public/Get-VPASDiscoveredAccounts.ps1
|
<#
.Synopsis GET DISCOVERED ACCOUNTS CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET DISCOVERED ACCOUNTS IN THE PENDING SAFE LIST .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER PlatformType Limit the scope of accounts returned based on PlatformType Possible values: Windows Server Local, Windows Desktop Local, Windows Domain, Unix, Unix SSH Key, AWS, AWS Access Keys, Azure Password Management .PARAMETER Privileged Limit the scope of accounts returned based on Privileged status Possible values: true, false .PARAMETER Enabled Limit the scope of accounts returned based in account status Possible values: true, false .EXAMPLE $DiscoveredAccountsJSON = Get-VPASDiscoveredAccounts -SearchQuery {SEARCHQUERY VALUE} .OUTPUTS JSON Object (DiscoveredAccounts) if successful $false if failed #> function Get-VPASDiscoveredAccounts{ [OutputType([bool],'System.Collections.Hashtable')] [CmdletBinding()] Param( [Parameter(Mandatory=$true,ValueFromPipelineByPropertyName=$true,HelpMessage="Enter wildcard search to query for target Discovered Accounts",Position=0)] [String]$SearchQuery, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)] [ValidateSet('Windows Server Local','Windows Desktop Local','Windows Domain','Unix','Unix SSH Key','AWS','AWS Access Keys','Azure Password Management')] [String]$PlatformType, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)] [ValidateSet('true','false')] [String]$Privileged, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)] [ValidateSet('true','false')] [String]$Enabled, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ Write-Verbose "SUCCESSFULLY PARSED PVWA VALUE" Write-Verbose "SUCCESSFULLY PARSED TOKEN VALUE" Write-Verbose "SUCCESSFULLY PARSED SEARCHQUERY VALUE: $SearchQuery" try{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/DiscoveredAccounts?offset=0&limit=1000&search=$searchQuery" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/DiscoveredAccounts?offset=0&limit=1000&search=$searchQuery" } if(![String]::IsNullOrEmpty($PlatformType) -or ![String]::IsNullOrEmpty($Privileged) -or ![String]::IsNullOrEmpty($Enabled)){ $uri += "&filter=" $numparams = 0 if(![String]::IsNullOrEmpty($PlatformType)){ if($numparams -eq 0){ $uri += "platformType eq $PlatformType" $numparams += 1 } else{ $uri += " AND platformType eq $PlatformType" $numparams += 1 } } if(![String]::IsNullOrEmpty($Privileged)){ if($numparams -eq 0){ $uri += "privileged eq $Privileged" $numparams += 1 } else{ $uri += " AND privileged eq $Privileged" $numparams += 1 } } if(![String]::IsNullOrEmpty($Enabled)){ if($numparams -eq 0){ $uri += "accountEnabled eq $Enabled" $numparams += 1 } else{ $uri += "AND accountEnabled eq $Enabled" $numparams += 1 } } } $output = @{ count = 0 value = "" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output.count = $response.count $output.value = $response.value $nextlink = $response.nextLink while(![String]::IsNullOrEmpty($nextlink)){ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/$nextlink" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/$nextlink" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $newresponse = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $newresponse = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output.count = $newresponse.count $output.value += $newresponse.value $nextlink = $newresponse.nextLink } $result = $output $outputlog = $result | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURNARRAY Write-Verbose "RETURNING JSON OBJECT" return $result }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET DISCOVERED ACCOUNTS FOR SEARCHQUERY: $SearchQuery" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |