public/New-TNQuery.ps1
|
function New-TNQuery { <# .SYNOPSIS Creates new queries .DESCRIPTION Creates new queries .PARAMETER SessionObject Optional parameter to force using specific SessionObjects. By default, each command will connect to all connected servers that have been connected to using Connect-TNServer .PARAMETER Name The name of the target query .PARAMETER Description Description for Description .PARAMETER Type The type of query .PARAMETER AuthType Description for AuthType .PARAMETER Query The query object (from Get-Query) used to log into the target server. Specifies a user account that has permission to send the request. .PARAMETER QueryHash Description for QueryHash .PARAMETER PrivilegeEscalation Description for PrivilegeEscalation .PARAMETER EnableException By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with 'sea of red' exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this 'nice by default' feature off and enables you to catch exceptions with your own try/catch. .EXAMPLE PS C:\> $params = @{ Name = "Windows Scanner Account" Type = "windows" AuthType = "password" Query = "ad\nessus" } PS C:\> New-TNQuery @params -Verbose Creates a new Windows query for ad\nessus .EXAMPLE PS C:\> $params = @{ Name = "Linux Scanner Account" Type = "ssh" AuthType = "password" Query = "acasaccount" PrivilegeEscalation = "sudo" } PS C:\> New-TNQuery @params -Verbose Creates a new SSH query for acasaccount and sets the escalation type to sudo .EXAMPLE PS C:\> $credhash = @{ dbType = "SQL Server" SQLServerAuthType = "SQL" } PS C:\> $params = @{ Name = "SQL Server sqladmin" Type = "database" AuthType = "password" Query = "sqladmin" QueryHash = $credhash } PS C:\> New-TNQuery @params -Verbose Creates a new SQL Server query for SQL Login sqladmin .EXAMPLE PS C:\> $credhash = @{ dbType = "SQL Server" SQLServerAuthType = "Windows" } PS C:\> $params = @{ Name = "SQL Server sqladmin" Type = "database" AuthType = "password" Query = "ad\sqladmin" QueryHash = $credhash } PS C:\> New-TNQuery @params -Verbose Creates a new SQL Server query for Windows ad\sqladmin #> [CmdletBinding()] param ( [Parameter(ValueFromPipelineByPropertyName)] [object[]]$SessionObject = (Get-TNSession), [Parameter(ValueFromPipelineByPropertyName, Mandatory)] [string]$Name, [Parameter(ValueFromPipelineByPropertyName)] [string]$Description, [Parameter(ValueFromPipelineByPropertyName)] [ValidateSet("Vulnerability", "Alert", "All", "Lce", "Mobile", "Ticket", "User")] [string]$Type = "Vulnerability", [Parameter(ValueFromPipelineByPropertyName)] [string]$Tool = "sumid", [hashtable]$FilterHash, [ValidateSet("acceptRiskStatus", "asset", "assetID", "auditFile", "auditFileID", "baseCVSSScore", "benchmarkName", "cceID", "cpe", "cveID", "cvssV3BaseScore", "cvssV3Vector", "cvssVector", "dataFormat", "daysMitigated", "daysToMitigated", "dnsName", "exploitAvailable", "exploitFrameworks", "family", "familyID", "firstSeen", "iavmID", "ip", "lastMitigated", "lastSeen", "mitigatedStatus", "msbulletinID", "outputAssets", "patchPublished", "pluginID", "pluginModified", "pluginName", "pluginPublished", "pluginText", "pluginType", "policy", "policyID", "port", "protocol", "recastRiskStatus", "repository", "repositoryIDs", "responsibleUser", "responsibleUserIDs", "severity", "stigSeverity", "tcpport", "udpport", "uuid", "vprScore", "vulnPublished", "xref")] [string]$FilterName, [ValidateSet("=", "!=", "<=", ">=")] [string]$Operator, [string]$Value, [switch]$EnableException ) begin { if ($Type -notin "windows", "ssh" -and -not $PSBoundParameters.QueryHash) { Stop-PSFFunction -Message "You must specify a QueryHash when Type is $Type" return } if ($AuthType -eq "certificate" -and -not $PSBoundParameters.QueryHash) { Stop-PSFFunction -Message "You must specify a QueryHash when AuthType is $AuthType" return } switch ($Type) { "Vulnerability" { $querytype = "vuln" } default { $querytype = $Type.ToLower() } } } process { if (Test-PSFFunctionInterrupt) { return } foreach ($session in $SessionObject) { $PSDefaultParameterValues["*:SessionObject"] = $session if (-not $session.sc) { Stop-PSFFunction -EnableException:$EnableException -Message "Only tenable.sc supported" -Continue } <# "=", "!=", "<=", ">=" name : Hello There description : context : status : -1 createdTime : 0 modifiedTime : 0 groups : {} type : vuln tool : sumid sourceType : filters : {@{id=asset; filterName=asset; operator==; isPredefined=True; value=}} vulnTool : sumid "browseColumns" : <string> DEFAULT "", "browseSortColumn" : <string> DEFAULT "", "browseSortDirection" : <string> "ASC", "DESC" DEFAULT "ASC", #> # Note: sourceType will always be null. Current functionality doesn't accept sourceType parameter, and will always set it to default QUERY_NOT_TREND (null) if (-not $PSBoundParameters.QueryHash) { $body = @{ name = $Name description = $Description type = $querytype tool = $tooltype sourceType = $null filters = $filters vulnTool = "sumid" } } else { $body = $PSBoundParameters.QueryHash $body.Add("name", $Name) $body.Add("description", $Description) $body.Add("type", $Type) $body.Add("authType", $AuthType) if ($PSBoundParameters.Query) { if ($Type -eq "windows" -and $Query.UserName -match "\\") { $domain, $username = $Query.UserName -split "\\" $body.Add("domain", $domain) } else { $username = $Query.UserName } if ($Type -eq "ssh") { $body.Add("privilegeEscalation", $PrivilegeEscalation.ToLower()) } if ($Type -notin "database") { $body.Add("username", $username) } else { $body.Add("login", $username) } } $params = @{ SessionObject = $session Path = "/query" Method = "POST" Parameter = $body EnableException = $EnableException } Invoke-TNRequest @params | ConvertFrom-TNRestResponse } } } } |