Resources/ApplicationRisk-GET.ps1

function Export-S1Applications {
<#
    .SYNOPSIS
        Export the list of applications installed on endpoints
 
    .DESCRIPTION
        The Export-S1Applications cmdlet exports the list of applications installed on endpoints
        with Application Risk-enabled Agents and their properties, including the the CVEs for
        each application that requires a patch.
 
    .PARAMETER accountIds
        List of Account IDs to filter by.
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER agentComputerName__contains
        Free-text filter by computer name (supports multiple values).
 
        Example: "john-office,WIN".
 
    .PARAMETER agentIsDecommissioned
        Include active agents, decommissioned or both.
 
        Example: "True,False".
 
    .PARAMETER agentMachineTypes
        Filter by endpoint machine types.
 
        Allowed values:
        'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown'
 
    .PARAMETER agentMachineTypesNin
        Filter by endpoint machine types.
 
        Allowed values:
        'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown'
 
    .PARAMETER agentOsVersion__contains
        Free-text filter by OS full name and version.
 
        Example: "Service Pack 1".
 
    .PARAMETER agentUuid__contains
        Free-text filter by agent UUID.
 
        Example: "e92-01928,b055".
 
    .PARAMETER groupIds
        List of Group IDs to filter by.
 
        Example: "225494730938493804,225494730938493915"
 
    .PARAMETER ids
        Filter activities by specific activity IDs.
 
        Example: "225494730938493804,225494730938493915"
 
    .PARAMETER installedAt__between
        Filter by installation date range
 
    .PARAMETER name__contains
        Free-text filter by application name.
 
        Example: "calc".
 
    .PARAMETER osTypes
        Filter by OS types.
 
        Allowed values:
        'linux', 'macos', 'windows', 'windows_legacy'
 
    .PARAMETER osTypesNin
        Filter not by OS types.
 
        Allowed values:
        'linux', 'macos', 'windows', 'windows_legacy'
 
    .PARAMETER publisher__contains
        Free-text filter by application publisher.
 
        Example: "Sentinel".
 
    .PARAMETER riskLevels
        Free-text filter by application publisher.
 
        Allowed values:
        'critical', 'high', 'low', 'medium', 'none'
 
    .PARAMETER riskLevelsNin
        Free-text filter by application publisher.
 
        Allowed values:
        'critical', 'high', 'low', 'medium', 'none'
 
    .PARAMETER siteIds
        List of Site IDs to filter by
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER size__between
        Filter by application size range (bytes).
 
        Example: "1024-104856".
 
    .PARAMETER types
        Filter by application types.
 
        Allowed values:
        'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension'
 
    .PARAMETER typesNin
        Filter not by application types.
 
        Allowed values:
        'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension'
 
    .PARAMETER version__contains
        Free-text filter by application version.
 
        Example: "1.22.333,build".
 
    .PARAMETER fileName
        Name of the file
 
        Example: 'MySites-2022'
 
        The default name format is 'sites-yyyy-MM-dd_HHmmss'
 
    .PARAMETER filePath
        The location to save the file to
 
        Example: 'C:\Logs'
 
        The default save location is the current working directory
 
    .PARAMETER showReport
        Open the location where the file was saved to
 
    .EXAMPLE
        Export-S1Applications
 
        If less the 100k items then it returns applications and their risks and saves the results to a CSV in the current working directory
 
    .EXAMPLE
        1234567890,0987654321 | Export-S1Applications
 
        If less the 100k items then it returns applications from the defined sites and saves the results to a CSV in the current working directory
 
    .EXAMPLE
        Export-S1Applications -agentMachineType server -riskLevels high
 
        If less the 100k items then it returns applications from servers that are high risk and saves the results to a CSV in the current working directory
 
    .EXAMPLE
        Export-S1Applications -siteId 1234567890,0987654321 -fileName MySites -filePath C:\Logs -showReport
 
        If less the 100k items then it returns applications from the defined sites, saves the CSV file in the defined directory with the defined named
        and opens the location to were the file is saved.
 
