PSSophos.psm1
#Region './Public/Add-SophosCommonDirectoryUser.ps1' -1 function Add-SophosCommonDirectoryUser { <# .SYNOPSIS Add a new directory user to sophos common directory .DESCRIPTION Add a new directory user to sophos common directory .PARAMETER Token JWt token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirstName User's first name .PARAMETER LastName User's last name .PARAMETER EmailAddress User's email address .PARAMETER GroupIds Add user to groups .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Add-SophosCommonDirectoryUser -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirstName "Bob" -LastName "Smith" -EmailAddress "bsmith@example.com" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FirstName, [Parameter(Mandatory=$true)] [string]$LastName, [Parameter(Mandatory=$false)] [ValidateScript({ if($_ -imatch '^(?:(?!.*?[.]{2})[a-zA-Z0-9](?:[a-zA-Z0-9.+!%-]{1,64}|)|\"[a-zA-Z0-9.+!% -]{1,64}\")@[a-zA-Z0-9][a-zA-Z0-9.-]+(.[a-z]{2,}|.[0-9]{1,})$') { return $true } else { throw "Invalid email address." } })] [string]$EmailAddress, [Parameter(Mandatory=$false)] [array]$GroupIds = @() ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type" = "application/json" } $RequestBody = @{ "name" = "$($FirstName) $($LastName)" "firstName" = "$FirstName" "lastName" = "$LastName" "email" = "$EmailAddress" "groupIds" = $GroupIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosCommonDirectoryUser.ps1' 102 #Region './Public/Add-SophosCommonDirectoryUserGroupUser.ps1' -1 function Add-SophosCommonDirectoryUserGroupUser { <# .SYNOPSIS Add multiple users to the specified common directory group .DESCRIPTION Add multiple users to the specified common directory group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target group ID .PARAMETER UserIds Array of user IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>$groups = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "MyGroup"} PS>$users = @((Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost).id) PS>Add-SophosCommonDirectoryUserGroupUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -UserIds $users #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Count -lt 1000) { return $true } else { throw "Must contain at most 1000 items. Total: $($_.Count)" } })] [array]$UserIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)/users" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type" = "application/json" } $RequestBody = @{ "ids" = $UserIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosCommonDirectoryUserGroupUser.ps1' 91 #Region './Public/Add-SophosCommonDirectoryUserToGroup.ps1' -1 function Add-SophosCommonDirectoryUserToGroup { <# .SYNOPSIS Add a user to multiple common directory groups .DESCRIPTION Add a user to multiple common directory groups .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target user id .PARAMETER GroupIds Array of group IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$users = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'User01'} PS>Add-SophosCommonDirectoryUserToGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id -GroupIds @('xxxx-xxxxx-xxxx-xxxxx','xxxxx-xxxxx-xxxxxxx-xxxxx') #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId, [Parameter(Mandatory=$true)] [ValidateSet({ if($_.count -lt 50) { return $true } else { throw "Request must contain at most 50 items. Total: $($_.count)" } })] [array]$GroupIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)/groups" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type" = "application/json" } $RequestBody = @{ "ids" = $GroupIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosCommonDirectoryUserToGroup.ps1' 89 #Region './Public/Add-SophosCommonRole.ps1' -1 function Add-SophosCommonRole { <# .SYNOPSIS Create a new tenant common role in sophos .DESCRIPTION Create a new tenant common role in sophos .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RoleName Name of the new role .PARAMETER RolePrincipalType Type of the new role .PARAMETER RolePermissionSets Array of Permission sets of the new role .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$Roles = @( "central_admin" "endpoint_product_admin" ) PS>Add-SophosCommonRole -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RoleName "Admin" -RolePrincipalType "user" -RolePermissionSets $roles #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RoleName, [Parameter(Mandatory=$true)] [ValidateSet("user","service")] [string]$RolePrincipalType, [Parameter(Mandatory=$true)] [array]$RolePermissionSets ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/roles" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = $RoleName "principalType" = $RolePrincipalType "permissionSets" = $RolePermissionSets } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosCommonRole.ps1' 92 #Region './Public/Add-SophosEmailMgmtQuarantineMessageAttachment.ps1' -1 function Add-SophosEmailMgmtQuarantineMessageAttachment { <# .SYNOPSIS Reattach one or more attachments to the message attachment .DESCRIPTION Reattach one or more attachments to the message attachment .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .PARAMETER AttachmentIds Array of attachment IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Add-SophosEmailMgmtQuarantineMessageAttachments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxxx-xxxx-xxxx-xxxx" -AttachmentIds @("xxxx-xxxxxx-xxxxx-xxxx","xxxx-xxxxxxx-xxxxxxx-xxxxxxx") #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId, [Parameter(Mandatory=$false)] [array]$AttachmentIds = @() ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/attachments/reattach" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "attachments" = $AttachmentIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosEmailMgmtQuarantineMessageAttachment.ps1' 79 #Region './Public/Add-SophosEndpointSoftwareStaticPackageById.ps1' -1 function Add-SophosEndpointSoftwareStaticPackageById { <# .SYNOPSIS Add a special package by token, supplied by Sophos support. This is a one-way operation .DESCRIPTION Add a special package by token, supplied by Sophos support. This is a one-way operation .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PackageId Target package ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Add-SophosEndpointSoftwareStaticPackageById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PackageId "<Token from Sophos>" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PackageId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/packages/static/$($PackageId)/add" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosEndpointSoftwareStaticPackageById.ps1' 71 #Region './Public/Add-SophosEndpointToGroup.ps1' -1 function Add-SophosEndpointToGroup { <# .SYNOPSIS Add endpoints to group. Must add via list of IDs. .DESCRIPTION Add endpoints to group. Must add via list of IDs. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId ID of the target Group .PARAMETER EndpointId Array of endpoint ids .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -ieq "MyGroup"} PS>$endpoints = @((Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -like "PC0*"}).id) PS>Add-SophosEndpointToGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -EndpointId $endpoints #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [ValidateScript({ if($($_ | Get-Unique).count -lt 1000) { return $true } else { thow "Total items must be lower than 1000." } })] [array]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups/$($GroupId)/endpoints" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "ids" = $EndpointId } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Add-SophosEndpointToGroup.ps1' 89 #Region './Public/Approve-SophosEmailMgmtPostDeliveryQuarantineMessageRelease.ps1' -1 function Approve-SophosEmailMgmtPostDeliveryQuarantineMessageRelease { <# .SYNOPSIS Queue one or more messages from post-delivery quarantine for release .DESCRIPTION Queue one or more messages from post-delivery quarantine for release .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailIds Array of email IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Approve-SophosEmailMgmtPostDeliveryQuarantineMessageRelease -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailIds @("xxxx-xxxx-xxxxx-xxxx","xxxx-xxxxx-xxxxxxx-xxxxxx") #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$EmailIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/delete" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "items" = $EmailIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Approve-SophosEmailMgmtPostDeliveryQuarantineMessageRelease.ps1' 74 #Region './Public/Approve-SophosEmailMgmtQuarantineMessageRelease.ps1' -1 function Approve-SophosEmailMgmtQuarantineMessageRelease { <# .SYNOPSIS Queue one or more messages from quarantine for release .DESCRIPTION Queue one or more messages from quarantine for release .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Approve-SophosEmailMgmtQuarantineMessageRelease -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxx-xxxx-xxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/release" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "items" = @( @{ "id" = "$EmailId" } ) } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Approve-SophosEmailMgmtQuarantineMessageRelease.ps1' 78 #Region './Public/Approve-SophosFirewallManagement.ps1' -1 function Approve-SophosFirewallManagement { <# .SYNOPSIS Action you want to do to a managed firewall .DESCRIPTION Action you want to do to a managed firewall .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirewallId Target firewall ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Approve-SophosFirewallManagement -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirewallId "xxxxx-xxxxxx-xxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FirewallId ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewalls/$($FirewallId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "action" = "approveManagement" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Approve-SophosFirewallManagement.ps1' 74 #Region './Public/Copy-SophosEndpointPolicy.ps1' -1 function Copy-SophosEndpointPolicy { <# .SYNOPSIS Clone a policy with settings and target users or computers .DESCRIPTION Clone a policy with settings and target users or computers .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Policy ID .PARAMETER NewPolicyName New name for the cloned policy .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Copy-SophosEndpointPolicy -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -NewPolicyName "MyNewPolicy" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId, [Parameter(Mandatory=$true)] [string]$NewPolicyName ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)/clone" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$NewPolicyName" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Copy-SophosEndpointPolicy.ps1' 79 #Region './Public/Copy-SophosEndpointPolicyType.ps1' -1 function Copy-SophosEndpointPolicyType { <# .SYNOPSIS Clone a new policy from the base policy for a policy type .DESCRIPTION Clone a new policy from the base policy for a policy type .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy Type .PARAMETER NewPolicyName Name of the new policy .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Copy-SophosEndpointPolicyType -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyType "threat-protection" -NewPolicyName "NewPolicy" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType, [Parameter(Mandatory=$true)] [string]$NewPolicyName ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/policies/$($PolicyType)/base/clone" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$NewPolicyName" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Copy-SophosEndpointPolicyType.ps1' 80 #Region './Public/Disable-SophosEndpointTamperProtection.ps1' -1 function Disable-SophosEndpointTamperProtection { <# .SYNOPSIS Disables tamper protection on target endpoint and reset tamper password .DESCRIPTION Disables tamper protection on target endpoint and reset tamper password .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of the tenant .PARAMETER EndpointId Target endpoint ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Disable-SophosEndpointTamperProtection -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $endpoint.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/tamper-protection" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "enabled" = $false "regeneratePassword" = $true } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|ConvertTo-Json) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Disable-SophosEndpointTamperProtection.ps1' 76 #Region './Public/Enable-SophosEndpointTamperProtection.ps1' -1 function Enable-SophosEndpointTamperProtection { <# .SYNOPSIS Enables tamper protection on target endpoint and reset tamper password .DESCRIPTION Enables tamper protection on target endpoint and reset tamper password .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of the tenant .PARAMETER EndpointId Target endpoint ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Enable-SophosEndpointTamperProtection -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $endpoint.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/tamper-protection" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type" = "application/json" } $RequestBody = @{ "enabled" = $true "regeneratePassword"= $true } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody | convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Enable-SophosEndpointTamperProtection.ps1' 75 #Region './Public/Get-SophosAccessToken.ps1' -1 function Get-SophosAccessToken{ <# .SYNOPSIS Get JWT token to use with other calls .DESCRIPTION Get JWT token to use with other calls .PARAMETER Credential PSCredential using the clientId and clientSecret .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> Get-SophosAccessToken -Credential $Credential #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [pscredential]$Credential ) $Url = "https://id.sophos.com/api/v2/oauth2/token" $headers = @{ 'Content' = 'application/x-www-form-urlencoded' } $Body = "grant_type=client_credentials&client_id=$($Credential.UserName)&client_secret=$($Credential.GetNetworkCredential().Password)&scope=token" try{ $Response = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri "$Url" -Headers $($headers) -Body $Body if($Response.errorCode -ieq 'success') { return [pscustomobject]@{ Token = $Response.access_token Success = $true } } } catch{ return [pscustomobject] @{ Success = $false Error = $_.Exception.Message } } } #EndRegion './Public/Get-SophosAccessToken.ps1' 48 #Region './Public/Get-SophosAccountMgmtAccessToken.ps1' -1 function Get-SophosAccountMgmtAccessToken { <# .SYNOPSIS Get tenant access tokens to pass to the other calls .DESCRIPTION Get tenant access tokens to pass to the other calls .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS> $partnerId = Get-SophosPartnerId -Token $token PS> $tenant = Get-SophosPartnerTenants -PartnerId $partnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS> Get-SophosAccountMgmtAccessTokens -Token $token -TenantId $tenant.Id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/accounts/v1/access-tokens?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/accounts/v1/access-tokens?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosAccountMgmtAccessToken.ps1' 79 #Region './Public/Get-SophosCommonAdmin.ps1' -1 function Get-SophosCommonAdmin { <# .SYNOPSIS List all administrator user from tenants .DESCRIPTION List all administrator user from tenants .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API hsot location URl of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/admins?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/admins?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonAdmin.ps1' 80 #Region './Public/Get-SophosCommonAdminById.ps1' -1 function Get-SophosCommonAdminById { <# .SYNOPSIS Get tenant admin details by ID .DESCRIPTION Get tenant admin details by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of the tenant .PARAMETER AdminId Target Admin ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Admin"} PS>Get-SophosCommonAdminById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId admin.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AdminId ) begin { $Url = "$($ApiHost)/common/v1/admins/$($AdminId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonAdminById.ps1' 72 #Region './Public/Get-SophosCommonAdminRoleAssignment.ps1' -1 function Get-SophosCommonAdminRoleAssignment { <# .SYNOPSIS Get the list of role assignments for given admin .DESCRIPTION Get the list of role assignments for given admin .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AdminId Target admin ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Admin"} PS>Get-SophosCommonAdminRoleAssignments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId $admin.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AdminId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/admins/$($AdminId)/role-assignments?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/admins/$($AdminId)/role-assignments?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonAdminRoleAssignment.ps1' 86 #Region './Public/Get-SophosCommonAdminRoleAssignmentById.ps1' -1 function Get-SophosCommonAdminRoleAssignmentById { <# .SYNOPSIS Get tenant admin role assignment by ID .DESCRIPTION Get tenant admin role assignment by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AdminId Admin ID .PARAMETER AssignmentId Assignment ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Admin"} PS>$role = Get-SophosCommonAdminRoleAssignments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId $admin.id | select-object -first 1 PS>Get-SophosCommonAdminRoleAssignmentById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId $admin.id -AssignmentId $role.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AdminId, [Parameter(Mandatory=$true)] [string]$AssignmentId ) begin { $Url = "$($ApiHost)/common/v1/admins/$($AdminId)/role-assignments/$($AssignmentId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonAdminRoleAssignmentById.ps1' 77 #Region './Public/Get-SophosCommonAlert.ps1' -1 function Get-SophosCommonAlert { <# .SYNOPSIS Get alerts matching criteria in query parameters .DESCRIPTION Get alerts matching criteria in query parameters .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/alerts?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/alerts?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonAlert.ps1' 80 #Region './Public/Get-SophosCommonAlertById.ps1' -1 function Get-SophosCommonAlertById { <# .SYNOPSIS Get details of a specific alert .DESCRIPTION Get details of a specific alert .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AlertId Alert ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>Get-SophosCommonAlertById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AlertId $alert.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AlertId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/alerts/$($AlertId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonAlertById.ps1' 74 #Region './Public/Get-SophosCommonDirectoryUser.ps1' -1 function Get-SophosCommonDirectoryUser { <# .SYNOPSIS List users in the directory .DESCRIPTION List users in the directory .PARAMETER Token JWt token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/directory/users?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonDirectoryUser.ps1' 80 #Region './Public/Get-SophosCommonDirectoryUserBelongsToGroup.ps1' -1 function Get-SophosCommonDirectoryUserBelongsToGroup { <# .SYNOPSIS List groups that a user belongs to .DESCRIPTION List groups that a user belongs to .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hoat location URL of the tenant .PARAMETER UserId Target user ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$user = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'MyUser'} PS>Get-SophosCommonDirectoryUserBelongsToGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)/groups?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/directory/users/$($UserId)/groups?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonDirectoryUserBelongsToGroup.ps1' 86 #Region './Public/Get-SophosCommonDirectoryUserById.ps1' -1 function Get-SophosCommonDirectoryUserById { <# .SYNOPSIS Get directory user by ID .DESCRIPTION Get directory user by ID .PARAMETER Token JWt token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target user ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$user = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'User01'} PS>Get-SophosCommonDirectoryUserById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonDirectoryUserById.ps1' 74 #Region './Public/Get-SophosCommonDirectoryUserGroup.ps1' -1 function Get-SophosCommonDirectoryUserGroup { <# .SYNOPSIS List groups in the directory. .DESCRIPTION List groups in the directory. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location uRL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/directory/user-groups?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonDirectoryUserGroup.ps1' 79 #Region './Public/Get-SophosCommonDirectoryUserGroupById.ps1' -1 function Get-SophosCommonDirectoryUserGroupById { <# .SYNOPSIS Get group by ID .DESCRIPTION Get group by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target group ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$groups = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost PS>$groups | foreach-object { Get-SophosCommonDirectoryUserGroupById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $_.id} #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonDirectoryUserGroupById.ps1' 73 #Region './Public/Get-SophosCommonDirectoryUserGroupUser.ps1' -1 function Get-SophosCommonDirectoryUserGroupUser { <# .SYNOPSIS List users in the specified group .DESCRIPTION List users in the specified group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target Group ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyGroup"} PS>Get-SophosCommonDirectoryUserGroupUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)/users?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)/users?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonDirectoryUserGroupUser.ps1' 86 #Region './Public/Get-SophosCommonRole.ps1' -1 function Get-SophosCommonRole { <# .SYNOPSIS List all tenant roles .DESCRIPTION List all tenant roles .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosCommonRoles -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/roles?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/roles?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonRole.ps1' 80 #Region './Public/Get-SophosCommonRoleById.ps1' -1 function Get-SophosCommonRoleById { <# .SYNOPSIS Get Tenant Role by ID .DESCRIPTION Get Tenant Role by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hsot location URL of the tenant .PARAMETER RoleId Target role ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$role = Get-SophosCommonRoles -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'MyRole'} PS>Get-SophosCommonRoleById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RoleId $role.