviceType
    )

    try {
        $response = Invoke-MCASRestMethod -Credential $Credential -Path ("/api/discovery_block_scripts/?format="+($DeviceType -as [int])) -Method Get
    }
    catch {
        throw $_  #Exception handling is in Invoke-MCASRestMethod, so here we just want to throw it back up the call stack, with no additional logic
    }

    $response
}