Functions/Get-MCASSiemAgentJarFile.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
function Get-MCASSiemAgentJarFile
{
    [CmdletBinding()]
    param()

    Write-Verbose 'Attempting to download the MCAS SIEM Agent zip file from Microsoft Download Center...'
    try {
        $siemAgentDownloadUrl = ((Invoke-WebRequest -Uri 'https://www.microsoft.com/en-us/download/confirmation.aspx?id=54537' -UseBasicParsing).Links | Where-Object {$_.'data-bi-cN' -eq 'click here to download manually'} | Select-Object -First 1).href
        $siemAgentZipFileName = $siemAgentDownloadUrl.Split('/') | Select-Object -Last 1
        $siemAgentDownloadResult = Invoke-WebRequest -Uri $siemAgentDownloadUrl -UseBasicParsing -OutFile "$pwd\$siemAgentZipFileName"
        Write-Verbose "$siemAgentDownloadResult"

        Write-Verbose 'Attempting to extract the MCAS SIEM Agent jar file from the downloaded zip file.'
        Add-Type -AssemblyName System.IO.Compression.FileSystem
        [System.IO.Compression.ZipFile]::ExtractToDirectory("$pwd\$siemAgentZipFileName", $pwd)
        $jarFile = $siemAgentZipFileName.TrimEnd('.zip')
        Write-Verbose "The extracted MCAS SIEM Agent JAR file is $pwd\$jarFile"
    }
    catch {
        throw "Something went wrong when attempting to download or extract the MCAS SIEM Agent zip file. The error was: $_"
    }
    
    Write-Verbose 'Attempting to cleanup the MCAS SIEM Agent zip file.'
    try {
        Remove-Item "$pwd\$siemAgentZipFileName" -Force
    }
    catch {
        Write-Warning "Something went wrong when attempting to cleanup the MCAS SIEM Agent zip file. The error was: $_"
    } 
    
    "$pwd\$jarFile"
}