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RoleId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/roles/$($RoleId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonRoleById.ps1' 73 #Region './Public/Get-SophosCommonRolesPermissionSet.ps1' -1 function Get-SophosCommonRolesPermissionSet { <# .SYNOPSIS Get permission set details .DESCRIPTION Get permission set details .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hostlocation URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosCommonRolesPermissionSets -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/roles/permission-sets?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/common/v1/roles/permission-sets?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosCommonRolesPermissionSet.ps1' 80 #Region './Public/Get-SophosEmailMgmtPostDeliveryQuarantineDownloadJob.ps1' -1 function Get-SophosEmailMgmtPostDeliveryQuarantineDownloadJob { <# .SYNOPSIS Get status of a download job .DESCRIPTION Get status of a download job .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER DownloadId Target Download ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEmailMgmtPostDeliveryQuarantineDownloadJob -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -DownloadId "xxxxx-xxxxxx-xxxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$DownloadId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/downloads/$($DownloadId)/status" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEmailMgmtPostDeliveryQuarantineDownloadJob.ps1' 72 #Region './Public/Get-SophosEmailMgmtPostDeliveryQuarantineMessageAttachment.ps1' -1 function Get-SophosEmailMgmtPostDeliveryQuarantineMessageAttachment { <# .SYNOPSIS Get all attachments of a post-delivery quarantined message .DESCRIPTION Get all attachments of a post-delivery quarantined message .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hsot location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEmailMgmtPostDeliveryQuarantineMessageAttachments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxxxxx-xxxxxxxxxxxxxx-xxxxxxxxxxxxx-xxxxxxxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/$($EmailId)/attachments?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/$($EmailId)/attachments?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEmailMgmtPostDeliveryQuarantineMessageAttachment.ps1' 85 #Region './Public/Get-SophosEmailMgmtPostDeliveryQuarantineMessagePreview.ps1' -1 function Get-SophosEmailMgmtPostDeliveryQuarantineMessagePreview { <# .SYNOPSIS Preview a message in quarantine .DESCRIPTION Preview a message in quarantine .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEmailMgmtPostDeliveryQuarantineMessagePreview -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxx-xxxxx-xxxxxx-xxxxxx-" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/$($EmailId)/preview" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEmailMgmtPostDeliveryQuarantineMessagePreview.ps1' 74 #Region './Public/Get-SophosEmailMgmtQuarantineDownloadJobStatus.ps1' -1 function Get-SophosEmailMgmtQuarantineDownloadJobStatus{ <# .SYNOPSIS Get status of a download job .DESCRIPTION Get status of a download job .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER DownloadJobId Target job ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEmailMgmtQuarantineDownloadJobStatus -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -DownloadJobId "xxxx-xxxxxx-xxxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$DownloadJobId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/downloads/$($DownloadJobId)/status" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEmailMgmtQuarantineDownloadJobStatus.ps1' 72 #Region './Public/Get-SophosEmailMgmtQuarantineMessageAttachment.ps1' -1 function Get-SophosEmailMgmtQuarantineMessageAttachment { <# .SYNOPSIS Get all attachments of a quaratined message .DESCRIPTION Get all attachments of a quaratined message .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEmailMgmtQuarantineMessageAttachments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxx-xxxxx-xxxxx-xxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/attachments?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/attachments?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEmailMgmtQuarantineMessageAttachment.ps1' 85 #Region './Public/Get-SophosEmailMgmtQuarantineMessageUrl.ps1' -1 function Get-SophosEmailMgmtQuarantineMessageUrl { <# .SYNOPSIS Get all URLs found in body of a quarantined message .DESCRIPTION Get all URLs found in body of a quarantined message .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEmailMgmtQuarantineMessageUrls -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxx-xxxxx-xxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/urls?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/urls?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEmailMgmtQuarantineMessageUrl.ps1' 85 #Region './Public/Get-SophosEndpoint.ps1' -1 function Get-SophosEndpoint { <# .SYNOPSIS Get all endpoints on the target tenant .DESCRIPTION Get all endpoints on the target tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x ++ $Url2 = "$($ApiHost)/endpoint/v1/endpoints?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpoint.ps1' 78 #Region './Public/Get-SophosEndpointBlockedItemById.ps1' -1 function Get-SophosEndpointBlockedItemById { <# .SYNOPSIS Get a blocked item by ID .DESCRIPTION Get a blocked item by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hostlocation URL of the tenant .PARAMETER BlockedItemId Target blocked item ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$item = Get-SophosEndpointsBlockedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Properties.Name -eiq 'file.exe'} PS>Get-SophosEndpointBlockedItemById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -BlockedItemId $item.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$BlockedItemId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/blocked-items/$($BlockedItemId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointBlockedItemById.ps1' 75 #Region './Public/Get-SophosEndpointById.ps1' -1 function Get-SophosEndpointById { <# .SYNOPSIS Get sophos endpoint by ID .DESCRIPTION Get sophos endpoint by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointId ID of the target endpoint .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Get-SophosEndpointById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $endpoint.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointById.ps1' 74 #Region './Public/Get-SophosEndpointEventJournalSetting.ps1' -1 function Get-SophosEndpointEventJournalSetting { <# .SYNOPSIS Get all event journal settings .DESCRIPTION Get all event journal settings .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointType Eendpoint type .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointEventJournalSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointType "server" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateSet("computer","server")] [string]$EndpointType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/event-journal/$($EndpointType)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointEventJournalSetting.ps1' 75 #Region './Public/Get-SophosEndpointExploitMitigationCategory.ps1' -1 function Get-SophosEndpointExploitMitigationCategory { <# .SYNOPSIS Get Exploit Mitigation categories .DESCRIPTION Get Exploit Mitigation categories .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointExploitMitigationCategories -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/categories?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/categories?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointExploitMitigationCategory.ps1' 79 #Region './Public/Get-SophosEndpointExploitMitigationDetection.ps1' -1 function Get-SophosEndpointExploitMitigationDetection { <# .SYNOPSIS Get detected exploits and the number of each detected exploit .DESCRIPTION Get detected exploits and the number of each detected exploit .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointExploitMitigationDetections -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/detected-exploits?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/detected-exploits?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointExploitMitigationDetection.ps1' 80 #Region './Public/Get-SophosEndpointExploitMitigationDetectionsById.ps1' -1 function Get-SophosEndpointExploitMitigationDetectionsById { <# .SYNOPSIS Get a detected exploit by ID .DESCRIPTION Get a detected exploit by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER DetectionId Target detection ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$detection = Get-SophosEndpointExploitMitigationDetections -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointExploitMitigationDetectionsById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -DetectionId $detection.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$DetectionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/detected-exploits/$($DetectionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointExploitMitigationDetectionsById.ps1' 72 #Region './Public/Get-SophosEndpointExploitMitigationExclusion.ps1' -1 function Get-SophosEndpointExploitMitigationExclusion { <# .SYNOPSIS Get Exploit Mitigation settings for all protected applications .DESCRIPTION Get Exploit Mitigation settings for all protected applications .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/applications?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/applications?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointExploitMitigationExclusion.ps1' 77 #Region './Public/Get-SophosEndpointExploitMitigationExclusionById.ps1' -1 function Get-SophosEndpointExploitMitigationExclusionById { <# .SYNOPSIS Get Exploit Mitigation settings for an application .DESCRIPTION Get Exploit Mitigation settings for an application .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER MitigationId Target Mitigation ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$mitigation = Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointExploitMitigationExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -MitigationId $mitigation.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$MitigationId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/exploit-mitigation/$($MitigationId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointExploitMitigationExclusionById.ps1' 72 #Region './Public/Get-SophosEndpointGlobalTamperProtectionStatus.ps1' -1 function Get-SophosEndpointGlobalTamperProtectionStatus { <# .SYNOPSIS Get whether tamper protection id turned on globally .DESCRIPTION Get whether tamper protection id turned on globally .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hsot location URl of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointGlobalTamperProtectionStatus -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/tamper-protection" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointGlobalTamperProtectionStatus.ps1' 66 #Region './Public/Get-SophosEndpointGroup.ps1' -1 function Get-SophosEndpointGroup { <# .SYNOPSIS Get enpoint groups on target tenant .DESCRIPTION Get enpoint groups on target tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/endpoint-groups?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointGroup.ps1' 76 #Region './Public/Get-SophosEndpointGroupById.ps1' -1 function Get-SophosEndpointGroupById { <# .SYNOPSIS Get group information .DESCRIPTION Get group information .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Id of the target group .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -ieq "MyGroup"} PS>Get-SophosEndpointGroupById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointGroupById.ps1' 71 #Region './Public/Get-SophosEndpointGroupsByType.ps1' -1 function Get-SophosEndpointGroupsByType { <# .SYNOPSIS Get all groups of specific type .DESCRIPTION Get all groups of specific type .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupType Type of groups to query .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointGroupsByType -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupType "server" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("computer","server")] [string]$GroupType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups/types/$($GroupType)?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/endpoint-groups/types/$($GroupType)?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointGroupsByType.ps1' 82 #Region './Public/Get-SophosEndpointInGroup.ps1' -1 function Get-SophosEndpointInGroup { <# .SYNOPSIS Get all endpoints in the target group .DESCRIPTION Get all endpoints in the target group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host locatin URL of the tenant .PARAMETER GroupId ID of the target Group .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -ieq "MyGroup"} PS>Get-SophosEndpointInGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups/$($GroupId)/endpoints?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/endpoint-groups/$($GroupId)/endpoints?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointInGroup.ps1' 82 #Region './Public/Get-SophosEndpointIntrusionPreventionExclusion.ps1' -1 function Get-SophosEndpointIntrusionPreventionExclusion { <# .SYNOPSIS Get all Intrusion Prevention exclusions .DESCRIPTION Get all Intrusion Prevention exclusions .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointIntrusionPreventionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/intrusion-prevention?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/exclusions/intrusion-prevention?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointIntrusionPreventionExclusion.ps1' 77 #Region './Public/Get-SophosEndpointIntrusionPreventionExclusionById.ps1' -1 function Get-SophosEndpointIntrusionPreventionExclusionById { <# .SYNOPSIS Get an intrusion prevention exclusion by ID .DESCRIPTION Get an intrusion prevention exclusion by ID .PARAMETER Token JWT token from oauth ID .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionId Target exclusion ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusion = Get-SophosEndpointIntrusionPreventionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointIntrusionPreventionExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusion.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/intrusion-prevention/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointIntrusionPreventionExclusionById.ps1' 72 #Region './Public/Get-SophosEndpointIsolationExclusion.ps1' -1 function Get-SophosEndpointIsolationExclusion { <# .SYNOPSIS Get all isolation exclusions .DESCRIPTION Get all isolation exclusions .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hostl ocation URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointIsolationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/isolation?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/exclusions/isolation?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointIsolationExclusion.ps1' 77 #Region './Public/Get-SophosEndpointIsolationExclusionById.ps1' -1 function Get-SophosEndpointIsolationExclusionById { <# .SYNOPSIS Get a single isolation exclusion by ID .DESCRIPTION Get a single isolation exclusion by ID .PARAMETER Token JWT token from aouth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionId Target exclusion ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointIsolationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointIsolationExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusdionId $exlcusions.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/isolation/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointIsolationExclusionById.ps1' 72 #Region './Public/Get-SophosEndpointIsolationSetting.ps1' -1 function Get-SophosEndpointIsolationSetting { <# .SYNOPSIS Get endpoints isolation settings .DESCRIPTION Get endpoints isolation settings .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointId target endpoint ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Get-SophosEndpointIsolationSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $endpoint.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/isolation" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointIsolationSetting.ps1' 71 #Region './Public/Get-SophosEndpointMigration.ps1' -1 function Get-SophosEndpointMigration { <# .SYNOPSIS Get all endpoint migrations .DESCRIPTION Get all endpoint migrations .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointMigrations -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/migrations?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/migrations?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointMigration.ps1' 76 #Region './Public/Get-SophosEndpointMigrationJob.ps1' -1 function Get-SophosEndpointMigrationJob { <# .SYNOPSIS Get Migration job status .DESCRIPTION Get Migration job status .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER MigrationJobId Target migration job ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>$migrationJob = Get-SophosEndpointMigrations -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq 'xxx-xxx-xxx-xxxx'} PS>Get-SophosEndpointMigrationJob -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -MigrationJobId $migrationJob.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$MigrationJobId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/migrations/$($MigrationJobId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointMigrationJob.ps1' 73 #Region './Public/Get-SophosEndpointMigrationStatus.ps1' -1 function Get-SophosEndpointMigrationStatus { <# .SYNOPSIS Get migration status .DESCRIPTION Get migration status .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER MigrationJobId Migration ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$migration = Get-SophosEndpointMigrations -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq 'bbc35a7e-860b-43bc-b668-d48b57cb38ed'} PS>Get-SophosEndpointMigrationStatus -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $enpoint.id -MigrationJobId $migration.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$MigrationJobId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/migrations/$($MigrationJobId)/endpoints?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/migrations/$($MigrationJobId)/endpoints?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointMigrationStatus.ps1' 83 #Region './Public/Get-SophosEndpointPeripheral.ps1' -1 function Get-SophosEndpointPeripheral { <# .SYNOPSIS Get all peripherals .DESCRIPTION Get all peripherals .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointPeripherals -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/peripheral-control/peripherals?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/peripheral-control/peripherals?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPeripheral.ps1' 77 #Region './Public/Get-SophosEndpointPeripheralsById.ps1' -1 function Get-SophosEndpointPeripheralsById { <# .SYNOPSIS Get peripheral by ID .DESCRIPTION Get peripheral by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PeripheralId Target peripheral ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$periph = PS>Get-SophosEndpointPeripherals -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointPeripheralsById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PeirpheralId $periph.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PeripheralId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/peripheral-control/peripherals/$($PeripheralId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPeripheralsById.ps1' 72 #Region './Public/Get-SophosEndpointPoliciesSetting.ps1' -1 function Get-SophosEndpointPoliciesSetting { <# .SYNOPSIS Get policy setttings .DESCRIPTION Get policy setttings .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointPoliciesSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/settings" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPoliciesSetting.ps1' 65 #Region './Public/Get-SophosEndpointPolicy.ps1' -1 function Get-SophosEndpointPolicy { <# .SYNOPSIS Get policies of a tenant .DESCRIPTION Get policies of a tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/policies?pageTotal=true" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/policies?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicy.ps1' 77 #Region './Public/Get-SophosEndpointPolicyById.ps1' -1 function Get-SophosEndpointPolicyById { <# .SYNOPSIS Get policy details .DESCRIPTION Get policy details .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Policy ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Get-SophosEndpointPolicyById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId ) begin { $Url = "$($ApiHost)/endpoint/v1/policies/$($PolicyId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicyById.ps1' 70 #Region './Public/Get-SophosEndpointPolicySetting.ps1' -1 function Get-SophosEndpointPolicySetting { <# .SYNOPSIS Get policy settings .DESCRIPTION Get policy settings .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Policy ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Get-SophosEndpointPolicySettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)/settings" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicySetting.ps1' 72 #Region './Public/Get-SophosEndpointPolicySettingsKey.ps1' -1 function Get-SophosEndpointPolicySettingsKey { <# .SYNOPSIS Get the value of a setting key in a policy .DESCRIPTION Get the value of a setting key in a policy .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Target policy ID .PARAMETER SettingKey Policy Setting Key .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Get-SophosEndpointPolicySettingsKey -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -SettingKey "endpoint.device-encryption.encrypt-non-boot-volumes" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId, [Parameter(Mandatory=$true)] [string]$SettingKey ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)/settings/$($SettingKey)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicySettingsKey.ps1' 77 #Region './Public/Get-SophosEndpointPolicyType.ps1' -1 function Get-SophosEndpointPolicyType { <# .SYNOPSIS Get base policy for a policy type .DESCRIPTION Get base policy for a policy type .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy type .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Get-SophosEndpointPolicyType -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -PolicyType "threat-protection" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateSet( "threat-protection", "peripheral-control", "application-control", "data-loss-prevention", "device-encryption", "web-control", "agent-updating", "windows-firewall", "server-threat-protection", "server-peripheral-control", "server-application-control", "server-web-control", "server-lockdown", "server-data-loss-prevention", "server-agent-updating", "server-windows-firewall", "server-file-integrity-monitoring" )] [string]$PolicyType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicyType.ps1' 91 #Region './Public/Get-SophosEndpointPolicyTypeSetting.ps1' -1 function Get-SophosEndpointPolicyTypeSetting { <# .SYNOPSIS Get settings of the base policy for a policy type .DESCRIPTION Get settings of the base policy for a policy type .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy Type .