Resources/DeviceControl-GET.ps1
|
function Export-S1DeviceControlRules { <# .SYNOPSIS Export Device Control rules to a CSV file. .DESCRIPTION The Export-S1DeviceControlRules cmdlet exports Device Control rules to a CSV file. .PARAMETER accessPermissions Access permission in. Allowed values: 'Not-Applicable', 'Read-Only', 'Read-Write' .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER actions Return device rules with the filtered action. Allowed values: 'Allow', 'Block' .PARAMETER bluetoothAddresses Return device rules with the filtered bluetooth addresses. .PARAMETER createdAt__between Return device rules created within this range (inclusive). Example: "1514978764288-1514978999999". .PARAMETER createdAt__gt Returns device rules created after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__gte Returns device rules created after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lt Returns device rules created before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lte Returns device rules created before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER deviceClasses Return device rules with the filtered device class. Example: "02h". .PARAMETER deviceInformationServiceInfoKeys Return device rules with the filtered device information service info keys. .PARAMETER deviceNames Return device rules with the filtered device names. .PARAMETER gattServices Return device rules with the filtered GATT services. .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER interfaces Return device rules with the filtered interface. Allowed values: 'Bluetooth', 'USB' .PARAMETER manufacturerNames Return device rules with the filtered manufacturer names. .PARAMETER minorClasses Return device rules with the filtered minor classes. .PARAMETER productIds Return device rules with the filtered product id. Example: "02". .PARAMETER query A free-text search term, will match applicable attributes. .PARAMETER ruleName Return device rules with the filtered rule name. .PARAMETER scopes Return only device rules in this scope. Allowed values: 'account', 'global', 'group', 'site' .PARAMETER serviceClasses Return device rules with the filtered service class. Example: "02". .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER statuses Return device rules with the filtered status. Allowed values: 'Disabled', 'Enabled' .PARAMETER tenant Indicates a tenant scope request .PARAMETER uids Return device rules with the filtered uId. .PARAMETER vendorIds Return device rules with the filtered vendor id. .PARAMETER versions Return device rules with the filtered versions. .PARAMETER fileName Name of the file Example: 'MyAgents-2022' The default name format is 'deviceControlRules_id-yyyy-MM-dd_HHmmss' .PARAMETER filePath The location to save the file to Example: 'C:\Logs' The default save location is the current working directory .PARAMETER showReport Open the location where the file was saved to .EXAMPLE Export-S1DeviceControlRules Returns Device Control rules and saves the results to a csv in the current working directory fileName: deviceControlRules-2022-10-29_105845.csv .EXAMPLE Export-S1DeviceControlRules -fileName MyFileName -filePath C:\Logs -showReport Returns Device Control rules and saves the results to a csv in the defined directory with the defined name and opens the location to were the file is saved. fileName: MyFileName.csv .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/DeviceControl/Export-S1DeviceControlRules.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Not-Applicable', 'Read-Only', 'Read-Write' )] [String[]]$accessPermissions, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Allow', 'Block' )] [String[]]$actions, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$bluetoothAddresses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$createdAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceClasses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceInformationServiceInfoKeys, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceNames, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$gattServices, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Bluetooth', 'USB' )] [String[]]$interfaces, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$manufacturerNames, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$minorClasses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$productIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$ruleName, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'account', 'global', 'group', 'site' )] [String[]]$scopes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$serviceClasses, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Disabled', 'Enabled' )] [String[]]$statuses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$uids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$vendorIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$versions, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$fileName = "deviceControlRules-$( Get-date -Format 'yyyy-MM-dd_HHmmss' )", [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$filePath = $( (Get-Location).Path ), [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$showReport ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' {$resource_uri = "/device-control/export"} } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable', 'fileName','filePath','showReport' $body = @{} if ($PSCmdlet.ParameterSetName -eq 'index') { ForEach ($Key in $PSBoundParameters.GetEnumerator()){ if($excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } } try { $fileOutput = "$filePath\$filename.csv" if ( (Test-Path -Path $filePath -PathType Container) -eq $false ){ New-Item -Path $filePath -ItemType Directory > $null } $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -OutFile $fileOutput ` -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } if (Test-Path -Path $fileOutput -PathType Leaf){ Write-Verbose "[ $($fileName) ] was saved to [ $($filePath) ]" if ($showReport){ Invoke-Item -Path $filePath } } else{Write-Warning "[ $($fileName) ] was not saved to [ $($filePath) ]"} } } function Get-S1DeviceControlConfiguration { <# .SYNOPSIS Get Device Control configuration for a given scope. .DESCRIPTION The Get-S1DeviceControlConfiguration cmdlet gets Device Control configuration for a given scope. To filter the results for a scope: Global - Make sure "tenant" is "true" and no other scope ID is given. Account - Make sure "tenant" is "false" and at least one Account ID is given. Site - Make sure "tenant" is "false" and at least one Site ID is given. .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915" .