    .NOTES
        Figure out the "installedAt__between" parameter
 
    .LINK
        https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ApplicationRisk/Export-S1Applications.html
 
#>


    [CmdletBinding( DefaultParameterSetName = 'index' )]
    Param (
        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [Int64[]]$accountIds,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$agentComputerName__contains,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$agentIsDecommissioned,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown' )]
        [String[]]$agentMachineTypes,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown' )]
        [String[]]$agentMachineTypesNin,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$agentOsVersion__contains,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$agentUuid__contains,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [Int64[]]$groupIds,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [Int64[]]$ids,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String]$installedAt__between,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$name__contains,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )]
        [String[]]$osTypes,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )]
        [String[]]$osTypesNin,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$publisher__contains,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'critical', 'high', 'low', 'medium', 'none' )]
        [String[]]$riskLevels,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'critical', 'high', 'low', 'medium', 'none' )]
        [String[]]$riskLevelsNin,

        [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [Int64[]]$siteIds,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String]$size__between,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension' )]
        [String[]]$types,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateSet( 'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension' )]
        [String[]]$typesNin,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String[]]$version__contains,

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String]$fileName = "applications-$( Get-date -Format 'yyyy-MM-dd_HHmmss' )",

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String]$filePath = $( (Get-Location).Path ),

        [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
        [Switch]$showReport
    )

    process{

        Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet"

        Switch ($PSCmdlet.ParameterSetName){
            'index'         {$resource_uri = "/export/installed-applications"}
        }

        $excludedParameters =   'Debug','ErrorAction','ErrorVariable','InformationAction',
                                'InformationVariable','OutBuffer','OutVariable','PipelineVariable',
                                'Verbose','WarningAction','WarningVariable',
                                'fileName','filePath','showReport'

        $body = @{}

        if ($PSCmdlet.ParameterSetName -eq 'index') {

            ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){

                if( $excludedParameters -contains $Key.Key ){$null}
                elseif ( $Key.Value.GetType().IsArray ){
                    Write-Verbose "[ $($Key.Key) ] is an array parameter"
                    $body += @{ $Key.Key = $Key.Value -join (',') }
                }
                elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){
                    Write-Verbose "[ $($Key.Key) ] is a dateTime parameter"
                    $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ')

                    Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]"
                    $body += @{ $Key.Key = $universalTime }
                }
                else{
                    $body += @{ $Key.Key = $Key.Value }
                }

            }

        }

        try {

            $csvPath = "$filePath\$filename.csv"

            if ( (Test-Path -Path $filePath -PathType Container) -eq $false ){
                New-Item -Path $filePath -ItemType Directory > $null
            }

            $ApiToken = Get-S1APIKey -PlainText
            $S1_Headers.Add('Authorization', "ApiToken $ApiToken")

            Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -OutFile $csvPath `
                -ErrorAction Stop -ErrorVariable rest_error

        } catch {
            Write-Error $_
        } finally {
            [void] ( $S1_Headers.Remove('Authorization') )
        }

        if (Test-Path -Path $csvPath -PathType Leaf){

            Write-Verbose "[ $($fileName) ] was saved to [ $($filePath) ]"

            if ($showReport){
                Invoke-Item -Path $filePath
            }

        }
        else{Write-Warning "[ $($fileName) ] was not saved to [ $($filePath) ]"}

    }

}



function Get-S1Applications {
<#
    .SYNOPSIS
        Get the applications, and their data (such as risk level), installed on endpoints
        with Application Risk-enabled Agents that match the filter.
 
    .DESCRIPTION
        The Get-S1Applications cmdlet gets the applications, and their data (such as risk level),
        installed on endpoints with Application Risk-enabled Agents that match the filter.
        SentinelOne Application Risk lets you monitor applications installed on endpoints.
        Applications not updated with the latest patches are vulnerable to exploits.
 
    .PARAMETER accountIds
        List of Account IDs to filter by.
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER agentComputerName__contains
        Free-text filter by computer name (supports multiple values).
 
        Example: "john-office,WIN".
 
    .PARAMETER agentIsDecommissioned
        Include active agents, decommissioned or both.
 
        Example: "True,False".
 
    .PARAMETER agentMachineTypes
        Filter by endpoint machine types.
 