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Get-SophosEndpointPolicyTypeSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base/settings" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicyTypeSetting.ps1' 73 #Region './Public/Get-SophosEndpointPolicyTypeSettingsKey.ps1' -1 function Get-SophosEndpointPolicyTypeSettingsKey { <# .SYNOPSIS Get the value of a setting in the base policy for a policy type .DESCRIPTION Get the value of a setting in the base policy for a policy type .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy Type .PARAMETER SettingKey Setting Key .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS> Get-SophosEndpointPolicyTypeSettingsKey -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyType "threat-protection" -SettingKey "endpoint.device-encryption.encrypt-non-boot-volumes" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType, [Parameter(Mandatory=$true)] [string]$SettingKey ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base/settings/$($SettingKey)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointPolicyTypeSettingsKey.ps1' 78 #Region './Public/Get-SophosEndpointsAllowedItem.ps1' -1 function Get-SophosEndpointsAllowedItem { <# .SYNOPSIS Get all allowed items .DESCRIPTION Get all allowed items .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointsAllowedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/allowed-items?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/allowed-items?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointsAllowedItem.ps1' 77 #Region './Public/Get-SophosEndpointsAllowedItemById.ps1' -1 function Get-SophosEndpointsAllowedItemById { <# .SYNOPSIS Get an allowed item by ID. .DESCRIPTION Get an allowed item by ID. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AllowedItemId target Allowed item ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$item = Get-SophosEndpointsAllowedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Properties.Name -eiq 'file.exe'} PS>Get-SophosEndpointsAllowedItemById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AllowedItemId $item.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AllowedItemId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/allowed-items/$($AllowedItemId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointsAllowedItemById.ps1' 72 #Region './Public/Get-SophosEndpointsBlockedItem.ps1' -1 function Get-SophosEndpointsBlockedItem { <# .SYNOPSIS Get all blocked Items .DESCRIPTION Get all blocked Items .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointsBlockedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/blocked-items?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/allowed-items?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointsBlockedItem.ps1' 77 #Region './Public/Get-SophosEndpointScanningExclusion.ps1' -1 function Get-SophosEndpointScanningExclusion { <# .SYNOPSIS Get all scanning exclusions .DESCRIPTION Get all scanning exclusions .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointScanningExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/scanning?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/exclusions/scanning?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointScanningExclusion.ps1' 77 #Region './Public/Get-SophosEndpointScanningExclusionById.ps1' -1 function Get-SophosEndpointScanningExclusionById { <# .SYNOPSIS Get a scanning exclusion by ID. .DESCRIPTION Get a scanning exclusion by ID. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionId Target exclusion ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointScanningExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointScanningExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exlcusions.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/scanning/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointScanningExclusionById.ps1' 72 #Region './Public/Get-SophosEndpointSoftwareComment.ps1' -1 function Get-SophosEndpointSoftwareComment { <# .SYNOPSIS Get all comments .DESCRIPTION Get all comments .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointSoftwareComments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/comments?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/software/comments?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointSoftwareComment.ps1' 77 #Region './Public/Get-SophosEndpointSoftwareCommentById.ps1' -1 function Get-SophosEndpointSoftwareCommentById { <# .SYNOPSIS Get the static package comment .DESCRIPTION Get the static package comment .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of the tenant .PARAMETER PackageId Target package ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$pack = Get-SophosEndpointSoftwareStaticPackages -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "MyPackage"} PS>Get-SophosEndpointSoftwareCommentById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PackageId $pack.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PackageId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/comments/$($PackageId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointSoftwareCommentById.ps1' 72 #Region './Public/Get-SophosEndpointSoftwareRecommendedPackage.ps1' -1 function Get-SophosEndpointSoftwareRecommendedPackage { <# .SYNOPSIS Get all Sophos Recommended packages for the tenant .DESCRIPTION Get all Sophos Recommended packages for the tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointSoftwareRecommendedPackages -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/packages/recommended?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/software/packages/recommended?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointSoftwareRecommendedPackage.ps1' 77 #Region './Public/Get-SophosEndpointSoftwareStaticPackage.ps1' -1 function Get-SophosEndpointSoftwareStaticPackage { <# .SYNOPSIS Get all static packages available for the tenant. .DESCRIPTION Get all static packages available for the tenant. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointSoftwareStaticPackages -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/packages/static?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/software/packages/static?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointSoftwareStaticPackage.ps1' 77 #Region './Public/Get-SophosEndpointSoftwareStaticPackageById.ps1' -1 function Get-SophosEndpointSoftwareStaticPackageById { <# .SYNOPSIS Get individual static package .DESCRIPTION Get individual static package .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PackageId Target package ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$pack = Get-SophosEndpointSoftwareStaticPackages -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Sophos"} PS>Get-SophosEndpointSoftwareStaticPackageById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PackageId $pack.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PackageId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/packages/static/$($PackageId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointSoftwareStaticPackageById.ps1' 72 #Region './Public/Get-SophosEndpointTamperProtectionSetting.ps1' -1 function Get-SophosEndpointTamperProtectionSetting { <# .SYNOPSIS Get tamper protection settings for endpoint .DESCRIPTION Get tamper protection settings for endpoint .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hsotl ocation URL of the tenant .PARAMETER EndpointId Target endpoint ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Get-SophosEndpointTamperProtectionSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EdnpointId $endpoint.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/tamper-protection" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointTamperProtectionSetting.ps1' 72 #Region './Public/Get-SophosEndpointTenantInstaller.ps1' -1 function Get-SophosEndpointTenantInstaller{ <# .SYNOPSIS Get Sophos enpoint installer for target tenant .DESCRIPTION Get Sophos enpoint installer for target tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointTenantInstallers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" 'Accept'='application/json' } try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri "$ApiHost/endpoint/v1/downloads" -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch{ return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } #EndRegion './Public/Get-SophosEndpointTenantInstaller.ps1' 57 #Region './Public/Get-SophosEndpointWebControlCategory.ps1' -1 function Get-SophosEndpointWebControlCategory { <# .SYNOPSIS Get web control categories .DESCRIPTION Get web control categories .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointWebControlCategories -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/categories" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointWebControlCategory.ps1' 66 #Region './Public/Get-SophosEndpointWebControlLocalSite.ps1' -1 function Get-SophosEndpointWebControlLocalSite { <# .SYNOPSIS Get all local sites .DESCRIPTION Get all local sites .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointWebControlLocalSites -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointWebControlLocalSite.ps1' 77 #Region './Public/Get-SophosEndpointWebControlLocalSitesById.ps1' -1 function Get-SophosEndpointWebControlLocalSitesById { <# .SYNOPSIS Get local sit by ID .DESCRIPTION Get local site by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER LocalSiteId Target local site ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$site = Get-SophosEndpointWebControlLocalSites -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Get-SophosEndpointWebControlLocalSitesById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -LocalSiteId $site.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$LocalSiteId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/$($LocalSiteId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointWebControlLocalSitesById.ps1' 72 #Region './Public/Get-SophosEndpointWebControlTlsDecryption.ps1' -1 function Get-SophosEndpointWebControlTlsDecryption { <# .SYNOPSIS Get settings for SSL/TLS decryptin of HTTPS websites .DESCRIPTION Get settings for SSL/TLS decryptin of HTTPS websites .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointWebControlTlsDecryption -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/tls-decryption" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointWebControlTlsDecryption.ps1' 66 #Region './Public/Get-SophosEndpointWebControlTlsDecryptionExclusion.ps1' -1 function Get-SophosEndpointWebControlTlsDecryptionExclusion { <# .SYNOPSIS List of websites excluded from SSL/TLS decryption .DESCRIPTION List of websites excluded from SSL/TLS decryption .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of teh tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosEndpointWebControlTlsDecryptionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/tls-decryption/excluded-websites" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosEndpointWebControlTlsDecryptionExclusion.ps1' 66 #Region './Public/Get-SophosFirewall.ps1' -1 function Get-SophosFirewall { <# .SYNOPSIS List of firewalls. .DESCRIPTION List of firewalls. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosFirewalls -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewalls?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/firewall/v1/firewalls?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosFirewall.ps1' 77 #Region './Public/Get-SophosFirewallGroup.ps1' -1 function Get-SophosFirewallGroup { <# .SYNOPSIS Retrieve firewall groups .DESCRIPTION Retrieve firewall groups .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx"PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $CredentialPS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosFirewallGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewall-groups?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/firewall/v1/firewall-groups?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosFirewallGroup.ps1' 76 #Region './Public/Get-SophosLiveDiscoverQueriesCategory.ps1' -1 function Get-SophosLiveDiscoverQueriesCategory { <# .SYNOPSIS Get all categories, canned as well as custom .DESCRIPTION Get all categories, canned as well as custom .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueriesCategories -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/categories?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/live-discover/v1/queries/categories?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueriesCategory.ps1' 77 #Region './Public/Get-SophosLiveDiscoverQueriesCategoryById.ps1' -1 function Get-SophosLiveDiscoverQueriesCategoryById { <# .SYNOPSIS Get details of a category by ID .DESCRIPTION Get details of a category by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER CategoryId Target category ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueriesCategoryById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -CategoryId "xxxxxx-xxxxx-xxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$CategoryId ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/categories/$($CategoryId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueriesCategoryById.ps1' 71 #Region './Public/Get-SophosLiveDiscoverQuery.ps1' -1 function Get-SophosLiveDiscoverQuery { <# .SYNOPSIS Get queries .DESCRIPTION Get queries .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hostlocation URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueries -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/live-discover/v1/queries?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQuery.ps1' 77 #Region './Public/Get-SophosLiveDiscoverQueryById.ps1' -1 function Get-SophosLiveDiscoverQueryById { <# .SYNOPSIS Get query by ID .DESCRIPTION Get query by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER QueryId Target query ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueryById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -QueryId "xxxx-xxxx-xxxx-xxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$QueryId ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/$($QueryId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueryById.ps1' 71 #Region './Public/Get-SophosLiveDiscoverQueryRun.ps1' -1 function Get-SophosLiveDiscoverQueryRun { <# .SYNOPSIS Get list of query runs .DESCRIPTION Get list of query runs .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueryRuns -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/runs?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/live-discover/v1/queries/runs?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueryRun.ps1' 77 #Region './Public/Get-SophosLiveDiscoverQueryRunById.ps1' -1 function Get-SophosLiveDiscoverQueryRunById { <# .SYNOPSIS Get run by ID .DESCRIPTION Get run by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RunId Target run ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueryRunById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RunId "xxxxx-xxxxx-xxxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RunId ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/runs/$($RunId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueryRunById.ps1' 71 #Region './Public/Get-SophosLiveDiscoverQueryRunEndpointStatus.ps1' -1 function Get-SophosLiveDiscoverQueryRunEndpointStatus { <# .SYNOPSIS Get statuses of endpoints in the query run .DESCRIPTION Get statuses of endpoints in the query run .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RunId Target run ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueryRunEndpointStatus -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RunId "xxxxx-xxxxxx-xxxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RunId ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/runs/$($RunId)/endpoints?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/live-discover/v1/queries/runs/$($RunId)/endpoints?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueryRunEndpointStatus.ps1' 82 #Region './Public/Get-SophosLiveDiscoverQueryRunResult.ps1' -1 function Get-SophosLiveDiscoverQueryRunResult { <# .SYNOPSIS Get the results of a query run .DESCRIPTION Get the results of a query run .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RunId Target run ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosLiveDiscoverQueryRunResults -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RunId "xxxxx-xxxxxx-xxxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RunId ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/runs/$($RunId)/results?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/live-discover/v1/queries/runs/$($RunId)/results?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosLiveDiscoverQueryRunResult.ps1' 82 #Region './Public/Get-SophosOrganizationTenant.ps1' -1 function Get-SophosOrganizationTenant { <# .SYNOPSIS Get Tenants from Organization API .DESCRIPTION Get Tenants from Organization API .PARAMETER Token JWT Token from oauth API. .PARAMETER OrganizationId Parent Organization ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>Get-SophosOrganizationTenants -Token $token -OrganizationId "xxxxx-xxxxxx-xxxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$OrganizationId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/organization/v1/tenants?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Organization-ID" = "$($OrganizationId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { # $response.pages $x++ $Url2 = "https://api.central.sophos.com/organization/v1/tenants?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosOrganizationTenant.ps1' 71 #Region './Public/Get-SophosOrganizationTenantById.ps1' -1 function Get-SophosOrganizationTenantById { <# .SYNOPSIS Gets information from individual tenant in an Organization .DESCRIPTION Gets information from individual tenant in an Organization .PARAMETER Token JWT token from oauth API .PARAMETER OrganizationId Parent Organization ID .PARAMETER TenantId ID of the target tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$MyTenant = Get-SophosOrganizationTenants -Token $token -OrganizationId "xxxxx-xxxxxx-xxxxxx-xxxxxx" | Where-Object {$_.Name -ieq 'MyTenant'} PS>Get-SophosOrganizationTenantById -Token $token -OrganizationId "xxxx-xxxx-xxxx-xxxx" -TenantId $MyTenant.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$OrganizationId, [Parameter(Mandatory=$true)] [string]$TenantId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/organization/v1/tenants/$($TenantId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Organization-ID" = "$($OrganizationId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosOrganizationTenantById.ps1' 64 #Region './Public/Get-SophosPartnerAdmin.ps1' -1 function Get-SophosPartnerAdmin { <# .SYNOPSIS List all partner admins .DESCRIPTION List all partner admins .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>Get-SophosPartnerAdmins -Token $token -PartnerId $partnerId .NOTES General notes #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/admins?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { # $response.pages $x++ $Url2 = "https://api.central.sophos.com/partner/v1/admins?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerAdmin.ps1' 76 #Region './Public/Get-SophosPartnerAdminDetail.ps1' -1 function Get-SophosPartnerAdminDetail { <# .SYNOPSIS Get target admin details .DESCRIPTION Get target admin details .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Parent partner ID .PARAMETER AdminId Target admin ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$admin = PS>Get-SophosPartnerAdmins -Token $token -PartnerId $partnerId | where-object {$_.Name -ieq 'MyAdmin'} PS>Get-SophosPartnerAdminDetails -Token $token -PartnerId $partnerId -AdminId $admin.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$AdminId ) begin { $Url = "https://api.central.sophos.com/partner/v1/admins/$($AdminId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerAdminDetail.ps1' 64 #Region './Public/Get-SophosPartnerAdminRoleAssignment.ps1' -1 function Get-SophosPartnerAdminRoleAssignment { <# .SYNOPSIS Get roles assigned to target admin .DESCRIPTION Get roles assigned to target admin .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Parent Partner ID .PARAMETER AdminId Target admin ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$admin = PS>Get-SophosPartnerAdmins -Token $token -PartnerId $partnerId | where-object {$_.Name -ieq 'MyAdmin'} PS>Get-SophosPartnerAdminRoleAssignments -Token $token -PartnerId $partnerId -AdminId $admin.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$AdminId ) begin { $Url = "https://api.central.sophos.com/partner/v1/admins/$($AdminId)/role-assignments" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerAdminRoleAssignment.ps1' 64 #Region './Public/Get-SophosPartnerAdminRoleAssignmentsById.ps1' -1 function Get-SophosPartnerAdminRoleAssignmentsById { <# .SYNOPSIS Get role assigned to target admin .DESCRIPTION Get role assigned to target admin .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Parent partner ID .PARAMETER AdminId Target admin ID .PARAMETER AssignmentId Parameter description .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = PS>Get-SophosPartnerAdmins -Token $token -PartnerId $partnerId | where-object {$_.Name -ieq 'MyAdmin'} PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>Get-SophosPartnerAdminRoleAssignmentsById -Token $token -PartnerId $partnerId -AdminId $admin.id -AssignmentId $role.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$AdminId, [Parameter(Mandatory=$true)] [string]$AssignmentId ) begin { $Url = "https://api.central.sophos.com/partner/v1/admins/$($AdminId)/role-assignments/$($AssignmentId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerAdminRoleAssignmentsById.ps1' 71 #Region './Public/Get-SophosPartnerBillingUsage.ps1' -1 function Get-SophosPartnerBillingUsage { <# .SYNOPSIS Get Partner biling usage .DESCRIPTION Get Partner biling usage .PARAMETER PartnerId Target partner ID .PARAMETER Token JWT token from oauth API .PARAMETER Month Month as an int. Allowed range 1-12 .PARAMETER Year Year of the billing request. Must be greated than 2021 .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>Get-SophosPartnerBillingUsage -Token $token -PartnerId $partnerId -Month 1 -Year 2023 #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [ValidateSet(1,2,3,4,5,6,7,8,9,10,11,12)] [int]$Month, [ValidateScript({ if($_ -gt 2021) { return $true } else { throw "Year must be greater than 2021" } })] [int]$Year, [Parameter(Mandatory=$true)] [string]$PartnerId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/billing/usage/$($Year.ToString())/$($Month.tostring())?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { # $response.pages $x++ $Url2 = "https://api.central.sophos.com/partner/v1/billing/usage/$($Year.ToString())/$($Month.tostring())?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerBillingUsage.ps1' 91 #Region './Public/Get-SophosPartnerId.ps1' -1 function Get-SophosPartnerId { <# .SYNOPSIS Gets sophos Partner ID .DESCRIPTION Gets Sophos Partner ID .PARAMETER Token JWT token from the oauth api. .