PSFalcon

1.4.2

real-time-response/Send-RtrCommand.psm1

                                function Send-RtrCommand {

<#

    .SYNOPSIS

        Batch executes a RTR command across the hosts mapped to the given batch ID. This function

        selects the permission level to use based on the command selected

    .PARAMETER ID

        Batch ID to execute the command on

    .PARAMETER COMMAND

        Command to execute

    .PARAMETER STRING

        Command string (text that follows the 'base command')

    .PARAMETER TIMEOUT

        Time to wait for the command request in seconds [default: 30, maximum 600]

    .PARAMETER OPTIONAL

        List of a subset of hosts we want to run the command on. If this list is supplied, only

        these hosts will receive the command

#>

    [CmdletBinding()]

    [OutputType([psobject])]

    param(

        [Parameter(Mandatory = $true)]

        [ValidateLength(36,36)]

        [string]

        $Id,

        [Parameter(Mandatory = $true)]

        [ValidateSet('cat', 'cd', 'clear', 'cp', 'encrypt', 'env', 'eventlog', 'filehash', 'getsid', 'help',

        'history', 'ipconfig', 'kill', 'ls', 'map', 'memdump', 'mkdir', 'mount', 'mv', 'netstat', 'ps', 'put',

        'reg delete', 'reg load', 'reg unload', 'reg set', 'reg query', 'restart', 'rm', 'run', 'runscript',

        'shutdown', 'unmap', 'xmemdump', 'zip')]

        [string]

        $Command,

        [string]

        $String,

        [ValidateRange(30,600)]

        [int]

        $Timeout = 30,

        [array]

        $Optional

    )

    begin{

        # Real-time Response permission scopes

        $Admin = @('put', 'run', 'runscript')

        $ActiveResponder = @('cp', 'encrypt', 'kill', 'map', 'memdump', 'mkdir', 'mv', 'reg delete',

        'reg load', 'reg unload', 'reg set', 'restart', 'rm', 'shutdown', 'unmap', 'xmemdump', 'zip')

    }

    process{

        $Param = @{

            Method = 'post'

            Header = @{

                accept = 'application/json'

                'content-type' = 'application/json'

            }

            Body = @{

                base_command = $Command

                batch_id = $Id

                command_string = ($Command + ' ' + $String)

            }

        }

        if ($Command -cin $Admin) {

            $Param['Uri'] = '/real-time-response/combined/batch-admin-command/v1'

        }

        elseif ($Command -cin $ActiveResponder) {

            $Param['Uri'] = '/real-time-response/combined/batch-active-responder-command/v1'

        }

        else {

            $Param['Uri'] = '/real-time-response/combined/batch-command/v1'

        }

        switch ($PSBoundParameters.Keys) {

            'Timeout' { $Param.Uri += '?timeout=' + [string] $Timeout }

            'Optional' { $Param.Body['optional_hosts'] = $Optional }

            'Verbose' { $Param['Verbose'] = $true }

            'Debug' { $Param['Debug'] = $true }

        }

        $Param.Body = $Param.Body | ConvertTo-Json

        Invoke-CsAPI @Param

    }

}