        Allowed values:
        'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown'
 
    .PARAMETER agentMachineTypesNin
        Filter by endpoint machine types.
 
        Allowed values:
        'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown'
 
    .PARAMETER agentOsVersion__contains
        Free-text filter by OS full name and version.
 
        Example: "Service Pack 1".
 
    .PARAMETER agentUuid__contains
        Free-text filter by agent UUID.
 
        Example: "e92-01928,b055".
 
    .PARAMETER countOnly
        If true, only total number of items will be returned, without any of the actual objects.
 
    .PARAMETER cursor
        Cursor position returned by the last request. Use to iterate over more than 1000 items.
 
        Found under pagination
 
        Example: "YWdlbnRfaWQ6NTgwMjkzODE=".
 
    .PARAMETER groupIds
        List of Group IDs to filter by.
 
        Example: "225494730938493804,225494730938493915"
 
    .PARAMETER ids
        Filter activities by specific activity IDs.
 
        Example: "225494730938493804,225494730938493915"
 
    .PARAMETER installedAt__between
        Filter by installation date range
 
    .PARAMETER limit
        Limit number of returned items (1-1000).
 
    .PARAMETER name__contains
        Free-text filter by application name.
 
        Example: "calc".
 
    .PARAMETER osTypes
        Filter by OS types.
 
        Allowed values:
        'linux', 'macos', 'windows', 'windows_legacy'
 
    .PARAMETER osTypesNin
        Filter not by OS types.
 
        Allowed values:
        'linux', 'macos', 'windows', 'windows_legacy'
 
    .PARAMETER publisher__contains
        Free-text filter by application publisher.
 
        Example: "Sentinel".
 
    .PARAMETER riskLevels
        Free-text filter by application publisher.
 
        Allowed values:
        'critical', 'high', 'low', 'medium', 'none'
 
    .PARAMETER riskLevelsNin
        Free-text filter by application publisher.
 
        Allowed values:
        'critical', 'high', 'low', 'medium', 'none'
 
    .PARAMETER siteIds
        List of Site IDs to filter by
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER size__between
        Filter by application size range (bytes).
 
        Example: "1024-104856".
 
    .PARAMETER skip
        Skip first number of items (0-1000). To iterate over more than 1000 items, use "cursor".
 
        Example: "150".
 
    .PARAMETER skipCount
        If true, total number of items will not be calculated, which speeds up execution time.
 
    .PARAMETER sortBy
        Sorts the returned results by a defined value
 
        Allowed values:
        'agentComputerName', 'createdAt', 'id', 'installedAt', 'name', 'publisher', 'riskLevel', 'size', 'type', 'updatedAt', 'version'
 
    .PARAMETER sortOrder
        Sort direction
 
        Allowed values:
        'asc', 'desc'
 
    .PARAMETER types
        Filter by application types.
 
        Allowed values:
        'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension'
 
    .PARAMETER typesNin
        Filter not by application types.
 
        Allowed values:
        'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension'
 
    .PARAMETER version__contains
        Free-text filter by application version.
 
        Example: "1.22.333,build".
 
 
    .EXAMPLE
        Get-S1Applications
 
        Returns the first 10 applications and their risks
 
    .EXAMPLE
        1234567890,0987654321 | Get-S1Applications
 
        Returns the first 10 applications from the defined sites
 
    .EXAMPLE
        Get-S1Applications -agentMachineType server -riskLevels high
 
        Returns the first 10 applications from servers that are high risk
 
    .EXAMPLE
        Get-S1Applications -cursor 'YWdlbnRfaWQ6NTgwMjkzODE='
 
        Returns results after the defined cursor
 
        The cursor value can be found under pagination
 
    .NOTES
        Figure out the "installedAt__between" parameter
 
    .LINK
        https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ApplicationRisk/Get-S1Applications.html
 