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>Get-SophosPartnerId -Token $token #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token ) $Url = "https://api.central.sophos.com/whoami/v1" $headers = @{ "Authorization" = "Bearer $($Token)" } try{ $Response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ PartnerId = $Response.id Success = $true } } catch{ return [pscustomobject]@{ Success= $false } } } #EndRegion './Public/Get-SophosPartnerId.ps1' 43 #Region './Public/Get-SophosPartnerRole.ps1' -1 function Get-SophosPartnerRole { <# .SYNOPSIS Get all partner roles .DESCRIPTION Get all partner roles .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Parent partner ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>Get-SophosPartnerRoles -Token $token -PartnerId $partnerId .NOTES General notes #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/roles?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { # $response.pages $x++ $Url2 = "https://api.central.sophos.com/partner/v1/roles?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerRole.ps1' 76 #Region './Public/Get-SophosPartnerRoleById.ps1' -1 function Get-SophosPartnerRoleById { <# .SYNOPSIS Get partner role by ID .DESCRIPTION Get partner role by ID .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .PARAMETER RoleId Partner role ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>Get-SophosPartnerRoleById -Token $token -PartnerId $partnerId -RoleId $role.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$RoleId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/roles/$($RoleId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerRoleById.ps1' 66 #Region './Public/Get-SophosPartnerRolePermissionSet.ps1' -1 function Get-SophosPartnerRolePermissionSet { <# .SYNOPSIS Get all permission sets .DESCRIPTION Get all permission sets .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>Get-SophosPartnerRolePermissionSet -Token $token -PartnerId $partnerId #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/roles/permission-sets?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { # $response.pages $x++ $Url2 = "https://api.central.sophos.com/partner/v1/roles/permission-sets?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerRolePermissionSet.ps1' 73 #Region './Public/Get-SophosPartnerTenant.ps1' -1 function Get-SophosPartnerTenant { <# .SYNOPSIS Get all tenants .DESCRIPTION Get all tenants .PARAMETER Token JWT Token from oauth API .PARAMETER PartnerId Partner ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/tenants?pageTotal=true" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "https://api.central.sophos.com/partner/v1/tenants?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerTenant.ps1' 71 #Region './Public/Get-SophosPartnerTenantsById.ps1' -1 function Get-SophosPartnerTenantsById { <# .SYNOPSIS Get information of target tenant .DESCRIPTION Get information of target tenant .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .PARAMETER TenantId Target tenant ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosPartnerTenantsById -Token $token -PartnerId $partnerId -TenantId $tenant.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$TenantId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/tenants/$($TenantId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosPartnerTenantsById.ps1' 66 #Region './Public/Get-SophosSiemAlert.ps1' -1 function Get-SophosSiemAlert { <# .SYNOPSIS Get alert with timestamps within last 24 hours .DESCRIPTION Get alert with timestamps within last 24 hours .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosSiemAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/siem/v1/alerts?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/siem/v1/alerts?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosSiemAlert.ps1' 77 #Region './Public/Get-SophosSiemEvent.ps1' -1 function Get-SophosSiemEvent { <# .SYNOPSIS Get events with timestamps within last 24 hours .DESCRIPTION Get events with timestamps within last 24 hours .PARAMETER Token JWT token fron oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosSiemEvents -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/siem/v1/events" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $response $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/siem/v1/events?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosSiemEvent.ps1' 78 #Region './Public/Get-SophosTenantsHealth.ps1' -1 function Get-SophosTenantsHealth{ <# .SYNOPSIS Gets health status of the target tenant .DESCRIPTION Gets health status of the target tenant .PARAMETER Token JWT Token from oauth API .PARAMETER TenantId Tenant ID from target data .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$tenant = Get-SophosPartnerTenants -PartnerId "xxxx-xxxxxx-xxxxx-xxxxx" -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosTenantsHealth -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" 'Accept'='application/json' } try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri "$($ApiHost)/account-health-check/v1/health-check" -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch{ return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } #EndRegion './Public/Get-SophosTenantsHealth.ps1' 56 #Region './Public/Get-SophosUserActivityAttestationById.ps1' -1 function Get-SophosUserActivityAttestationById { <# .SYNOPSIS Get an attestation by ID .DESCRIPTION Get an attestation by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AttestationId Target attestation ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosUserActivityAttestationById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AttestationId "xxxx-xxxxx-xxxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AttestationId ) begin { [array]$Result = @() $Url = "$($ApiHost)/user-activity-verification/v1/attestations/$($AttestationId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosUserActivityAttestationById.ps1' 70 #Region './Public/Get-SophosXdrQueriesCategory.ps1' -1 function Get-SophosXdrQueriesCategory { <# .SYNOPSIS Get details of a query .DESCRIPTION Get details of a query .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosXdrQueriesCategories -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/categories?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/xdr-query/v1/queries/categories?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosXdrQueriesCategory.ps1' 77 #Region './Public/Get-SophosXdrQueriesCategoryById.ps1' -1 function Get-SophosXdrQueriesCategoryById { <# .SYNOPSIS Get the details of a category .DESCRIPTION Get the details of a category .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hsot location URL of the tenant .PARAMETER CategoryId Target category ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosXdrQueriesCategoryById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -CategoryId "xxx-xxxx-xxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$CategoryId ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/categories/$($CategoryId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosXdrQueriesCategoryById.ps1' 71 #Region './Public/Get-SophosXdrQueriesDataLakeRunById.ps1' -1 function Get-SophosXdrQueriesDataLakeRunById { <# .SYNOPSIS Get query run by ID .DESCRIPTION Get query run by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RunId Target run ID .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosXdrQueriesDataLakeRunById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RunId "xxxxx-xxxxx-xxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RunId ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/runs/$($RunId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosXdrQueriesDataLakeRunById.ps1' 71 #Region './Public/Get-SophosXdrQueriesDataLakeRunResult.ps1' -1 function Get-SophosXdrQueriesDataLakeRunResult { <# .SYNOPSIS Get the paged results for a query run .DESCRIPTION Get the paged results for a query run .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RunId Target run iD .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosXdrQueriesDataLakeRunResults -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RunId "xxxxx-xxxxxx-xxxxxx-xxxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RunId ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/runs/$($RunId)/results?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/xdr-query/v1/queries/runs/$($RunId)/results?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosXdrQueriesDataLakeRunResult.ps1' 82 #Region './Public/Get-SophosXdrQueriesRun.ps1' -1 function Get-SophosXdrQueriesRun { <# .SYNOPSIS Get the list of query runs matching the given filters .DESCRIPTION Get the list of query runs matching the given filters .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosXdrQueriesRuns -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/runs?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/xdr-query/v1/queries/runs?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosXdrQueriesRun.ps1' 77 #Region './Public/Get-SophosXdrQuery.ps1' -1 function Get-SophosXdrQuery { <# .SYNOPSIS List queries .DESCRIPTION List queries .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS> $ClientId = "xxxxxxxxxxxxxxxxxxxx" PS> $ClientSecret = "xxxxxxxxxxxxxxxxxxxx" PS> $Credential = [pscredential]::new($ClientId,$(ConvertTo-SecureString -String $ClientSecret -AsPlainText -Force)) PS> $token = Get-SophosAccessToken -Credential $Credential PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Get-SophosXdrQueries -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries?pageTotal=true&pageSize=100" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total $Result += $response.items while( $x -lt $Total) { $x++ $Url2 = "$($ApiHost)/xdr-query/v1/queries?page=$($x)" $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers $Result += $response.items } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Get-SophosXdrQuery.ps1' 77 #Region './Public/Invoke-SophosEndpointAgentUpdate.ps1' -1 function Invoke-SophosEndpointAgentUpdate { <# .SYNOPSIS Sends a request to the endpoint to check for Sophos management agent software updates .DESCRIPTION Sends a request to the endpoint to check for Sophos management agent software updates .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hostlocation URL of the tenant .PARAMETER EndpointId Target endpoint ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Invoke-SophosEndpointAgentUpdate -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $enpoint.id #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/update-checks" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{} } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Invoke-SophosEndpointAgentUpdate.ps1' 71 #Region './Public/Invoke-SophosEndpointIsolation.ps1' -1 function Invoke-SophosEndpointIsolation { <# .SYNOPSIS Turn on or off endpoint isolation for multiple endpoints .DESCRIPTION Turn on or off endpoint isolation for multiple endpoints .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host URl of the tenant .PARAMETER EndpointIds Array of endpoint IDs .PARAMETER IsolationEnabled Bool, true of False .PARAMETER Comment Comment about the isolation settings .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoints = @((Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -like "PC0*"}).id) PS>Invoke-SophosEndpointIsolation -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $enpoints #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$EndpointIds, [Parameter(Mandatory=$true)] [switch]$IsolationEnabled, [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/isolation" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "enabled"=$IsolationEnabled "comment"= "$Comment" "ids" = $EndpointIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Invoke-SophosEndpointIsolation.ps1' 84 #Region './Public/Invoke-SophosEndpointMigration.ps1' -1 function Invoke-SophosEndpointMigration { <# .SYNOPSIS Start a migration job .DESCRIPTION Start a migration job .PARAMETER Token JWT token from oauth .PARAMETER FromTenantId Source Tenant ID .PARAMETER ToTenantId Destination Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointIds Array of endpoint IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$SourceTenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'SourceTenant'} PS>$DestTenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'DestTenant'} PS>$endpoints = @((Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -like "PC0*"}).id) PS>Invoke-SophosEndpointMigration -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointIds $endpoints -FromTenant $SourceTenant -ToTenant $DestTenant #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$FromTenantId, [Parameter(Mandatory=$true)] [string]$ToTenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$EndpointIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/migrations" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($ToTenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "fromTenant" = "$FromTenantId" "endpoints" = $EndpointIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Invoke-SophosEndpointMigration.ps1' 80 #Region './Public/Invoke-SophosLiveDiscoverQuery.ps1' -1 function Invoke-SophosLiveDiscoverQuery { <# .SYNOPSIS Run a saved EDR query or an ad hoc query on remote endpoints .DESCRIPTION Run a saved EDR query or an ad hoc query on remote endpoints .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RequestBody Hashtable with the query parameters according to https://developer.sophos.com/docs/live-discover-v1/1/routes/queries/runs/post .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$body = @{ "matchEndpoints" = @{ "filters" = @( "groupNameContains" = "MyGroup" ) } } PS>Invoke-SophosLiveDiscoverQuery -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RequestBody $body #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/live-discover/v1/queries/runs" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Invoke-SophosLiveDiscoverQuery.ps1' 77 #Region './Public/New-SophosAccountMgmtAccessToken.ps1' -1 function New-SophosAccountMgmtAccessToken { <# .SYNOPSIS Create new access token for target tenant .DESCRIPTION Create new access token for target tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AccessTokenLabel Label for the new token .PARAMETER AccessTokenExpiresAt Expiration date for the token .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>[datetime]$expDate = (get-date).AddHours(1).ToString('yyyy-MM-dd HH:mm:ss') PS>New-SophosAccountMgmtAccessToken -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AccessTokenLabel "MyToken" -AccessTokenEpiresAt $expDate.ToUniversalTime() #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact='High')] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AccessTokenLabel, [Parameter(Mandatory=$true)] [datetime]$AccessTokenExpiresAt ) begin { [array]$Result = @() $Url = "$($ApiHost)/accounts/v1/access-tokens" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "label" = "$AccessTokenLabel" "type" = "sophosLinuxSensor" "expiresAt" = $AccessTokenExpiresAt } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Access Token')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosAccountMgmtAccessToken.ps1' 81 #Region './Public/New-SophosCommonAdmin.ps1' -1 function New-SophosCommonAdmin { <# .SYNOPSIS Create a new admin from a directory user .DESCRIPTION Create a new admin from a directory user .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target uder ID .PARAMETER RoleId Target role ID for the new admin. .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosCommonAdmin -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId "xxxx-xxxx-xxxx-xxx" -RoleId "xxxx-xxxxx-xxxxxx-xxxxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact='High')] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId, [Parameter(Mandatory=$true)] [string]$RoleId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/admins?pageTotal=true" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "userId" = "$UserId" "roleAssignments" = @( @{ "roleId" = "$RoleId" } ) } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Common Admin')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosCommonAdmin.ps1' 82 #Region './Public/New-SophosCommonAdminRoleAssignment.ps1' -1 function New-SophosCommonAdminRoleAssignment { <# .SYNOPSIS Assign role of principal tpe "user" to a tenant admin. Any existing assignment is overrdden .DESCRIPTION Assign role of principal tpe "user" to a tenant admin. Any existing assignment is overrdden .PARAMETER Token JWT token from oath API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AdminId Target admin ID .PARAMETER RoleId Role id to add .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Admin"} PS>New-SophosCommonAdminRoleAssignment -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId $amdin.id -RoleId "xxx-xxx-xxx-xxxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact='High')] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AdminId, [Parameter(Mandatory=$true)] [string]$RoleId ) begin { $Url = "$($ApiHost)/common/v1/admins/$($AdminId)/role-assignments" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "roleId" = "$RoleId" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Common Admin Assignment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosCommonAdminRoleAssignment.ps1' 77 #Region './Public/New-SophosCommonDirectoryUserGroup.ps1' -1 function New-SophosCommonDirectoryUserGroup { <# .SYNOPSIS Adds new group to the directory .DESCRIPTION Adds new group to the directory .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupName Name of the new group .PARAMETER GroupDescription Description of the new group .PARAMETER UserIds Array of user IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>[array]$users = @((Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost).id) PS>New-SophosCommonDirectoryUserGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupName "MyGroup" -GroupDescription "All users" -UserIds $users #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupName, [Parameter(Mandatory=$false)] [string]$GroupDescription, [Parameter(Mandatory=$false)] [array]$UserIds = @() ) begin { $Url = "$($ApiHost)/common/v1/directory/user-groups" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$GroupName" "description" = "$GroupDescription" "userIds" = $UserIds } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Common Group')) { try { $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosCommonDirectoryUserGroup.ps1' 85 #Region './Public/New-SophosEndpointExploitMitigationExclusion.ps1' -1 function New-SophosEndpointExploitMitigationExclusion { <# .SYNOPSIS Exclude a set of file paths from Exploit Mitigation .DESCRIPTION Exclude a set of file paths from Exploit Mitigation .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionPaths Array of absolute paths to an application file to exclude. You may use HitmanPro.Alert expansion variables (For example, $desktop, $programfiles). Currently, this array may contain only one application path. .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>New-SophosEndpointExploitMitigationExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionPaths @("c:\foo\bar.exe") #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$ExclusionPaths ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exploit-mitigation/applications" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "paths" = $ExclusionPaths } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Exploit Mitigation Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointExploitMitigationExclusion.ps1' 77 #Region './Public/New-SophosEndpointGroup.ps1' -1 function New-SophosEndpointGroup { <# .SYNOPSIS Create new endpoint group .DESCRIPTION Create new endpoint group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupName Name of the new group .PARAMETER GroupType Type of group. Values "Computer or Server " .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosEndpointGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupName "MyGroup" -GroupType "computer" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupName, [ValidateSet("computer","server")] [string]$GroupType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups?pageTotal=true" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$GroupName" "type" = "$GroupType" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Endpoint Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointGroup.ps1' 79 #Region './Public/New-SophosEndpointIntrusionPreventionExclusion.ps1' -1 function New-SophosEndpointIntrusionPreventionExclusion { <# .SYNOPSIS Add a new Intrusion Prevention exclusion .DESCRIPTION Add a new Intrusion Prevention exclusion .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RemoteAddress Array of remote addresses for theintrudion prevention exclusion .PARAMETER Direction Direction property of the intrusion prevention exclusion .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$IpAddresses = @("http://1.1.1.1","https://8.8.8.8") PS>New-SophosEndpointIntrusionPreventionExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RemoteAddress $IpAddresses -Direction "both" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$RemoteAddress, [Parameter(Mandatory=$true)] [ValidateSet("inbound","outbound","both")] [string]$Direction ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/intrusion-prevention" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "direction" = "$Direction" "remoteAddress" = $RemoteAddress } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Intrusion Prevention Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointIntrusionPreventionExclusion.ps1' 83 #Region './Public/New-SophosEndpointIsolationExclusion.ps1' -1 function New-SophosEndpointIsolationExclusion { <# .SYNOPSIS Adds a new Isolation exclusion. .DESCRIPTION Adds a new Isolation exclusion. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RemoteAddress Array of remote addresses .PARAMETER Direction IP traffic direction. .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosEndpointIsolationExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RemoteAddresses @("http://8.8.8.8") -Direction "inbound" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$RemoteAddress, [Parameter(Mandatory=$true)] [ValidateSet("inbound","outbound","both")] [string]$Direction ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/isolation" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "direction" = "$Direction" "remoteAddress" = $RemoteAddress } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Isolation Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointIsolationExclusion.ps1' 82 #Region './Public/New-SophosEndpointPolicy.ps1' -1 function New-SophosEndpointPolicy { <# .SYNOPSIS Create new policy .DESCRIPTION Create new policy .PARAMETER Token JWT token from aouth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RequestBody Hashtable containing the correct parameters according to https://developer.sophos.com/docs/endpoint-v1/1/routes/policies/post .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoints = @((Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -like "PC0*"}).id) PS>$body = @{ "name" = "MyPolicy" "priority" = 999 "type = "threate-protection" "enabled" = $true "appliesTo" = @{ "endpoints" = $endpoints } } PS>New-SophosEndpointPolicy -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RequestBody $body #> # https://developer.sophos.com/endpoint-policy-settings-all [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Policy')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointPolicy.ps1' 84 #Region './Public/New-SophosEndpointsAllowedItem.ps1' -1 function New-SophosEndpointsAllowedItem { <# .SYNOPSIS Exempt an item from conviction .DESCRIPTION Exempt an item from conviction .