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER tenant Indicates a tenant scope request .EXAMPLE Get-S1DeviceControlConfiguration -tenant Returns the Device Control from a global scope .EXAMPLE Get-S1DeviceControlConfiguration -accountIds 225494730938493804 Returns the Device Control configuration for the defined account .EXAMPLE Get-S1DeviceControlConfiguration -siteIds 225494730938493804 Returns the Device Control configuration for the defined site .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/DeviceControl/Get-S1DeviceControlConfiguration.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' {$resource_uri = "/device-control/configuration"} } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable' $body = @{} ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){ if( $excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } else{ $body += @{ $Key.Key = $Key.Value } } } try { $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } $data = @{} $data = $rest_output return $data } } function Get-S1DeviceControlEvents { <# .SYNOPSIS Get the data of Device Control events on Windows and macOS endpoints with Device Control-enabled Agents that match the filter. .DESCRIPTION The Get-S1DeviceControlEvents cmdlet gets the data of Device Control events on Windows and macOS endpoints with Device Control-enabled Agents that match the filter. Linux Agents do not support Device Control. .PARAMETER access_permissions Access permission in. Allowed values: 'Not-Applicable', 'Read-Only', 'Read-Write' .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER agentIds List of agent Ids to filter by .PARAMETER countOnly If true, only total number of items will be returned, without any of the actual objects. .PARAMETER cursor Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=". .PARAMETER deviceClasses List of device classes to filter by. Example: "02h". .PARAMETER eventIds List of event IDs to filter by .PARAMETER eventTime__between Return events generated created within this range (inclusive). Example: "1514978764288-1514978999999". .PARAMETER eventTime__gt Returns events generated after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER eventTime__gte Returns events generated after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER eventTime__lt Returns events generated before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER eventTime__lte Returns events generated before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER eventTypes List of event types to filter by. .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER interfaces Return device rules with the filtered interface. Allowed values: 'Bluetooth', 'USB' .PARAMETER limit Limit number of returned items (1-1000). Example: "10". .PARAMETER productIds Return device rules with the filtered product id. Example: "02". .PARAMETER query A free-text search term, will match applicable attributes. .PARAMETER serviceClasses Return device rules with the filtered service class. Example: "02". .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER skip Skip first number of items (0-1000). To iterate over more than 1000 items, use "cursor". Example: "150". .PARAMETER skipCount If true, total number of items will not be calculated, which speeds up execution time. .PARAMETER sortBy Sorts the returned results by a defined value Allowed values: 'agentId', 'eventTime', 'eventType', 'id' .PARAMETER sortOrder Sort direction Allowed values: 'asc', 'desc' .PARAMETER tenant Indicates a tenant scope request .PARAMETER uids Return device rules with the filtered uId. .PARAMETER vendorIds Return device rules with the filtered vendor id. .EXAMPLE Get-S1DeviceControlEvents Returns the first 10 Device Control events on Windows and macOS endpoints with Device Control-enabled Agents that match the filter. .EXAMPLE Get-S1DeviceControlEvents -siteId 1234567890 Returns the first 10 Device Control events from the defined site for Windows and macOS endpoints with Device Control-enabled Agents that match the filter. .EXAMPLE 1234567890 | Get-S1DeviceControlEvents Returns the first 10 Device Control events from the defined site for Windows and macOS endpoints with Device Control-enabled Agents that match the filter. .EXAMPLE Get-S1DeviceControlEvents -eventTime__gt '2018-02-27T04:49:26.257525Z' Returns Device Control events that were created at after defined timestamp .EXAMPLE Get-S1DeviceControlEvents -cursor 'YWdlbnRfaWQ6NTgwMjkzODE=' Returns data after the first 10 results The cursor value can be found under pagination .NOTES As of 2022-11 The "access_permissions" parameter does not work [ "dict_values(['accessPermissions']): Unknown field" ] .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/DeviceControl/Get-S1DeviceControlEvents.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Not-Applicable', 'Read-Only', 'Read-Write' )] [String[]]$access_permissions, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$agentIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$countOnly, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$cursor, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceClasses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$eventIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$eventTime__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$eventTime__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$eventTime__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$eventTime__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$eventTime__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$eventTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Bluetooth', 'USB' )] [String[]]$interfaces, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, 1000)] [Int64]$limit, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$productIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$serviceClasses, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, 1000)] [Int64]$skip, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$skipCount, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'agentId', 'eventTime', 'eventType', 'id' )] [String]$sortBy, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'asc', 'desc' )] [String]$sortOrder, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$uids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$vendorIds ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' {$resource_uri = "/device-control/events"} } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable' $body = @{} ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){ if( $excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } try { $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } $data = @{} $data = $rest_output return $data } } function Get-S1DeviceControlRules { <# .SYNOPSIS Get the Device Control rules of a specified Account, Site, Group or Global (tenant) that match the filter. .DESCRIPTION The Get-S1DeviceControlRules cmdlet gets the Device Control rules of a specified Account, Site, Group or Global (tenant) that match the filter. .PARAMETER accessPermissions Access permission in. Allowed values: 'Not-Applicable', 'Read-Only', 'Read-Write' .