#>


[CmdletBinding( DefaultParameterSetName = 'index' )]
Param (
    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$accountIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$agentComputerName__contains,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$agentIsDecommissioned,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown' )]
    [String[]]$agentMachineTypes,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'desktop', 'kubernetes node', 'laptop', 'server', 'storage', 'unknown' )]
    [String[]]$agentMachineTypesNin,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$agentOsVersion__contains,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$agentUuid__contains,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [Switch]$countOnly,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String]$cursor,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$groupIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$ids,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String]$installedAt__between,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, 1000)]
    [Int64]$limit,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$name__contains,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )]
    [String[]]$osTypes,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )]
    [String[]]$osTypesNin,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$publisher__contains,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'critical', 'high', 'low', 'medium', 'none' )]
    [String[]]$riskLevels,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'critical', 'high', 'low', 'medium', 'none' )]
    [String[]]$riskLevelsNin,

    [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$siteIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String]$size__between,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64]$skip,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [Switch]$skipCount,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'agentComputerName', 'createdAt', 'id', 'installedAt', 'name', 'publisher', 'riskLevel', 'size', 'type', 'updatedAt', 'version' )]
    [String]$sortBy,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'asc', 'desc' )]
    [String]$sortOrder,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension' )]
    [String[]]$types,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'app', 'chromeExtension', 'edgeExtension', 'firefoxExtension', 'kb', 'patch', 'safariExtension' )]
    [String[]]$typesNin,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$version__contains

)

    process{

        Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet"

        Switch ($PSCmdlet.ParameterSetName){
            'index'         {$resource_uri = "/installed-applications"}
        }

        $excludedParameters =   'Debug','ErrorAction','ErrorVariable','InformationAction',
                                'InformationVariable','OutBuffer','OutVariable','PipelineVariable',
                                'Verbose','WarningAction','WarningVariable'

        $body = @{}

        if ($PSCmdlet.ParameterSetName -eq 'index') {

            ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){

                if( $excludedParameters -contains $Key.Key ){$null}
                elseif ( $Key.Value.GetType().IsArray ){
                    Write-Verbose "[ $($Key.Key) ] is an array parameter"
                    $body += @{ $Key.Key = $Key.Value -join (',') }
                }
                elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){
                    Write-Verbose "[ $($Key.Key) ] is a dateTime parameter"
                    $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ')

                    Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]"
                    $body += @{ $Key.Key = $universalTime }
                }
                else{
                    $body += @{ $Key.Key = $Key.Value }
                }

            }

        }

        try {
            $ApiToken = Get-S1APIKey -PlainText
            $S1_Headers.Add('Authorization', "ApiToken $ApiToken")

            $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error
        } catch {
            Write-Error $_
        } finally {
            [void] ( $S1_Headers.Remove('Authorization') )
        }

        $data = @{}
        $data = $rest_output
        return $data

    }

}



function Get-S1ApplicationCVEs {
<#
    .SYNOPSIS
        Get known CVEs for applications that are installed on endpoints
        with Application Risk-enabled Agents.
 
    .DESCRIPTION
        The Get-S1ApplicationCVEs cmdlet gets known CVEs for applications that are installed
        on endpoints with Application Risk-enabled Agents.
 
    .PARAMETER accountIds
        List of Account IDs to filter by.
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER applicationIds
        Filter by application IDs.
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER countOnly
        If true, only total number of items will be returned, without any of the actual objects.
 
    .PARAMETER createdAt__gt
        Returns CVEs created after this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER createdAt__gte
        Returns CVEs created after or at this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER createdAt__lt
        Returns CVEs created before this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER createdAt__lte
        Returns CVEs created before or at this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER cursor
        Cursor position returned by the last request. Use to iterate over more than 1000 items.
 
        Found under pagination
 
        Example: "YWdlbnRfaWQ6NTgwMjkzODE=".
 
    .PARAMETER cveIds
        Filter by global CVE ids.
 
        Example: "CVE-2018-3182,CVE-2018-1087".
 
    .PARAMETER groupIds
        List of Group IDs to filter by.
 
        Example: "225494730938493804,225494730938493915"
 
    .PARAMETER ids
        Filter by internal CVE IDs.
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER limit
        Limit number of returned items (1-1000).
 
    .PARAMETER siteIds
        List of Site IDs to filter by
 
        Example: "225494730938493804,225494730938493915".
 