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FileName Name of the file to be excluded with the extension .PARAMETER Path Path of the file to be excluded including the file name .PARAMETER Comment Reason for the exclusion .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosEndpointsAllowedItem -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FileName "File.exe" -Path 'c:\Files\File.exe' -Comment "Vendor recommendation" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FileName, [Parameter(Mandatory=$true)] [string]$Path, [Parameter(Mandatory=$true)] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/allowed-items" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "type" = "path" "properties" = @{ "fileName" = "$FileName" "path" = "$Path" } "comment" = "$Comment" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Allowed Item')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointsAllowedItem.ps1' 89 #Region './Public/New-SophosEndpointsBlockedItem.ps1' -1 function New-SophosEndpointsBlockedItem { <# .SYNOPSIS Block an item from exoneration .DESCRIPTION Block an item from exoneration .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FileName File name with the extension .PARAMETER Path Path to the file with including the file and extension .PARAMETER Comment Reason the file is being blocked .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosEndpointsBlockedItem -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FileName "file.exe" -Path "c:\files\file.exe" -Comment "suspicious activity" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FileName, [Parameter(Mandatory=$true)] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/blocked-items" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "type" = "path" "properties" = @{ "fileName" = "$FileName" "path" = "path" } "comment" = "$Comment" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Blocked Item')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointsBlockedItem.ps1' 88 #Region './Public/New-SophosEndpointScanningExclusion.ps1' -1 function New-SophosEndpointScanningExclusion { <# .SYNOPSIS Add a new scanning exclusion .DESCRIPTION Add a new scanning exclusion .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionPath Path to be excluded .PARAMETER ScanMode Default value of scan mode is "onDemandAndOnAccess" for exclusions of type path, posixPath and virtualPath, "onAccess" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode .PARAMETER Comment Rrason for exclusion .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosEndpointScanningExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionPath "c:\Path\to\Folder\" -ScanMode "onDemandAndOnAccess" -Comment "Vendor request" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionPath, [Parameter(Mandatory=$true)] [ValidateSet("onDemand","onAccess","onDemandAndOnAccess")] [string]$ScanMode, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 100) { return $true } else { throw "Length must be lesst than 100. Current Length: $($_.Length)" } })] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/scanning" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "value" = "$ExclusionPath" "type" = "path" "scanMode" = "$ScanMode" "comment" = "$Comment" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Scanning Exlusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointScanningExclusion.ps1' 99 #Region './Public/New-SophosEndpointScanRequest.ps1' -1 function New-SophosEndpointScanRequest { <# .SYNOPSIS Trigger a scan on the target endpoint .DESCRIPTION Trigger a scan on the target endpoint .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointId Target endpoint .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>New-SophosEndpointScanRequest -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointId $endpoint.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/scans" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Scan Request')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosEndpointScanRequest.ps1' 74 #Region './Public/New-SophosEndpointWebControlLocalSite.ps1' -1 function New-SophosEndpointWebControlLocalSite { <# .SYNOPSIS Add new local site .DESCRIPTION Add new local site .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER Url Site url to be added .PARAMETER Tags Tag for the url .PARAMETER Comment Reason the url is being added .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosEndpointWebControlLocalSites -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -Url "https://example.com" -Tags @("example.com","Example Tag") -Comment "Example local site" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 2048) { return $true } else { throw "Length must be lesst than 2048. Current Length: $($_.Length)" } })] [string]$Url, [Parameter(Mandatory=$true)] [array]$Tags, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 300) { return $true } else { throw "Length must be lesst than 300. Current Length: $($_.Length)" } })] [string]$Comment ) begin { [array]$Result = @() $EndUrl = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "tags" = $Tags "url" = $Url "comment" = $Comment } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Endpoint Web Control Local Site')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $EndUrl -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_ } } } } } #EndRegion './Public/New-SophosEndpointWebControlLocalSite.ps1' 107 #Region './Public/New-SophosFirewallGroup.ps1' -1 function New-SophosFirewallGroup { <# .SYNOPSIS Create firewall group .DESCRIPTION Create firewall group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupName New group name .PARAMETER FirewallIds Array list of firewall IDs to add .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosFirewallGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupName "MyGroup" -FirewallIds @("xxx-xxxx-xxxx-xxxxx","xxxxx-xxxxx-xxxxxxx-xxxxx") #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupName, [Parameter(Mandatory=$true)] [array]$FirewallIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewall-groups" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$GroupName" "assignFirewalls" = $FirewallIds } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Firewall Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosFirewallGroup.ps1' 80 #Region './Public/New-SophosPartnerAdmin.ps1' -1 function New-SophosPartnerAdmin { <# .SYNOPSIS Creates new Sophos partner admin .DESCRIPTION Creates new Sophos partner admin .PARAMETER Token JWT Token from oauht API .PARAMETER PartnerId Parent Partner ID .PARAMETER EmailAddress Email address for the new admin .PARAMETER FirstName First Name for the new admin .PARAMETER LastName Last Name for the new admin .PARAMETER AssignmentId ID of the assignment .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>New-SophosPartnerAdmin -Token $token -PartnerId $partnerId -EmailAddress "bsmith@example.com" -FirstName "Bob" -LastName "Smith" -AssignmentId $role.Id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [ValidateScript({ if($_ -imatch '^(?:(?!.*?[.]{2})[a-zA-Z0-9](?:[a-zA-Z0-9.+!%-]{1,64}|)|\"[a-zA-Z0-9.+!% -]{1,64}\")@[a-zA-Z0-9][a-zA-Z0-9.-]+(.[a-z]{2,}|.[0-9]{1,})$') { return $true } else { throw "$_ is not a valid email address" } })] [string]$EmailAddress, [Parameter(Mandatory=$true)] [string]$FirstName, [Parameter(Mandatory=$true)] [string]$LastName, [Parameter(Mandatory=$true)] [string]$AssignmentId ) begin { $Url = "https://api.central.sophos.com/partner/v1/admins" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" "Content-Type"= "application/json" } $Body = @{ "username" = "$EmailAddress" "profile" = @{ "firstName" = "$FirstName" "lastName" = "$LastName" "name" = "$($FirstName) $($LastName)" } "roleAssignments" = @( @{ "roleId" = "$AssignmentId" "scope" = @{ "type" = "allManagedTenants" } } ) } } process { if($PSCmdlet.ShouldProcess($PartnerId,'New Sophos Partner Admin')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($Body|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosPartnerAdmin.ps1' 106 #Region './Public/New-SophosPartnerRole.ps1' -1 function New-SophosPartnerRole { <# .SYNOPSIS Create new partner role .DESCRIPTION Create new partner role .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .PARAMETER RoleName Name of the new role .PARAMETER PrincipalType Principal Type of the new role .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>New-SophosPartnerRole -Token $token -PartnerId $partnerId -RoleName "MyName" -PrincipalType "user" .NOTES General notes #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$RoleName, [ValidateSet("user","service")] [string]$PrincipalType ) begin { $Url = "https://api.central.sophos.com/partner/v1/roles" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" "Content-Type"= "application/json" } $Body = @{ "name" = "$RoleName" "permissionSets" = @( "base", "product", "setting" ) "principalType" = "$PrincipalType" } } process { if($PSCmdlet.ShouldProcess($PartnerId,'New Sophos Partner Role')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($Body|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosPartnerRole.ps1' 81 #Region './Public/New-SophosPartnerTenant.ps1' -1 function New-SophosPartnerTenant { <# .SYNOPSIS Create new tenant .DESCRIPTION Create new tenant .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .PARAMETER TenantName New tenant Name .PARAMETER FirstName Tenant Admin First Name .PARAMETER LastName Tenant Admin Last Name .PARAMETER EmailAddress Tenant Admin Email address .PARAMETER PhoneNumber Tenant Admin Phone Number .PARAMETER Address Tenant Address .PARAMETER City Tenant City .PARAMETER ZipCode Tenant Zip Code .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$NewTenant = @{ Token = $token PartnerId = $partnerId TenantName = "MyNewTenant" FirstName = "John" LastName = "Doe" EmailAddess = "admin@tenant.com" PhoneNumber = "888-888-8888" Address = 123 Street City = "MyCity" ZipCode = "12345" } PS>New-SophosPartnerTenant @NewTenant #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$TenantName, [Parameter(Mandatory=$true)] [string]$FirstName, [Parameter(Mandatory=$true)] [string]$LastName, [Parameter(Mandatory=$true)] [ValidateScript({ if($_ -imatch '^(?:(?!.*?[.]{2})[a-zA-Z0-9](?:[a-zA-Z0-9.+!%-]{1,64}|)|\"[a-zA-Z0-9.+!% -]{1,64}\")@[a-zA-Z0-9][a-zA-Z0-9.-]+(.[a-z]{2,}|.[0-9]{1,})$') { return $true } else { throw "$_ is not a valid email address" } })] [string]$EmailAddress, [Parameter(Mandatory=$true)] [string]$PhoneNumber, [Parameter(Mandatory=$true)] [string]$Address, [Parameter(Mandatory=$true)] [string]$City, [Parameter(Mandatory=$true)] [string]$ZipCode ) begin { $Url = "https://api.central.sophos.com/partner/v1/tenants" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" "Content-Type"= "application/json" } $Body = @{ "name" = "$TenantName" "showAs" = "$TenantName" "dataGeography" = "US" "billingType" = "usage" "contact" = @{ "firstName" = "$FirstName" "lastName" = "$LastName" "email" = "$EmailAddress" "phone" = "$PhoneNumber" "address" = @{ "address1" = "$Address" "city" = "$City" "countryCode" = "US" "postalCode" = "$ZipCode" } } } } process { if($PSCmdlet.ShouldProcess($PartnerId,'New Sophos Partner Tenant')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($Body|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosPartnerTenant.ps1' 139 #Region './Public/New-SophosUserActivityAttestationRequest.ps1' -1 function New-SophosUserActivityAttestationRequest { <# .SYNOPSIS Create a new attestation for the given user .DESCRIPTION Create a new attestation for the given user .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target User ID .PARAMETER Title Title .PARAMETER Question Question .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>New-SophosUserActivityAttestationRequest -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId "xxxx-xxxxx-xxxx-xxxxx" -Title "Security Question" -Question "Did you sign in to your account recently?" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId, [Parameter(Mandatory=$true)] [string]$Title, [Parameter(Mandatory=$true)] [string]$Question ) begin { [array]$Result = @() $Url = "$($ApiHost)/user-activity-verification/v1/attestations" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "userId" = "$UserId" "title" = @{ "text" = "$Title" } "question" = @{ "text" = "$Question" } } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos User Activity Atestation Request')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|ConvertTo-Json) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosUserActivityAttestationRequest.ps1' 90 #Region './Public/New-SophosXdrQueriesDataLakeRun.ps1' -1 function New-SophosXdrQueriesDataLakeRun { <# .SYNOPSIS Run a query against the Sophos Data Lake, passing the SQL code as the value of a field in the request JSON. The schema reference is available here (https://docs.sophos.com/central/References/schemas/index.html?schema=xdr_schema_docs). .DESCRIPTION Run a query against the Sophos Data Lake, passing the SQL code as the value of a field in the request JSON. The schema reference is available here (https://docs.sophos.com/central/References/schemas/index.html?schema=xdr_schema_docs). .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER Query ADHoc Query .PARAMETER StartDate Start lookup date .PARAMETER EndDate End lookup date .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} ps>$query = 'select * from \"xdr_data\" limit 10' PS>New-SophosXdrQueriesDataLakeRun -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -Query $query -StartDate $(Get-Date).Adddays(-30) -EndDate $(Get-Date).Adddays(-1) #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$Query, [Parameter(Mandatory=$true)] [datetime]$StartDate, [Parameter(Mandatory=$true)] [datetime]$EndDate ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/runs" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "adHocQuery" = @{ "template" = "$Query" } "from" = "$StartDate" "to" = "$EndDate" } } process { if($PSCmdlet.ShouldProcess($TenantId,'New Sophos Xdr Query DataLake Run')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|ConvertTo-Json) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/New-SophosXdrQueriesDataLakeRun.ps1' 91 #Region './Public/Remove-SophosAccountMgmtAccessToken.ps1' -1 function Remove-SophosAccountMgmtAccessToken { <# .SYNOPSIS Removes access token from target tenant .DESCRIPTION Removes access token from target tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host URL of the tenant .PARAMETER AccessTokenId ID of the target Access Token .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$accessToken = Get-SophosAccountMgmtAccessTokens -Token $token -TenantId $tenant.Id -ApiHost $tenant.apiHost PS>Remove-SophosAccountMgmtAccessToken -Token $token -TenantId $tenant.Id -ApiHost $tenant.apiHost -AccessTokenId $accessToken.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AccessTokenId ) begin { [array]$Result = @() $Url = "$($ApiHost)/accounts/v1/access-tokens/$($AccessTokenId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Account Management Access Token')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers -Body $RequestBody return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosAccountMgmtAccessToken.ps1' 71 #Region './Public/Remove-SophosCommonAdmin.ps1' -1 function Remove-SophosCommonAdmin { <# .SYNOPSIS Remove and admin by ID .DESCRIPTION Remove and admin by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AdminId Target admin ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Admin"} PS>Remove-SophosCommonAdmin -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId $admin.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AdminId ) begin { $Url = "$($ApiHost)/common/v1/admins/$($AdminId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common Admin')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonAdmin.ps1' 69 #Region './Public/Remove-SophosCommonAdminRoleAssignment.ps1' -1 function Remove-SophosCommonAdminRoleAssignment { <# .SYNOPSIS Remove role assignment from an admin .DESCRIPTION Remove role assignment from an admin .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hsot location URL of the tenant .PARAMETER AdminId Admin ID .PARAMETER AssignmentId Assignment ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$admin = Get-SophosCommonAdmins -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Admin"} PS>Remove-SophosCommonAdminRoleAssignment -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AdminId $admin.id -AssignmentId "xxxxxxx-xxxxxx-xxxxxx-xxxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AdminId, [Parameter(Mandatory=$true)] [string]$AssignmentId ) begin { $Url = "$($ApiHost)/common/v1/admins/$($AdminId)/role-assignments/$($AssignmentId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common Admin Assignment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonAdminRoleAssignment.ps1' 74 #Region './Public/Remove-SophosCommonDirectoryGroupUser.ps1' -1 function Remove-SophosCommonDirectoryGroupUser { <# .SYNOPSIS Remove a user from multiple groups .DESCRIPTION Remove a user from multiple groups .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target User ID .PARAMETER GroupIds Group IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$users = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'User01'} PS>Remove-SophosCommonDirectoryUserFromGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id -GroupId @('xxx-xxxx-xxx-xxx','xxxx-xxxx-xxxxxx-xxxxxx') #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId, [Parameter(Mandatory=$true)] [ValidateSet({ if($_.count -lt 50) { return $true } else { throw "Request must contain at most 50 items. Total: $($_.count)" } })] [array]$GroupIds ) begin { [array]$Result = @() [string]$param = "" $GroupIds | ForEach-Object{$param += "ids=$_&"} $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)/groups?$($param -replace '&$','')" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common User from Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonDirectoryGroupUser.ps1' 87 #Region './Public/Remove-SophosCommonDirectoryUserById.ps1' -1 function Remove-SophosCommonDirectoryUserById { <# .SYNOPSIS Remove existing user .DESCRIPTION Remove existing user .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target user ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$user = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "User01"} PS>Remove-SophosCommonDirectoryUserById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common User by ID')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonDirectoryUserById.ps1' 71 #Region './Public/Remove-SophosCommonDirectoryUserFromGroup.ps1' -1 function Remove-SophosCommonDirectoryUserFromGroup { <# .SYNOPSIS Remove user from a group .DESCRIPTION Remove user from a group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target user ID .PARAMETER GroupId Group ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$user = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'User01'} PS>Remove-SophosCommonDirectoryUserFromGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id -GroupId 'xxxxx-xxxxxxx-xxxxxxx-xxxxxxxx' #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)/groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Directory User from Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonDirectoryUserFromGroup.ps1' 74 #Region './Public/Remove-SophosCommonDirectoryUserGroup.ps1' -1 function Remove-SophosCommonDirectoryUserGroup { <# .SYNOPSIS Deletes the specified group .DESCRIPTION Deletes the specified group .PARAMETER Token JWT token from API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target GroupId .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "OldGroup"} PS>Remove-SophosCommonDirectoryUserGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common Directory Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonDirectoryUserGroup.ps1' 71 #Region './Public/Remove-SophosCommonDirectoryUserGroupUser.ps1' -1 function Remove-SophosCommonDirectoryUserGroupUser { <# .SYNOPSIS Remove multiple users from a group .DESCRIPTION Remove multiple users from a group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location UR of the tenant .PARAMETER GroupId Target Group ID .PARAMETER UserIds Array of user IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>$group = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-objct {$_.name -eq "mygroup"} PS>$users = @((Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -like "admin*"}).id) PS>Remove-SophosCommonDirectoryUserGroupUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -UserIds $users #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Count -lt 50) { return $true } else { throw "Must contain at most 50 items. Total: $($_.Count)" } })] [array]$UserIds ) begin { [array]$Result = @() [string]$param = "" $UserIds | ForEach-Object{$param += "ids=$_&"} $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)/users?$($param -replace '&$','')" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common User from Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject] @{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonDirectoryUserGroupUser.ps1' 90 #Region './Public/Remove-SophosCommonDirectoryUserGroupUserById.ps1' -1 function Remove-SophosCommonDirectoryUserGroupUserById { <# .SYNOPSIS Update a group to remove a user .DESCRIPTION Update a group to remove a user .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target group id .PARAMETER UserId User ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>$group = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "MyGroup"} PS>$user = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "User01"} PS>Remove-SophosCommonDirectoryUserGroupUserById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -UserId $user.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [Parameter(Mandatory=$true)] [string]$UserId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)/users/$($UserId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common User from Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonDirectoryUserGroupUserById.ps1' 79 #Region './Public/Remove-SophosCommonRole.ps1' -1 function Remove-SophosCommonRole { <# .SYNOPSIS Delete a taenant role by ID .DESCRIPTION Delete a taenant role by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RoleId Target Role ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$role = Get-SophosCommonRoles -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'MyRole'} PS>Remove-SophosCommonRole -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RoleId $role.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RoleId ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/roles/$($RoleId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Common Role')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosCommonRole.ps1' 71 #Region './Public/Remove-SophosEmailMgmtPostDeliveryQuarantineMessage.ps1' -1 function Remove-SophosEmailMgmtPostDeliveryQuarantineMessage { <# .SYNOPSIS Delete one or more messages from post quarantine .DESCRIPTION Delete one or more messages from post quarantine .