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER actions Return device rules with the filtered action. Allowed values: 'Allow', 'Block' .PARAMETER bluetoothAddresses Return device rules with the filtered bluetooth addresses. .PARAMETER countOnly If true, only total number of items will be returned, without any of the actual objects. .PARAMETER createdAt__between Returns device rules created in the range of a start timestamp and an end timestamp. Example: "1514978764288-1514978999999" .PARAMETER createdAt__gt Returns adevice rules created after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__gte Returns device rules created after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lt Returns device rules created before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lte Returns device rules created before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER cursor Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=". .PARAMETER deviceClasses List of device classes to filter by. Example: "02h". .PARAMETER deviceInformationServiceInfoKeys Return device rules with the filtered device information service info keys. .PARAMETER deviceNames Return device rules with the filtered device names. .PARAMETER disablePagination If true, all rules for requested scope will be returned .PARAMETER gattServices Return device rules with the filtered GATT services. .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER interfaces Return device rules with the filtered interface. Allowed values: 'Bluetooth', 'USB' .PARAMETER limit Limit number of returned items (1-1000). Example: "10". .PARAMETER manufacturerNames Return device rules with the filtered manufacturer names. .PARAMETER minorClasses Return device rules with the filtered minor classes. .PARAMETER productIds Return device rules with the filtered product id. Example: "02". .PARAMETER query A free-text search term, will match applicable attributes. .PARAMETER ruleName Return device rules with the filtered rule name. .PARAMETER scopes Return only device rules in this scope. Allowed values: 'account', 'global', 'group', 'site' .PARAMETER serviceClasses Return device rules with the filtered service class. Example: "02". .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER skip Skip first number of items (0-1000). To iterate over more than 1000 items, use "cursor". Example: "150". .PARAMETER skipCount If true, total number of items will not be calculated, which speeds up execution time. .PARAMETER sortBy Sorts the returned results by a defined value Allowed values: 'action', 'deviceClass', 'id', 'interface', 'order', 'ruleName', 'status', 'version' .PARAMETER sortOrder Sort direction Allowed values: 'asc', 'desc' .PARAMETER tenant Indicates a tenant scope request .PARAMETER uids Return device rules with the filtered uId. .PARAMETER vendorIds Return device rules with the filtered vendor id. .PARAMETER versions Return device rules with the filtered versions. .EXAMPLE Get-S1DeviceControlRules Returns the first 10 Device Control rules of a specified Account, Site, Group or Global (tenant) that match the filter. .EXAMPLE Get-S1DeviceControlRules -siteId 1234567890 Returns the first 10 Device Control rules of a specified Account, Site, Group or Global (tenant) that match the filter. .EXAMPLE 1234567890 | Get-S1DeviceControlRules Returns the first Device Control rules of a specified Account, Site, Group or Global (tenant) that match the filter. .EXAMPLE Get-S1DeviceControlRules -createdAt__gt '2018-02-27T04:49:26.257525Z' Returns Device Control events that were created at after defined timestamp .EXAMPLE Get-S1DeviceControlRules -cursor 'YWdlbnRfaWQ6NTgwMjkzODE=' Returns data after the first 10 results The cursor value can be found under pagination .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/DeviceControl/Get-S1DeviceControlRules.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Not-Applicable', 'Read-Only', 'Read-Write' )] [String[]]$accessPermissions, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Allow', 'Block' )] [String[]]$actions, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$bluetoothAddresses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$countOnly, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$createdAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [DateTime]$createdAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [DateTime]$createdAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [DateTime]$createdAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [DateTime]$createdAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$cursor, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceClasses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceInformationServiceInfoKeys, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$deviceNames, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$disablePagination, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$gattServices, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'Bluetooth', 'USB' )] [String[]]$interfaces, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, 1000)] [Int64]$limit, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$manufacturerNames, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$minorClasses, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$productIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$ruleName, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'account', 'global', 'group', 'site' )] [String[]]$scopes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$serviceClasses, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, 1000)] [Int64]$skip, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$skipCount, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'action', 'deviceClass', 'id', 'interface', 'order', 'ruleName', 'status', 'version' )] [String]$sortBy, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'asc', 'desc' )] [String]$sortOrder, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$uids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$vendorIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$versions ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' {$resource_uri = "/device-control"} } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable' $body = @{} ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){ if( $excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } try { $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } $data = @{} $data = $rest_output return $data } } |