Functions/New-MCASDiscoveryDataSource.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
function New-MCASDiscoveryDataSource {
    [CmdletBinding()]
    param
    (
        # Specifies the credential object containing tenant as username (e.g. 'contoso.us.portal.cloudappsecurity.com') and the 64-character hexadecimal Oauth token as the password.
        [Parameter(Mandatory=$false)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]$Credential = $CASCredential,

        # Specifies the name of the data source object to create
        [Parameter(Mandatory=$true)]
        [ValidateNotNullOrEmpty()]
        [ValidateLength(1,64)]
        [ValidatePattern('^[A-Za-z\d-_]+$')]
        [string]$Name,
        
        # Specifies the appliance type to use for the format of the block script
        [Parameter(Mandatory=$true)]
        [device_type]$DeviceType,

        # Specifies the type of receiver to create. Possible Values: FTP|Syslog-UDP|Syslog-TCP
        [Parameter(Mandatory=$true)]
        [ValidateSet('FTP','FTPS','Syslog-UDP','Syslog-TCP','Syslog-TLS')]
        [string]$ReceiverType,

        # Specifies whether to replace the usernames with anonymized identifiers in MCAS (audited de-anonymization of these identifiers is possible)
        [switch]$AnonymizeUsers
    )

    $body = [ordered]@{'anonymizeUsers'=$AnonymizeUsers;'displayName'=$Name;'logType'=($DeviceType -as [int]);}
    
    switch ($ReceiverType) {
        'FTP' {
            $body.Add('receiverType','ftp')
            $body.Add('receiverTypeFull','ftp')
        }
        'FTPS' {
            $body.Add('receiverType','ftps')
            $body.Add('receiverTypeFull','ftps')
        }
        'Syslog-UDP' {
            $body.Add('protocol','udp')
            $body.Add('receiverType','syslog')
            $body.Add('receiverTypeFull','syslog-udp')
        }
        'Syslog-TCP' {
            $body.Add('protocol','tcp')
            $body.Add('receiverType','syslog')
            $body.Add('receiverTypeFull','syslog-tcp')
        }
        'Syslog-TLS' {
            $body.Add('protocol','tls')
            $body.Add('receiverType','syslog')
            $body.Add('receiverTypeFull','syslog-tls')
        }
    }

    try {
        $response = Invoke-MCASRestMethod -Credential $Credential -Path "/cas/api/v1/discovery/data_sources/" -Method Post -Body $body
    }
    catch {
        throw "Error calling MCAS API. The exception was: $_"
    }
}