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailIds Array of Email IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosEmailMgmtPostDeliveryQuarantineMessage -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost @("xxx-xxxx-xxx-xxxx") #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$EmailIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/delete" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } $RequestBody = @{ "items" = $EmailIds } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Email Post Delivery Quarantine Message')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $RequestBody return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEmailMgmtPostDeliveryQuarantineMessage.ps1' 73 #Region './Public/Remove-SophosEmailMgmtQuarantineMessage.ps1' -1 function Remove-SophosEmailMgmtQuarantineMessage { <# .SYNOPSIS Delete one or more messages from quarantine. .DESCRIPTION Delete one or more messages from quarantine. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosEmailMgmtQuarantineMessage -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxx-xxxxx-xxxxxx-xxxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/delete" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } $RequestBody = @{ "items" = @( @{ "id" = "$EmailId" } ) } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Email Management Quarantine Message')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $RequestBody return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEmailMgmtQuarantineMessage.ps1' 77 #Region './Public/Remove-SophosEmailMgmtQuarantineMessageAttachment.ps1' -1 function Remove-SophosEmailMgmtQuarantineMessageAttachment { <# .SYNOPSIS Strips one or more attachments from message .DESCRIPTION Strips one or more attachments from message .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .PARAMETER AttachmentIds Array of attachment IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosEmailMgmtQuarantineMessageAttachments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxx-xxxx-xxxxx-xxxxx" -AttachmentIds @("xxxxx-xxxxxx-xxxxxx-xxxxx","xxxxx-xxxxxx-xxxxxx-xxxxxxx") #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId, [Parameter(Mandatory=$false)] [array]$AttachmentIds = @() ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/attachments/strip" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } $RequestBody = @{ "attachments" = $AttachmentIds } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Email Quarantine Message Attachment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $RequestBody return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEmailMgmtQuarantineMessageAttachment.ps1' 78 #Region './Public/Remove-SophosEndpoint.ps1' -1 function Remove-SophosEndpoint { <# .SYNOPSIS Remove endpoint from tenant .DESCRIPTION Remove endpoint from tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointId Target endpoint ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Remove-SophosEndpoint -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EdnpointId $endpoint.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpoint.ps1' 71 #Region './Public/Remove-SophosEndpointExploitMitigationExclusion.ps1' -1 function Remove-SophosEndpointExploitMitigationExclusion { <# .SYNOPSIS Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications. A request to delete a system-detected application fails with a 409 Conflict message .DESCRIPTION Deletes a custom (user-defined) Exploit Mitigation application by ID. Note you can only delete custom applications. A request to delete a system-detected application fails with a 409 Conflict message .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER MitigationId Target mitigation ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$mitigation = Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Remove-SophosEndpointExploitMitigationExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -MitigationId $mitigation.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$MitigationId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/exploit-mitigation/$($MitigationId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Mitigation Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointExploitMitigationExclusion.ps1' 73 #Region './Public/Remove-SophosEndpointFromGroup.ps1' -1 function Remove-SophosEndpointFromGroup { <# .SYNOPSIS Removes endpoint from group .DESCRIPTION Removes endpoint from group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId ID of the target Group .PARAMETER EndpointId ID of the endpoint to be removed .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -ieq "MyGroup"} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -like "MyPc"} PS>Remove-SophosEndpointFromGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -EndpointId $endpoint.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [Parameter(Mandatory=$true)] [string]$EndpointId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups/$($GroupId)/endpoints/$($EndpointId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint From Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointFromGroup.ps1' 78 #Region './Public/Remove-SophosEndpointGroup.ps1' -1 function Remove-SophosEndpointGroup { <# .SYNOPSIS Remove endpoint group .DESCRIPTION Remove endpoint group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target GroupId to be removed .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -ieq "MyGroup"} PS>Remove-SophosEndpointGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointGroup.ps1' 70 #Region './Public/Remove-SophosEndpointIntrusionPreventionExclusionById.ps1' -1 function Remove-SophosEndpointIntrusionPreventionExclusionById { <# .SYNOPSIS Delete an Intrusion Prevention exclusion by ID .DESCRIPTION Delete an Intrusion Prevention exclusion by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionId Target exclusion ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusion = Get-SophosEndpointIntrusionPreventionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Remove-SophosEndpointIntrusionPreventionExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusion.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/intrusion-prevention/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Intrusion Prevention Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointIntrusionPreventionExclusionById.ps1' 71 #Region './Public/Remove-SophosEndpointIsolationExclusionById.ps1' -1 function Remove-SophosEndpointIsolationExclusionById { <# .SYNOPSIS Deletes an Isolation exclusion .DESCRIPTION Deletes an Isolation exclusion .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host locatin URL of the tenant .PARAMETER ExclusionId Target exclusion ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointIsolationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Remove-SophosEndpointIsolationExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusions.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/isolation/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Isolation Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointIsolationExclusionById.ps1' 71 #Region './Public/Remove-SophosEndpointPolicy.ps1' -1 function Remove-SophosEndpointPolicy { <# .SYNOPSIS Delete Policy .DESCRIPTION Delete Policy .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Policty ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Remove-SophosEndpointPolicy -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Policy')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointPolicy.ps1' 71 #Region './Public/Remove-SophosEndpointsAllowedItem.ps1' -1 function Remove-SophosEndpointsAllowedItem { <# .SYNOPSIS Remove Allowed Item .DESCRIPTION Remove Allowed Item .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AllowedItemId Target allowed item ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$item = Get-SophosEndpointsAllowedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Properties.Name -eiq 'file.exe'} PS>Remove-SophosEndpointsAllowedItem -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AllowedItemId $item.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AllowedItemId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/allowed-items/$($AllowedItemId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Allowed Item')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointsAllowedItem.ps1' 71 #Region './Public/Remove-SophosEndpointsBlockedItem.ps1' -1 function Remove-SophosEndpointsBlockedItem { <# .SYNOPSIS Deletes the specified blocked item .DESCRIPTION Deletes the specified blocked item .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER BlockedItemId target blocke item ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$item = Get-SophosEndpointsBlockedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Properties.Name -eiq 'file.exe'} PS>Remove-SophosEndpointsBlockedItem -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -BlockedItemId $item.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$BlockedItemId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/blocked-items/$($BlockedItemId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Blocked Item')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointsBlockedItem.ps1' 71 #Region './Public/Remove-SophosEndpointScanningExclusionById.ps1' -1 function Remove-SophosEndpointScanningExclusionById { <# .SYNOPSIS Deletes a scanning exclusion. .DESCRIPTION Deletes a scanning exclusion. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER ExclusionId Target Exclusion ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointScanningExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Remove-SophosEndpointScanningExclusionById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusions.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/scanning/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Scanning Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointScanningExclusionById.ps1' 70 #Region './Public/Remove-SophosEndpointSoftwareComment.ps1' -1 function Remove-SophosEndpointSoftwareComment { <# .SYNOPSIS Deletes the static package comment .DESCRIPTION Deletes the static package comment .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Teant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PackageId Target package ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$pack = Get-SophosEndpointSoftwareStaticPackages -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Sophos"} PS>Remove-SophosEndpointSoftwareCommentById -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PackageId $pack.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PackageId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/comments/$($PackageId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Software Comment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointSoftwareComment.ps1' 71 #Region './Public/Remove-SophosEndpointWebControlLocalSite.ps1' -1 function Remove-SophosEndpointWebControlLocalSite { <# .SYNOPSIS Deletes the specified local site .DESCRIPTION Deletes the specified local site .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER LocalSiteId Target local site ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$site = Get-SophosEndpointWebControlLocalSites -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Url -eq "https://example.com"} PS>Remove-SophosEndpointWebControlLocalSite -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -LocalSiteId $site.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$LocalSiteId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/$($LocalSiteId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Web Control Local Site')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointWebControlLocalSite.ps1' 71 #Region './Public/Remove-SophosEndpointWebControlTlsDecryptionExclusion.ps1' -1 function Remove-SophosEndpointWebControlTlsDecryptionExclusion { <# .SYNOPSIS Clears the list of websites excluded from SSL/TLS decryption. .DESCRIPTION Clears the list of websites excluded from SSL/TLS decryption. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosEndpointWebControlTlsDecryptionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/tls-decryption/excluded-websites" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Endpoint Web Control TLS Decryption Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosEndpointWebControlTlsDecryptionExclusion.ps1' 65 #Region './Public/Remove-SophosFirewall.ps1' -1 function Remove-SophosFirewall { <# .SYNOPSIS Delete firewall using its ID .DESCRIPTION Delete firewall using its ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirewallId Target firewall ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosFirewall -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirewallId "xxx-xxxxx-xxxxx-xxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FirewallId ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewalls/$($FirewallId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Firewall')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers -Body $RequestBody return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosFirewall.ps1' 70 #Region './Public/Remove-SophosFirewallFirmaware.ps1' -1 function Remove-SophosFirewallFirmaware { <# .SYNOPSIS Cancel scheduled upgrade .DESCRIPTION Cancel scheduled upgrade .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirewallIds Array of Firewall IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosFirewallFirmaware -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirewallIds @("xxxx-xxxx-xxxxxx-xxxxx") #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Count -lt 50) { return $true } else { throw "Must contain at most 50 items. Total: $($_.Count)" } })] [array]$FirewallIds ) begin { [array]$Result = @() [string]$param = "" $FirewallIds | ForEach-Object{$param += "ids=$_&"} $Url = "$($ApiHost)/firewall/v1/firewalls/actions/firmware-upgrade?$($param -replace '&$','')" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Cancel Scheduled Sophos Firewall firmware Update')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosFirewallFirmaware.ps1' 82 #Region './Public/Remove-SophosFirewallGroup.ps1' -1 function Remove-SophosFirewallGroup { <# .SYNOPSIS Delete firewall group using its ID .DESCRIPTION Delete firewall group using its ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target group ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Remove-SophosFirewallGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId "xxxx-xxxxx-xxxxx-xxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewall-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Firewall Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosFirewallGroup.ps1' 70 #Region './Public/Remove-SophosPartnerAdminRoleAssignment.ps1' -1 function Remove-SophosPartnerAdminRoleAssignment { <# .SYNOPSIS Remove role from target admin .DESCRIPTION Remove role from target admin .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Parent partner ID .PARAMETER AdminId Target admin ID .PARAMETER AssignmentId Assignment ID to be removed .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$admin = PS>Get-SophosPartnerAdmins -Token $token -PartnerId $partnerId | where-object {$_.Name -ieq 'MyAdmin'} PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>Remove-SophosPartnerAdminRoleAssignment -Token $token -PartnerId $partnerId -AdminId $admn.id -AssignmentId $role.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$AdminId, [Parameter(Mandatory=$true)] [string]$AssignmentId ) begin { $Url = "https://api.central.sophos.com/partner/v1/admins/$($AdminId)/role-assignments/$($AssignmentId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($PartnerId,'Remove Sophos Partner Admin Role Assignment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers -Body $Body return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosPartnerAdminRoleAssignment.ps1' 69 #Region './Public/Remove-SophosPartnerRole.ps1' -1 function Remove-SophosPartnerRole { <# .SYNOPSIS Remove partner role .DESCRIPTION Remove partner role .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .PARAMETER RoleId Target role ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>Remove-SophosPartnerRole -Token $token -PartnerId $partnerId -RoleId $role.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$RoleId ) begin { [array]$Result = @() $Url = "https://api.central.sophos.com/partner/v1/roles/$($RoleId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Remove Sophos Partner Role')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Delete -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Remove-SophosPartnerRole.ps1' 63 #Region './Public/Reset-SophosEndpointPolicySetting.ps1' -1 function Reset-SophosEndpointPolicySetting { <# .SYNOPSIS Reset policy settings .DESCRIPTION Reset policy settings .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Target policy ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Reset-SophosEndpointPolicySettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyID $policy.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)/settings/reset" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Reset Sophos Policy Settings')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Reset-SophosEndpointPolicySetting.ps1' 72 #Region './Public/Reset-SophosEndpointPolicySettingsKey.ps1' -1 function Reset-SophosEndpointPolicySettingsKey { <# .SYNOPSIS Reset a setting to its default value .DESCRIPTION Reset a setting to its default value .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Target policy ID .PARAMETER SettingKey Setting key value .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Reset-SophosEndpointPolicySettingsKey -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -SettingKey "endpoint.device-encryption.encrypt-non-boot-volumes" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PolicyId, [Parameter(Mandatory=$true)] [string]$SettingKey ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)/settings/$($SettingKey)/reset" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Reset Sophos Enpoint Policy Settings Key')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Reset-SophosEndpointPolicySettingsKey.ps1' 77 #Region './Public/Reset-SophosEndpointPolicyTypeSetting.ps1' -1 function Reset-SophosEndpointPolicyTypeSetting { <# .SYNOPSIS Reset the settings in a base policy .DESCRIPTION Reset the settings in a base policy .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy Type .PARAMETER SettingKey Setting Key .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Reset-SophosEndpointPolicyTypeSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyType "threat-protection" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base/settings/reset" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Reset Sophos Endpoint Type Settings')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Reset-SophosEndpointPolicyTypeSetting.ps1' 75 #Region './Public/Reset-SophosEndpointPolicyTypeSettingsKey.ps1' -1 function Reset-SophosEndpointPolicyTypeSettingsKey { <# .SYNOPSIS Reset a setting in the base policy to its default value .DESCRIPTION Reset a setting in the base policy to its default value .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy Type .PARAMETER SettingKey Setting KEy .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>Reset-SophosEndpointPolicyTypeSettingsKey -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyType "threat-protection" -SettingKey "endpoint.device-encryption.encrypt-non-boot-volumes" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType, [Parameter(Mandatory=$true)] [string]$SettingKey ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base/settings/$($SettingKey)/reset" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Reset Sophos Endpoint Policy Type Setting Key')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Reset-SophosEndpointPolicyTypeSettingsKey.ps1' 77 #Region './Public/Save-SophosEmailMgmtQuarantineMessageAttachment.ps1' -1 function Save-SophosEmailMgmtQuarantineMessageAttachment { <# .SYNOPSIS Download one or more attachments .DESCRIPTION Download one or more attachments .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target Email ID .PARAMETER AttachmentIds Array of attachment IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Save-SophosEmailMgmtQuarantineMessageAttachments -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxxxxx-xxxxx-xxxxxx-xxxxxxx" -AttachmentIds @("xxxxx-xxxxx-xxxxxx-xxxxx") #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId, [Parameter(Mandatory=$false)] [array]$AttachmentIds = @() ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/attachments/download" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "attachments" = $AttachmentIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Save-SophosEmailMgmtQuarantineMessageAttachment.ps1' 77 #Region './Public/Search-SophosCommonAlert.ps1' -1 function Search-SophosCommonAlert { <# .SYNOPSIS Get alerts .DESCRIPTION Get alerts .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API location URL of the tenant .PARAMETER AlertId Alert ID .PARAMETER RequestBody Request with parameters according to https://developer.sophos.com/docs/common-v1/1/routes/alerts/search/post .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>Search-SophosCommonAlert -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AlertId $alert.id -RequestBody @requests #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AlertId, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/alerts/$($AlertId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Search-SophosCommonAlert.ps1' 74 #Region './Public/Search-SophosEmailMgmQuarantineMessage.ps1' -1 function Search-SophosEmailMgmQuarantineMessage { <# .SYNOPSIS Summary of all the quarantined messages matching your search and filter conditions .DESCRIPTION Summary of all the quarantined messages matching your search and filter conditions .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER BeginDate Start of the sarch filter .PARAMETER EndDate End of the seach filter .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Search-SophosEmailMgmQuarantineMessage -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -BeignDate $(Get-Date).adddays(-30) -EndDate $(Get-date) #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [datetime]$BeginDate, [Parameter(Mandatory=$true)] [datetime]$EndDate ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/search" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "beginDate" = "$BeginDate" "endDate" = "$EndDate" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Search-SophosEmailMgmQuarantineMessage.ps1' 78 #Region './Public/Search-SophosEmailMgmtPostDeliveryQuarantineMessage.ps1' -1 function Search-SophosEmailMgmtPostDeliveryQuarantineMessage { <# .SYNOPSIS Summary of all the post-delivery quarantined messages matching your search and filter conditions .DESCRIPTION Summary of all the post-delivery quarantined messages matching your search and filter conditions .