    .PARAMETER skip
        Skip first number of items (0-1000). To iterate over more than 1000 items, use "cursor".
 
        Example: "150".
 
    .PARAMETER skipCount
        If true, total number of items will not be calculated, which speeds up execution time.
 
    .PARAMETER sortBy
        Sorts the returned results by a defined value
 
        Allowed values:
        'agentId', 'applicationId', 'id', 'publishedAt'
 
    .PARAMETER sortOrder
        Sort direction
 
        Allowed values:
        'asc', 'desc'
 
    .PARAMETER updatedAt__gt
        Returns CVEs updated after this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER updatedAt__gte
        Returns CVEs updated after or at this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER updatedAt__lt
        Returns CVEs updated before this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .PARAMETER updatedAt__lte
        Returns CVEs updated before or at this timestamp.
 
        Inputted data is converted to UTC time
 
        Example:
        yyyy-MM-ddTHH:mm:ss.ffffffZ
        2018-02-27T04:49:26.257525Z
 
    .EXAMPLE
        Get-S1ApplicationCVEs
 
        Returns the first 10 known CVEs for applications that are
        installed on endpoints
 
    .EXAMPLE
        1234567890,0987654321 | Get-S1ApplicationCVEs
 
        Returns the first 10 known CVEs for applications
        that are installed on endpoints from the defined sites
 
    .EXAMPLE
        Get-S1ApplicationCVEs -applicationIds 558368549003295534
 
        Returns the first 10 results for the application matching the defined id
 
    .EXAMPLE
        Get-S1ApplicationCVEs -cursor 'YWdlbnRfaWQ6NTgwMjkzODE='
 
        Returns results after the defined cursor
 
        The cursor value can be found under pagination
 
    .NOTES
        N\A
 
    .LINK
        https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ApplicationRisk/Get-S1ApplicationCVEs.html
 
#>


[CmdletBinding( DefaultParameterSetName = 'index' )]
Param (
    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$accountIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$applicationIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [Switch]$countOnly,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$createdAt__gt,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$createdAt__gte,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$createdAt__lt,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$createdAt__lte,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String]$cursor,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [String[]]$cveIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$groupIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$ids,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, 1000)]
    [Int64]$limit,

    [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64[]]$siteIds,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateRange(1, [Int64]::MaxValue)]
    [Int64]$skip,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [Switch]$skipCount,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'agentId', 'applicationId', 'id', 'publishedAt' )]
    [String]$sortBy,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateSet( 'asc', 'desc' )]
    [String]$sortOrder,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$updatedAt__gt,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$updatedAt__gte,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$updatedAt__lt,

    [Parameter( Mandatory = $false, ParameterSetName = 'index' )]
    [ValidateNotNullOrEmpty()]
    [DateTime]$updatedAt__lte

)

    process{

        Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet"

        Switch ($PSCmdlet.ParameterSetName){
            'index' {$resource_uri = "/installed-applications/cves"}
        }

        $excludedParameters =   'Debug','ErrorAction','ErrorVariable','InformationAction',
                                'InformationVariable','OutBuffer','OutVariable','PipelineVariable',
                                'Verbose','WarningAction','WarningVariable'

        $body = @{}

        if ($PSCmdlet.ParameterSetName -eq 'index') {

            ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){

                if( $excludedParameters -contains $Key.Key ){$null}
                elseif ( $Key.Value.GetType().IsArray ){
                    Write-Verbose "[ $($Key.Key) ] is an array parameter"
                    $body += @{ $Key.Key = $Key.Value -join (',') }
                }
                elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){
                    Write-Verbose "[ $($Key.Key) ] is a dateTime parameter"
                    $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ')

                    Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]"
                    $body += @{ $Key.Key = $universalTime }
                }
                else{
                    $body += @{ $Key.Key = $Key.Value }
                }

            }

        }

        try {
            $ApiToken = Get-S1APIKey -PlainText
            $S1_Headers.Add('Authorization', "ApiToken $ApiToken")

            $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error
        } catch {
            Write-Error $_
        } finally {
            [void] ( $S1_Headers.Remove('Authorization') )
        }

        $data = @{}
        $data = $rest_output
        return $data

    }

}