Functions/EventSecurity/Set-PASPTARemediation.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Function Set-PASPTARemediation {
    <#
    .SYNOPSIS
    Updates automatic remediation settings in PTA

    .DESCRIPTION
    Updates automatic remediation settings configured in PTA

    .PARAMETER changePassword_SuspectedCredentialsTheft
    Indicate if Change Password on Suspected Credential Theft the command is active

    .PARAMETER changePassword_OverPassTheHash
    Indicate if the Change Password on Over Pass The Hash command is active

    .PARAMETER reconcilePassword_SuspectedPasswordChange
    Indicate if the Reconcile Password on Suspected Password Change command is active

    .PARAMETER pendAccount_UnmanagedPrivilegedAccount
    Indicate if the Add Unmanaged Accounts to Pending Accounts command is active

    .PARAMETER sessionToken
    Hashtable containing the session token returned from New-PASSession

    .PARAMETER WebSession
    WebRequestSession object returned from New-PASSession

    .PARAMETER BaseURI
    PVWA Web Address
    Do not include "/PasswordVault/"

    .PARAMETER PVWAAppName
    The name of the CyberArk PVWA Virtual Directory.
    Defaults to PasswordVault

    .PARAMETER ExternalVersion
    The External CyberArk Version, returned automatically from the New-PASSession function from version 9.7 onwards.

    .EXAMPLE
    $token | Set-PASPTARemediation -changePassword_SuspectedCredentialsTheft $true

    Enables the "Change password on Suspected Credentials Theft" rule.
    .EXAMPLE
    $token | Set-PASPTARemediation -reconcilePassword_SuspectedPasswordChange $false

    Disables the "reconcile on suspected password change" rule.

    .NOTES
    Minimum Version CyberArk 10.4
    #>

    [CmdletBinding(SupportsShouldProcess)]
    param(
        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$changePassword_SuspectedCredentialsTheft,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$changePassword_OverPassTheHash,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$reconcilePassword_SuspectedPasswordChange,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$pendAccount_UnmanagedPrivilegedAccount,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateNotNullOrEmpty()]
        [hashtable]$sessionToken,

        [parameter(
            ValueFromPipelinebyPropertyName = $true
        )]
        [Microsoft.PowerShell.Commands.WebRequestSession]$WebSession,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$BaseURI,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$PVWAAppName = "PasswordVault",

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [System.Version]$ExternalVersion = "0.0"
    )

    BEGIN {

        $MinimumVersion = [System.Version]"10.4"

    }#begin

    PROCESS {

        Assert-VersionRequirement -ExternalVersion $ExternalVersion -RequiredVersion $MinimumVersion

        #Get all parameters that will be sent in the request
        $boundParameters = $PSBoundParameters | Get-PASParameter

        #Create URL for Request
        $URI = "$baseURI/$PVWAAppName/API/pta/API/Settings/AutomaticRemediations/"


        #Create body of request
        $body = $boundParameters | ConvertTo-Json

        if($PSCmdlet.ShouldProcess("PTA", "Update Automatic Remediation Config")) {

            #send request to PAS web service
            $result = Invoke-PASRestMethod -Uri $URI -Method PATCH -Body $Body -Headers $sessionToken -WebSession $WebSession

            if($result) {

                #Return Results
                $result.automaticRemediation | Add-ObjectDetail -typename "psPAS.CyberArk.Vault.PTA.Remediation" -PropertyToAdd @{

                    "sessionToken"    = $sessionToken
                    "WebSession"      = $WebSession
                    "BaseURI"         = $BaseURI
                    "PVWAAppName"     = $PVWAAppName
                    "ExternalVersion" = $ExternalVersion

                }

            }

        }

    }#process

    END {}#end

}