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER BeginDate [Datetime] Start of the search .PARAMETER EndDate [Datetime] End of the search .EXAMPLE S>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Search-SophosEmailMgmtPostDeliveryQuarantineMessage -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -BeginDate (Get-date).adddays(-30) -EndDate (Get-Date).adddays(-1) #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [datetime]$BeginDate, [Parameter(Mandatory=$true)] [datetime]$EndDate ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/search" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "beginDate" = "$BeginDate" "endDate" = "$EndDate" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Search-SophosEmailMgmtPostDeliveryQuarantineMessage.ps1' 77 #Region './Public/Set-SophosPartnerAdminRoleAssignment.ps1' -1 function Set-SophosPartnerAdminRoleAssignment { <# .SYNOPSIS Set specific role on target admin .DESCRIPTION Set specific role on target admin .PARAMETER Token JWT Token from oauth API .PARAMETER PartnerId Parent partner ID .PARAMETER AdminId Target admin ID .PARAMETER AssignmentId Target assignment ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$admin = PS>Get-SophosPartnerAdmins -Token $token -PartnerId $partnerId | where-object {$_.Name -ieq 'MyAdmin'} PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>Set-SophosPartnerAdminRoleAssignment -Token $token -PartnerId $partnerId -AdminId $admin.id -AssignmentId $role.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$AdminId, [Parameter(Mandatory=$true)] [string]$AssignmentId ) begin { $Url = "https://api.central.sophos.com/partner/v1/admins/$($AdminId)/role-assignments " $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" "Content-Type"= "application/json" } $Body = @{ "roleId" = "$AssignmentId" "scope" = @{ "type" = "allManagedTenants" } } } process { if($PSCmdlet.ShouldProcess($TenantId,'Set Sophos Partner Admin Role Assignment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($Body|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Set-SophosPartnerAdminRoleAssignment.ps1' 76 #Region './Public/Show-SophosEmailMgmtQuarantineMessage.ps1' -1 function Show-SophosEmailMgmtQuarantineMessage { <# .SYNOPSIS Preview a message in quarantine .DESCRIPTION Preview a message in quarantine .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Show-SophosEmailMgmtQuarantineMessage -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxxx-xxxxxx-xxxxx-xxxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/quarantine/messages/$($EmailId)/attachments/preview" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headerbs $headers return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Show-SophosEmailMgmtQuarantineMessage.ps1' 68 #Region './Public/Start-SophosEmailMgmtPostDeliveryQuarantineMessageAttachmentDownload.ps1' -1 function Start-SophosEmailMgmtPostDeliveryQuarantineMessageAttachmentDownload { <# .SYNOPSIS Download one or more atachments .DESCRIPTION Download one or more atachments .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EmailId Target email ID .PARAMETER RequestBody Hashtable with a List of attachments to download. If you don't specify which to download, all the attachments in the message are downloaded. .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Start-SophosEmailMgmtPostDeliveryQuarantineMessageAttachmentDownload -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EmailId "xxxxx-xxxxx-xxxxxx-xxxxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EmailId, [Parameter(Mandatory=$false)] [hashtable]$RequestBody = @{} ) begin { [array]$Result = @() $Url = "$($ApiHost)/email/v1/post-delivery-quarantine/messages/$($EmailId)/attachments" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Start Sophos Email Post Delivery Quarantine Message Attachment Download')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $RequestBody return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Start-SophosEmailMgmtPostDeliveryQuarantineMessageAttachmentDownload.ps1' 77 #Region './Public/Start-SophosEndpointMigrationJob.ps1' -1 function Start-SophosEndpointMigrationJob { <# .SYNOPSIS Start a migration job in the sending tenant .DESCRIPTION Start a migration job in the sending tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location of the tenant .PARAMETER MigrationJobId Migration Job ID .PARAMETER MigrationJobToken Migration Job Token .PARAMETER EndpointIds Array of endpoint IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoints = @((Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -like "PC0*"}).id) PS>$migration = Get-SophosEndpointMigrations -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Mode -eq 'sending'} PS>Start-SophosEndpointMigrationJob -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointIds $endpoints -MigrationJobId $migration.id -MigrationJobToken $migration.token #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$MigrationJobId, [Parameter(Mandatory=$true)] [string]$MigrationJobToken, [Parameter(Mandatory=$true)] [array]$EndpointIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/migrations/$($MigrationJobId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "token" = "$MigrationJobToken" "endpoints" = $EndpointIds } } process { if($PSCmdlet.ShouldProcess($TenantId,'Start Sophos Endpoint Migration Job')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Put -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Start-SophosEndpointMigrationJob.ps1' 87 #Region './Public/Stop-SophosXdrQueriesDataLakeRun.ps1' -1 function Stop-SophosXdrQueriesDataLakeRun { <# .SYNOPSIS Cancel query run by ID .DESCRIPTION Cancel query run by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RunId Target run ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Stop-SophosXdrQueriesDataLakeRun -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RunId "xxxx-xxxxxx-xxxxx-xxxxx" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RunId ) begin { [array]$Result = @() $Url = "$($ApiHost)/xdr-query/v1/queries/runs/$($RunId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{} } process { if($PSCmdlet.ShouldProcess($TenantId,'Stop Sophos XDR Query DataLake Run')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Stop-SophosXdrQueriesDataLakeRun.ps1' 73 #Region './Public/Suspend-SophosTenantsHealthIssue.ps1' -1 function Suspend-SophosTenantsHealthIssue { <# .SYNOPSIS Snooze reminders for account health issues for a tenant .DESCRIPTION Snooze reminders for account health issues for a tenant .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Target Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RequestBody Hashtable with the correct parameters according to 'https://developer.sophos.com/docs/account-health-check-v1/1/routes/snooze/post' .EXAMPLE PS>$parameters = @{ "endpoint" = @{ "tamperProtection" = @{ "global" = @{ "snoozed" = $true } } } } PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$tenant = Get-SophosPartnerTenants -PartnerId "xxxx-xxxxxx-xxxxx-xxxxx" -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Suspend-SophosTenantsHealthIssues -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RequestBody $parameters #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" 'Accept'='application/json' "Content-Type"= "application/json" } } Process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri "$($ApiHost)/account-health-check/v1/health-check" -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch{ return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Suspend-SophosTenantsHealthIssue.ps1' 71 #Region './Public/Sync-SophosFirewallGroupFirewallsStatus.ps1' -1 function Sync-SophosFirewallGroupFirewallsStatus { <# .SYNOPSIS Synchronization status for the firewalls in a group .DESCRIPTION Synchronization status for the firewalls in a group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of the tenant .PARAMETER GroupId Target Group ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Sync-SophosFirewallGroupFirewallsStatus -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId "xxxxx-xxxxx-xxxxx-xxxxx" #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewall-groups/$($GroupId)/firewalls/sync-status?pageTotal=true" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" } [int]$x = 1 [int]$Total = 0 } process { try{ $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url -Headers $headers $Total = $response.pages.Total while( $x -le $Total) { $Result += $response.items $page = $x++ $Url2 = "$($ApiHost)/firewall/v1/firewall-groups/$($GroupId)/firewalls/sync-status?page=" + $page.tostring() $response = Invoke-RestMethod -ErrorAction Stop -Method Get -Uri $Url2 -Headers $headers } return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Sync-SophosFirewallGroupFirewallsStatus.ps1' 78 #Region './Public/Test-SophosFirewallFirmaware.ps1' -1 function Test-SophosFirewallFirmaware { <# .SYNOPSIS Check firmware for firewalls .DESCRIPTION Check firmware for firewalls .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirewallIds Array of firewall IDs .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Test-SophosFirewallFirmaware -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirewallIds @("xxxx-xxxx-xxxx-xxxx","xxxx-xxxxx-xxxxxx-xxxx") #> [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [array]$FirewallIds ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewalls/actions/firmware-upgrade-check" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "firewalls" = $FirewallIds } } process { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } #EndRegion './Public/Test-SophosFirewallFirmaware.ps1' 72 #Region './Public/Update-SophosAccountMgmtAccessToken.ps1' -1 function Update-SophosAccountMgmtAccessToken { <# .SYNOPSIS Updates the tenant access token .DESCRIPTION Updates the tenant access token .PARAMETER Token JWT Token from oauth API .PARAMETER TenantId Target tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AccessTokenId ID of the access token to modify .PARAMETER AccessTokenLabel New label for the target access token .PARAMETER AccessTokenExpiresAt New Expiry date for the target access token .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$accessToken = Get-SophosAccountMgmtAccessTokens -Token $token -TenantId $tenant.Id -ApiHost $tenant.apiHost PS>Update-SophosAccountMgmtAccessToken -Token $token -TenantId $tenant.Id -ApiHost $tenant.apiHost -AccessTokenId $accessToken.id #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AccessTokenId, [Parameter(Mandatory=$true)] [string]$AccessTokenLabel, [Parameter(Mandatory=$true)] [datetime]$AccessTokenExpiresAt ) begin { [array]$Result = @() $Url = "$($ApiHost)/accounts/v1/access-tokens/$($AccessTokenId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "label" = "$AccessTokenLabel" "expiresAt" = $AccessTokenExpiresAt } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Account Management Access Token')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosAccountMgmtAccessToken.ps1' 85 #Region './Public/Update-SophosCommonAlert.ps1' -1 function Update-SophosCommonAlert { <# .SYNOPSIS Take an action on a specific alert .DESCRIPTION Take an action on a specific alert .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AlertId Target alert ID .PARAMETER Action Action to perform .PARAMETER Message Message related to the action .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>Update-SophosCommonAlert -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AlertId $alert.id -Action "cleanPua" -Message "Cleanup PUA" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AlertId, [Parameter(Mandatory=$true)] [ValidateSet("acknowledge","cleanPua","cleanVirus","authPua","clearThreat","clearHmpa","sendMsgPua","sendMsgThreat")] [string]$Action, [Parameter(Mandatory=$true)] [string]$Message ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/alerts/$($AlertId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "action" = "$action" "message" = "$Message" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Common Alert')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosCommonAlert.ps1' 87 #Region './Public/Update-SophosCommonDirectoryUser.ps1' -1 function Update-SophosCommonDirectoryUser { <# .SYNOPSIS Update existing user .DESCRIPTION Update existing user .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER UserId Target user ID .PARAMETER FirstName User's first name .PARAMETER LastName User's last name .PARAMETER EmailAddress User's email address .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$user = Get-SophosCommonDirectoryUsers -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'MyUser'} PS>Update-SophosCommonDirectoryUser -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -UserId $user.id -FirstName "Bob" -LastName "Bobs" -EmailAddress "bob@example.com" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$UserId, [Parameter(Mandatory=$true)] [string]$FirstName, [Parameter(Mandatory=$true)] [string]$LastName, [Parameter(Mandatory=$false)] [ValidateSet({ if($_ -imatch '^(?:(?!.*?[.]{2})[a-zA-Z0-9](?:[a-zA-Z0-9.+!%-]{1,64}|)|\"[a-zA-Z0-9.+!% -]{1,64}\")@[a-zA-Z0-9][a-zA-Z0-9.-]+(.[a-z]{2,}|.[0-9]{1,})$') { return $true } else { throw "Invalid email address." } })] [string]$EmailAddress ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/users/$($UserId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$($FirstName) $($LastName)" "firstName" = "$FirstName" "lastName" = "$LastName" "email" = "$EmailAddress" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Common Directory User')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosCommonDirectoryUser.ps1' 104 #Region './Public/Update-SophosCommonDirectoryUserGroup.ps1' -1 function Update-SophosCommonDirectoryUserGroup { <# .SYNOPSIS Update group .DESCRIPTION Update group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER GroupId Target Group ID .PARAMETER GroupName New Name .PARAMETER GroupDescription Reason for change .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$alert = Get-SophosCommonAlerts -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxxx-xxxxx-xxxxx-xxxx"} PS>$groups = Get-SophosCommonDirectoryUserGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "MyGroup"} PS>Update-SophosCommonDirectoryUserGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -GroupName "NewName" -GroupDescription "Didn't like the old name" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 250) { return $true } else { throw "Length must be less than 250. Length: $($_.Length)" } })] [string]$GroupName, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 1000) { return $true } else { throw "Length must be less than 1000. Length: $($_.Length)" } })] [string]$GroupDescription ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/directory/user-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$GroupName" "description" = "$GroupDescription" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Common Directory User Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosCommonDirectoryUserGroup.ps1' 106 #Region './Public/Update-SophosCommonRole.ps1' -1 function Update-SophosCommonRole { <# .SYNOPSIS Patch an existing tenant role .DESCRIPTION Patch an existing tenant role .PARAMETER Token JWt token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API hostlocation URL of the tenant .PARAMETER RoleId Target role ID .PARAMETER RoleName New role Name .PARAMETER RolePermissionSets Array of role permissions .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$role = Get-SophosCommonRoles -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | Where-Object {$_.Name -eq 'MyRole'} PS>Update-SophosCommonRole -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RoleId $role.id -RoleName "MyNewName" -RolePermissionSets @("central_admin") #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$RoleId, [Parameter(Mandatory=$true)] [string]$RoleName, [Parameter(Mandatory=$true)] [array]$RolePermissionSets ) begin { [array]$Result = @() $Url = "$($ApiHost)/common/v1/roles/$($RoleId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = $RoleName "permissionSets" = $RolePermissionSets } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Common Role')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosCommonRole.ps1' 86 #Region './Public/Update-SophosEndpointEventJournalSetting.ps1' -1 function Update-SophosEndpointEventJournalSetting { <# .SYNOPSIS Update settings for event journal size and disk space limits. If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used. .DESCRIPTION Update settings for event journal size and disk space limits. If you specify both a maximum disk space and a maximum journal size, the lower of these limits is used. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER EndpointType Endpoint type .PARAMETER DiskSpaceLimitInMB Total disk space limit in MB .PARAMETER DiskSpaceLimitAsPercentage Disk space limit for the event journal (percentage) The value 0 will mean Disk space limit is not specified. Supported values [0, 10, 20, 30, 40] .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Update-SophosEndpointEventJournalSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -EndpointType "server" -DiskSpaceLimitInMB 10000 -DiskSpaceLimitAsPercentage 20 #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateSet("computer","server")] [string]$EndpointType, [Parameter(Mandatory=$true)] [ValidateScript({ if($_ -lt 300 -or $_ -gt 30000) { throw "Disk Space Limit must be 300 < Value < 30000" } return $true })] [int]$DiskSpaceLimitInMB, [Parameter(Mandatory=$true)] [ValidateSet(10,20,30,40)] [int]$DiskSpaceLimitAsPercentage ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/event-journal/$($EndpointType)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "useRecommended" = $false "diskSpaceLimitInMB" = $DiskSpaceLimitInMB "diskSpaceLimitAsPercentage" = $DiskSpaceLimitAsPercentage } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos endpoint Event Journal Setting')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointEventJournalSetting.ps1' 99 #Region './Public/Update-SophosEndpointExploitMitigationExclusion.ps1' -1 function Update-SophosEndpointExploitMitigationExclusion { <# .SYNOPSIS Update Exploit Mitigation settings for an application .DESCRIPTION Update Exploit Mitigation settings for an application .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER MitigationId target mitigation ID .PARAMETER ExclusionPaths Array of paths to be excluded .PARAMETER IsProtected Bool .PARAMETER ASLR Bool .PARAMETER BannedAPI Bool .PARAMETER BottomUpASLR Bool .PARAMETER DEP Bool .PARAMETER HeapSpray Bool .PARAMETER IAF Bool .PARAMETER Intruder Bool .PARAMETER KbdGuard Bool .PARAMETER LoadLib Bool .PARAMETER LockdownAutorun Bool .PARAMETER LockdowNewFile Bool .PARAMETER NullCheck Bool .PARAMETER SEHOP Bool .PARAMETER Caller Bool .PARAMETER StackExec Bool .PARAMETER StackPivot Bool .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointExploitMitigationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>$params = @{ Token = "$token" TenantId = "$tenant.id" ApiHost = "$tenant.apiHost" paths= @( "$programFiles/FooApp/foo.exe" ) modifications= @{ protected= $true settings= @{ ASLR= $true BannedAPI= $true BottomUpASLR= $true DEP= $true HeapSpray= $false IAF= $true Intruder= $false KbdGuard= $false LoadLib= $false LockdownAutorun= $true LockdownNewFile= $true NullCheck= $true SEHOP= $true Caller= $true StackExec= $true StackPivot= $true } } } PS>Update-SophosEndpointExploitMitigationExclusion @params #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$MitigationId, [Parameter(Mandatory=$true)] [array]$ExclusionPaths, [Parameter(Mandatory=$true)] [switch]$IsProtected, [Parameter(Mandatory=$true)] [switch]$ASLR, [Parameter(Mandatory=$true)] [switch]$BannedAPI, [Parameter(Mandatory=$true)] [switch]$BottomUpASLR, [Parameter(Mandatory=$true)] [switch]$DEP, [Parameter(Mandatory=$true)] [switch]$HeapSpray, [Parameter(Mandatory=$true)] [switch]$IAF, [Parameter(Mandatory=$true)] [switch]$Intruder, [Parameter(Mandatory=$true)] [switch]$KbdGuard, [Parameter(Mandatory=$true)] [switch]$LoadLib, [Parameter(Mandatory=$true)] [switch]$LockdownAutorun, [Parameter(Mandatory=$true)] [switch]$LockdowNewFile, [Parameter(Mandatory=$true)] [switch]$NullCheck, [Parameter(Mandatory=$true)] [switch]$SEHOP, [Parameter(Mandatory=$true)] [switch]$Caller, [Parameter(Mandatory=$true)] [switch]$StackExec, [Parameter(Mandatory=$true)] [switch]$StackPivot ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/exploit-mitigation/$($MitigationId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "paths" = $ExclusionPaths "modifications" = @{ "protected" = $IsProtected "settings" = @{ "ASLR" = $ASLR "BannedAPI" = $BannedAPI "BottomUpASLR" = $BottomUpASLR "DEP" = $DEP "HeapSpray" = $HeapSpray "IAF" = $IAF "Intruder" = $Intruder "KbdGuard" = $KbdGuard "LoadLib" = $LoadLib "LockdownAutorun" = $LockdownAutorun "LockdownNewFile" = $LockdowNewFile "NullCheck" = $NullCheck "SEHOP" = $SEHOP "Caller" = $Caller "StackExec" = $StackExec "StackPivot" = $StackPivot } } } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Exploit Mitigation Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointExploitMitigationExclusion.ps1' 215 #Region './Public/Update-SophosEndpointGroup.ps1' -1 function Update-SophosEndpointGroup { <# .SYNOPSIS Update endpoint group .DESCRIPTION Update endpoint group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host locatio url of the tenant .PARAMETER GroupName Name of the group .PARAMETER GroupType Type of the group .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$group = Get-SophosEndpointGroups -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -ieq "MyGroup"} PS>Update-SophosEndpointGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId $group.id -GroupName "NewName" -GroupType "server" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupName, [ValidateSet("computer","server")] [string]$GroupType ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoint-groups?pageTotal=true" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$GroupName" "type" = "$GroupType" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointGroup.ps1' 81 #Region './Public/Update-SophosEndpointIntrusionPreventionExclusion.ps1' -1 function Update-SophosEndpointIntrusionPreventionExclusion { <# .SYNOPSIS Update an Intrusion Prevention exclusion by ID. .DESCRIPTION Update an Intrusion Prevention exclusion by ID. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of te tenant .PARAMETER ExclusionId target exclusion ID .PARAMETER RemoteAddress Array of remote addresses for the intrusion prevention exclusion .PARAMETER Direction Direction property of the intrusion prevention exclusion. .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointIntrusionPreventionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Update-SophosEndpointIntrusionPreventionExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusions.id -RemoteAddresses @("http://8.8.8.8") -Direction "both" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId, [Parameter(Mandatory=$true)] [array]$RemoteAddress, [Parameter(Mandatory=$true)] [ValidateSet("inbound","outbound","both")] [string]$Direction ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/intrusion-prevention/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "direction" = "$Direction" "remoteAddress" = $RemoteAddress } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Intrusion Prevention Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointIntrusionPreventionExclusion.ps1' 87 #Region './Public/Update-SophosEndpointIsolationExclusion.ps1' -1 function Update-SophosEndpointIsolationExclusion { <# .SYNOPSIS Updates an Isolation exclusion by ID .DESCRIPTION Updates an Isolation exclusion by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host locatin URL of the tenant .PARAMETER ExclusionId Target exclusion ID .PARAMETER RemoteAddress Array of remote addresses .PARAMETER Direction Remote addresses to exempt from isolation restrictions .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointIsolationExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Update-SophosEndpointIsolationExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusions.id -RremoteAddress @("https://example.com") -Direction "both" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId, [Parameter(Mandatory=$true)] [array]$RemoteAddress, [Parameter(Mandatory=$true)] [ValidateSet("inbound","outbound","both")] [string]$Direction ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/isolation/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "direction" = "$Direction" "remoteAddress" = $RemoteAddress } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Isolation Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointIsolationExclusion.ps1' 87 #Region './Public/Update-SophosEndpointIsolationSetting.ps1' -1 function Update-SophosEndpointIsolationSetting { <# .SYNOPSIS Update isolation setting status .DESCRIPTION Update isolation setting status .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API location URL of the tenant .PARAMETER EndpointId Target endpoint ID .PARAMETER IsolationEnabled [Switch] Enable or disable isolation .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>Update-SophosEndpointIsolationSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -IsolatinEnabled:$false #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$EndpointId, [Parameter(Mandatory=$true)] [switch]$IsolationEnabled ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/endpoints/$($EndpointId)/isolation" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "enabled" = $IsolationEnabled } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Isolation Settings')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointIsolationSetting.ps1' 80 #Region './Public/Update-SophosEndpointPolicy.ps1' -1 function Update-SophosEndpointPolicy { <# .SYNOPSIS Update policy. Note you can only change the settings for a base policy .DESCRIPTION Update policy. Note you can only change the settings for a base policy .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RequestBody Hashtable containing the correct parameters according to https://developer.sophos.com/docs/endpoint-v1/1/routes/policies/%7BpolicyId%7D/patch .PARAMETER PolicyId Policy ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$endpoint = Get-SophosEndpoints -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPc"} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "myPolicy"} PS>$body = @{ "name" = "All Users" "priority" = 99 } PS>Update-SophosEndpointPolicy -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id #> # https://developer.sophos.com/endpoint-policy-settings-all [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [hashtable]$RequestBody, [Parameter(Mandatory=$true)] [string]$PolicyId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Policy')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointPolicy.ps1' 85 #Region './Public/Update-SophosEndpointPolicySetting.ps1' -1 function Update-SophosEndpointPolicySetting { <# .SYNOPSIS Update policy settings .DESCRIPTION Update policy settings .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RequestBody Hashtable containing the appropriate parameters according to https://developer.sophos.com/docs/endpoint-v1/1/routes/policies/%7BpolicyId%7D/settings/patch .PARAMETER PolicyId Target Policy ID .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>$body = @{ "endpoint.device-encryption.encrypt-non-boot-volumes" = @{ "value" = $true } } PS>Update-SophosEndpointPolicySettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -RequestBody $body #> # https://developer.sophos.com/endpoint-policy-settings-all [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [hashtable]$RequestBody, [Parameter(Mandatory=$true)] [string]$PolicyId ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/policies/$($PolicyId)/settings" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Policy Setting')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|ConvertTo-Json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_ Result = $Result } } } } } #EndRegion './Public/Update-SophosEndpointPolicySetting.ps1' 84 #Region './Public/Update-SophosEndpointPolicyType.ps1' -1 function Update-SophosEndpointPolicyType { <# .SYNOPSIS Update base policy. Note that only settings can be changed .DESCRIPTION Update base policy. Note that only settings can be changed .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Policy ID .PARAMETER PolicyType Policy Type .PARAMETER RequestBody Hashtable containing the correct parameter according to https://developer.sophos.com/docs/endpoint-v1/1/routes/policies/%7BpolicyType%7D/base/patch .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>$body @{ "settings" = @{ "endpoint.device-encryption.encrypt-non-boot-volumes" = @{ "value": $true } } } PS> Update-SophosEndpointPolicyType -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -PolicyType "threat-protection" -RequestBody $body #> # https://developer.sophos.com/endpoint-policy-settings-all [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateSet( "threat-protection", "peripheral-control", "application-control", "data-loss-prevention", "device-encryption", "web-control", "agent-updating", "windows-firewall", "server-threat-protection", "server-peripheral-control", "server-application-control", "server-web-control", "server-lockdown", "server-data-loss-prevention", "server-agent-updating", "server-windows-firewall", "server-file-integrity-monitoring" )] [string]$PolicyType, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Policy Type')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointPolicyType.ps1' 107 #Region './Public/Update-SophosEndpointPolicyTypeSetting.ps1' -1 function Update-SophosEndpointPolicyTypeSetting { <# .SYNOPSIS Update settings in the base policy for a policy type .DESCRIPTION Update settings in the base policy for a policy type .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyId Target policy ID .PARAMETER PolicyType Policy Type .PARAMETER RequestBody Hashtable containing the correct parameters according to https://developer.sophos.com/docs/endpoint-v1/1/routes/policies/%7BpolicyType%7D/base/settings/patch .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>$body = @{ "endpoint.device-encryption.encrypt-non-boot-volumes"= @{ "value": $true } } PS>Update-SophosEndpointPolicyTypeSettings -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyId $policy.id -PolicyType "threat-protection" -RequestBody $body #> # https://developer.sophos.com/endpoint-policy-settings-all [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base/settings" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Policy Type Setting')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointPolicyTypeSetting.ps1' 87 #Region './Public/Update-SophosEndpointPolicyTypeSettingsKey.ps1' -1 function Update-SophosEndpointPolicyTypeSettingsKey { <# .SYNOPSIS Update a setting in the base policy. .DESCRIPTION Update a setting in the base policy. .PARAMETER Token JWT Token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PolicyType Policy type .PARAMETER SettingKey Setting key .PARAMETER RequestBody Hashtable containing the correct values according to https://developer.sophos.com/docs/endpoint-v1/1/routes/policies/%7BpolicyType%7D/base/settings/%7BsettingKey%7D/patch .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$policy = Get-SophosEndpointPolicies -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Name -eq "MyPolicy"} PS>$body = @{ "value" = $true } PS>Update-SophosEndpointPolicyTypeSettingsKey -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PolicyType "threat-protection" -SettingKey "endpoint.device-encryption.encrypt-non-boot-volumes" -RequestBody $body #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [ValidateSet("threat-protection","peripheral-control","application-control","data-loss-prevention","device-encryption","web-control","agent-updating","windows-firewall","server-threat-protection","server-peripheral-control","server-application-control","server-web-control","server-lockdown","server-data-loss-prevention","server-agent-updating","server-windows-firewall","server-file-integrity-monitoring")] [string]$PolicyType, [Parameter(Mandatory=$true)] [string]$SettingKey, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/Policies/$($PolicyType)/base/settings/$($SettingKey)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Policy Type Settings Key')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointPolicyTypeSettingsKey.ps1' 85 #Region './Public/Update-SophosEndpointsAllowedItem.ps1' -1 function Update-SophosEndpointsAllowedItem { <# .SYNOPSIS Update an allowed item .DESCRIPTION Update an allowed item .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER AllowedItemId Target allowed item ID .PARAMETER Comment Reason the item is being allowed .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$item = Get-SophosEndpointsAllowedItems -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.Properties.Name -eiq 'file.exe'} PS>Update-SophosEndpointsAllowedItem -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -AllowedItemId $item.id -Comment "Changed the path" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$AllowedItemId, [Parameter(Mandatory=$true)] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/allowed-items/$($AllowedItemId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "comment" = "$Comment" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoints Allowed Item')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointsAllowedItem.ps1' 79 #Region './Public/Update-SophosEndpointScanningExclusion.ps1' -1 function Update-SophosEndpointScanningExclusion { <# .SYNOPSIS Update a scanning exclusion by ID .DESCRIPTION Update a scanning exclusion by ID .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host locationURL of the tenant .PARAMETER ExclusionId Target exclusion ID .PARAMETER ExclusionPath Path to be excluded .PARAMETER ScanMode Default value of scan mode is "onDemandAndOnAccess" for exclusions of type path, posixPath and virtualPath, "onAccess" for process, web, pua, amsi. Behavioral and Detected Exploits (exploitMitigation) type exclusions do not support a scan mode .PARAMETER Comment Reason for the update .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$exclusions = Get-SophosEndpointScanningExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Update-SophosEndpointScanningExclusion -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -ExclusionId $exclusions.id -ExclusionPath "c:\path\to\folder" -ScanMode "onDemandonDemand" -Comment "updating path" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$ExclusionId, [Parameter(Mandatory=$true)] [string]$ExclusionPath, [Parameter(Mandatory=$true)] [ValidateSet("onDemand","onAccess","onDemandAndOnAccess")] [string]$ScanMode, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 100) { return $true } else { throw "Length must be lesst than 100. Current Length: $($_.Length)" } })] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/exclusions/scanning/$($ExclusionId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "value" = "$ExclusionPath" "type" = "path" "scanMode" = "$ScanMode" "comment" = "$Comment" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Scanning Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointScanningExclusion.ps1' 105 #Region './Public/Update-SophosEndpointSoftwareComment.ps1' -1 function Update-SophosEndpointSoftwareComment { <# .SYNOPSIS Add/Update the static package comment .DESCRIPTION Add/Update the static package comment .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER PackageId Target package ID .PARAMETER Comment Updated comment .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$pack = Get-SophosEndpointSoftwareStaticPackages -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.name -eq "Sophos"} PS>Update-SophosEndpointSoftwareComment -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -PackageId $pack.id -Comment "Updated comment" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$PackageId, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 500) { return $true } else { throw "Length must be less than 500. Length: $($_.Length)" } })] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/software/comments/$($PackageId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "comment" = "$Comment" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Software Comment')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Put -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointSoftwareComment.ps1' 90 #Region './Public/Update-SophosEndpointWebControlLocalSite.ps1' -1 function Update-SophosEndpointWebControlLocalSite { <# .SYNOPSIS Update a local site definition .DESCRIPTION Update a local site definition .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER LocalSiteId Target local site ID .PARAMETER Url Site url .PARAMETER Tags Target site tags .PARAMETER Comment Reason for updating the site .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$site = Get-SophosEndpointWebControlLocalSites -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq "xxxx-xxxx-xxx-xxxxx"} PS>Update-SophosEndpointWebControlLocalSite -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -LocalSiteId $site.id -Url "https://example.com" -Tags "example.com" -Comment "Removed a tag" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$LocalSiteId, [Parameter(Mandatory=$true)] [string]$Url, [Parameter(Mandatory=$true)] [array]$Tags, [Parameter(Mandatory=$true)] [ValidateScript({ if($_.Length -lt 300) { return $true } else { throw "Length must be lesst than 300. Current Length: $($_.Length)" } })] [string]$Comment ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/$($LocalSiteId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "tags" = $Tags "url" = $Url "comment" = $Comment } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Web Control Local Site')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointWebControlLocalSite.ps1' 102 #Region './Public/Update-SophosEndpointWebControlTlsDecryption.ps1' -1 function Update-SophosEndpointWebControlTlsDecryption { <# .SYNOPSIS Update settings for SSL/TLS decryption of HTTPS websites. .DESCRIPTION Update settings for SSL/TLS decryption of HTTPS websites. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER DecryptionEnabled Switch bool .PARAMETER CategoryId Category id .PARAMETER DecryptionEnabledForCategoryId Switch Bool .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$category =Get-SophosEndpointWebControlCategories -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost | where-object {$_.id -eq 10} PS>Update-SophosEndpointWebControlTlsDecryption -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -CategoryId $category.id -DecryptionEnabled:$true -DecryptionEnabledForCategoryId:$false #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [switch]$DecryptionEnabled, [Parameter(Mandatory=$true)] [ValidateSet(10, 14, 20, 27, 54)] [int]$CategoryId, [Parameter(Mandatory=$true)] [switch]$DecryptionEnabledForCategoryId ) begin { $Url = "$($ApiHost)/endpoint/v1/settings/web-control/tls-decryption" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "enabled" = $DecryptionEnabled "categories" = @( @{ "id" = $CategoryId "decryptionEnabled" = $DecryptionEnabledForCategoryId } ) } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Web Control TLS Decryption')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointWebControlTlsDecryption.ps1' 92 #Region './Public/Update-SophosEndpointWebControlTlsDecryptionExclusion.ps1' -1 function Update-SophosEndpointWebControlTlsDecryptionExclusion { <# .SYNOPSIS Add and remove websites excluded from SSL/TLS decryption. .DESCRIPTION Add and remove websites excluded from SSL/TLS decryption. .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER RequestBody Hashtable with the correct parameters according to https://developer.sophos.com/docs/endpoint-v1/1/routes/settings/web-control/tls-decryption/excluded-websites/patch .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>$body = @{ "add" = @( @{ value = "10.50.100.100" comment = "suspicious behaviour" } ) "remove" = @( @{ value = "10.50.100.100" comment = "site is safe now" } ) } PS>Update-SophosEndpointWebControlTlsDecryptionExclusions -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RequestBody $body #> # https://developer.sophos.com/docs/endpoint-v1/1/routes/settings/web-control/tls-decryption/excluded-websites/patch [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { [array]$Result = @() $Url = "$($ApiHost)/endpoint/v1/settings/web-control/local-sites/tls-decryption/excluded-websites" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Endpoint Web Control TLS Decryption Exclusion')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosEndpointWebControlTlsDecryptionExclusion.ps1' 85 #Region './Public/Update-SophosFirewall.ps1' -1 function Update-SophosFirewall { <# .SYNOPSIS Update firewalls with supplied values .DESCRIPTION Update firewalls with supplied values .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirewallId Target firewall ID .PARAMETER FirewallName Firewall Name .PARAMETER Longitude Longitude location of the firewall .PARAMETER Latitude Latitude location of the firewall .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Update-SophosFirewall -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirewallId "xxxxx-xxxxx-xxx-xxxxx" -FirewallName "MyFirewall" -Longitude "20.64" -Latitude "122.34" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FirewallId, [Parameter(Mandatory=$true)] [string]$FirewallName, [Parameter(Mandatory=$true)] [decimal]$Longitude, [Parameter(Mandatory=$true)] [decimal]$Latitude ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewalls/$($FirewallId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$FirewallName" "geoLocation" = @{ "latitude" = "$Latitude" "longitude" = "$Longitude" } } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Firewall')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Patch -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosFirewall.ps1' 93 #Region './Public/Update-SophosFirewallFirmaware.ps1' -1 function Update-SophosFirewallFirmaware { <# .SYNOPSIS Upgrade firewalls .DESCRIPTION Upgrade firewalls .PARAMETER Token Token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URL of the tenant .PARAMETER FirewallId Target Firewall ID .PARAMETER FirewallFirmwareVersion Firmaware version .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Update-SophosFirewallFirmaware -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -FirewallId "xxxx-xxxx-xxxxx-xxxx" -FirewallFirmwareVersion "1.0.0" .NOTES General notes #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$FirewallId, [Parameter(Mandatory=$true)] [string]$FirewallFirmwareVersion ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewalls/actions/firmware-upgrade" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "firewalls" = @( @{ "id" = "$FirewallId" "version" = $FirewallFirmwareVersion } ) } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Firewall Firmware')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosFirewallFirmaware.ps1' 88 #Region './Public/Update-SophosFirewallGroup.ps1' -1 function Update-SophosFirewallGroup { <# .SYNOPSIS Change firewall group name. You can also assign firewalls to group. Or remove firewalls from a group .DESCRIPTION Change firewall group name. You can also assign firewalls to group. Or remove firewalls from a group .PARAMETER Token JWT token from oauth API .PARAMETER TenantId Tenant ID .PARAMETER ApiHost API host location URl of the tenant .PARAMETER GroupId Target group ID .PARAMETER GroupName Target Group Name .PARAMETER AssignFirewallIds Array of firewall IDs to add .PARAMETER UnassignFirewallIds Array of firewall IDs to remove .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'} PS>Update-SophosFirewallGroup -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -GroupId "xxxx-xxxx-xxxxx-xxxx" -GroupName "NewName" #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$TenantId, [Parameter(Mandatory=$true)] [string]$ApiHost, [Parameter(Mandatory=$true)] [string]$GroupId, [Parameter(Mandatory=$true)] [string]$GroupName, [Parameter(Mandatory=$false)] [array]$AssignFirewallIds = @(), [Parameter(Mandatory=$false)] [array]$UnassignFirewallIds = @() ) begin { [array]$Result = @() $Url = "$($ApiHost)/firewall/v1/firewall-groups/$($GroupId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Tenant-ID" = "$($TenantId)" "Accept"= "application/json" "Content-Type"= "application/json" } $RequestBody = @{ "name" = "$GroupName" "assignFirewalls" = $AssignFirewallIds "unassignFirewalls" = $UnassignFirewallIds } } process { if($PSCmdlet.ShouldProcess($TenantId,'Update Sophos Firewall Group')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosFirewallGroup.ps1' 93 #Region './Public/Update-SophosPartnerRole.ps1' -1 function Update-SophosPartnerRole { <# .SYNOPSIS Update partner Role .DESCRIPTION Update partner Role .PARAMETER Token JWT token from oauth API .PARAMETER PartnerId Partner ID .PARAMETER RoleId Role ID to be updated .PARAMETER RequestBody Hashtable with the parameters according to https://developer.sophos.com/docs/partner-v1/1/routes/roles/%7BroleId%7D/patch .EXAMPLE PS>$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx" PS>$partnerId = Get-SophosPartnerId -Token $token PS>$role = Get-SophosPartnerRoles -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyRole'} PS>$permission = Get-SophosPartnerRolePermissionSet -Token $token -PartnerId $partnerId | Where-Object {$_.Name -ieq 'MyPermission'} PS>$body = @{ "name" = "MyPerm" "description" = "No longer admi permission" "permissionSets" = @( "product" ) } PS>Update-SophosPartnerRole -Token $token -PartnerId $partnerId -RoleId $role.id RequestBody = $body #> [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact="High")] param( [Parameter(Mandatory=$true)] [string]$Token, [Parameter(Mandatory=$true)] [string]$PartnerId, [Parameter(Mandatory=$true)] [string]$RoleId, [Parameter(Mandatory=$true)] [hashtable]$RequestBody ) begin { $Url = "https://api.central.sophos.com/partner/v1/roles/$($RoleId)" $headers = @{ "Authorization" = "Bearer $($Token)" "X-Partner-ID" = "$($PartnerId)" "Accept"= "application/json" } } process { if($PSCmdlet.ShouldProcess($PartnerId,'Update Sophos Partner Role')) { try{ $Result = Invoke-RestMethod -ErrorAction Stop -Method Post -Uri $Url -Headers $headers -Body $($RequestBody|convertto-json -Depth 99) return [pscustomobject] @{ Result = $Result Success = $true } } catch { return [pscustomobject]@{ Success= $false Error = $_.Exception.Message } } } } } #EndRegion './Public/Update-SophosPartnerRole.ps1' 80 |