Resources/ExclusionsBlacklists-GET.ps1
|
function Export-S1Blacklists { <# .SYNOPSIS Export a csv of all the items in the Blacklist that match the filter. .DESCRIPTION The Export-S1Blacklists cmdlet exports a csv of all the items in the Blacklist that match the filter. To see items from the Global Blacklist, make sure "tenant" is "true" and no other scope ID is given. .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER createdAt__between Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER createdAt__gt Returns blacklists created after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__gte Returns blacklists created after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lt Returns blacklists created before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lte Returns blacklists created before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER description__contains Free-text filter by description .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER includeChildren Return filters from children scope levels .PARAMETER includeParents Return filters from parent scope levels .PARAMETER osTypes List of Os types to filter by. Allowed values: 'linux', 'macos', 'windows', 'windows_legacy' .PARAMETER query A free-text search term, will match applicable attributes .PARAMETER recommendations List of recommendations to filter by. Allowed values: 'None', 'Not allowed', 'Not recommended' .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915" .PARAMETER source List sources to filter by. Allowed values: 'action_from_threat', 'catalog', 'cloud', 'user' .PARAMETER tenant Indicates a tenant scope request .PARAMETER type Type Allowed values: 'black_hash' .PARAMETER types Type Allowed values: 'black_hash' .PARAMETER unified Unified .PARAMETER updatedAt__between Date range for update time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER updatedAt__gt Returns blacklists updated after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__gte Returns blacklists updated after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lt Returns blacklists updated before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lte Returns blacklists updated before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER user__contains Free-text filter by user name .PARAMETER userIds List of user ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER value value .PARAMETER value__contains Free-text filter by value .PARAMETER fileName Name of the file Example: 'MyAgents-2022' The default name format is 'blacklists-yyyy-MM-dd_HHmmss' .PARAMETER filePath The location to save the file to Example: 'C:\Logs' The default save location is the current working directory .PARAMETER showReport Open the location where the file was saved to .EXAMPLE Export-S1Blacklists If less then 10k results then it returns a top level blacklist and saves the results to a csv in the current working directory fileName: blacklists-2022-10-29_105845. .EXAMPLE 225494730938493804 | Export-S1Blacklists If less then 10k results then it returns a blacklist for the defined site and saves the results to a csv in the current working directory fileName: blacklists-2022-10-29_105845.csv .EXAMPLE Export-S1Blacklists -siteIds 225494730938493804 -fileName MyFile -filePath C:\Logs -showReport If less then 10k results then it returns a blacklist for the defined site, saves the results to a csv in the defined directory with the defined name and opens the location to were the file is saved. fileName: MyFile.csv .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ExclusionsAndBlacklist/Export-S1Blacklists.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$createdAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$description__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeChildren, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeParents, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )] [String[]]$osTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'NONE', 'Not allowed', 'Not recommended' )] [String[]]$recommendations, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'action_from_threat', 'catalog', 'cloud', 'user' )] [String[]]$source, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String]$type, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String[]]$types, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$unified, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$updatedAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$user__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$userIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$value, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$value__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$fileName = "blacklists-$( Get-date -Format 'yyyy-MM-dd_HHmmss' )", [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$filePath = $( (Get-Location).Path ), [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$showReport ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' { $resource_uri = "/export/restrictions" } } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable', 'fileName','filePath','showReport' $body = @{} if ($PSCmdlet.ParameterSetName -eq 'index') { ForEach ($Key in $PSBoundParameters.GetEnumerator()){ if($excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } } try { $fileOutput = "$filePath\$filename.csv" if ( (Test-Path -Path $filePath -PathType Container) -eq $false ){ New-Item -Path $filePath -ItemType Directory > $null } $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -OutFile $fileOutput ` -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } if (Test-Path -Path $fileOutput -PathType Leaf){ Write-Verbose "[ $($fileName) ] was saved to [ $($filePath) ]" if ($showReport){ Invoke-Item -Path $filePath } } else{Write-Warning "[ $($fileName) ] was not saved to [ $($filePath) ]"} } } function Export-S1Exclusions { <# .SYNOPSIS Export a csv of all the items in the Exclusions that match the filter. .DESCRIPTION The Export-S1Exclusions cmdlet exports a csv of all the items in the Exclusions that match the filter. To see items from the Global Exclusion scope, make sure "tenant" is "true" and no other scope ID is given. .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER createdAt__between Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER createdAt__gt Returns exclusions created after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__gte Returns exclusions created after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lt Returns exclusions created before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lte Returns exclusions created before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER description__contains Free-text filter by description .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER includeChildren Return filters from children scope levels .PARAMETER includeParents Return filters from parent scope levels .PARAMETER modes List of modes to filter by (Path exclusions only). Allowed values: 'disable_all_monitors', 'disable_all_monitors_deep', 'disable_in_process_monitor', 'disable_in_process_monitor_deep', 'suppress', 'suppress_app_control', 'suppress_dfi_only', 'suppress_dynamic_only' .PARAMETER osTypes List of Os types to filter by. Allowed values: 'linux', 'macos', 'windows', 'windows_legacy' .PARAMETER pathExclusionTypes List of excluded paths in an exclusion (Path exclusions only). Allowed values: 'file', 'folder', 'subfolder' .PARAMETER query A free-text search term, will match applicable attributes .PARAMETER recommendations List of recommendations to filter by. Allowed values: 'None', 'Not allowed', 'Not recommended' .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915" .PARAMETER source List sources to filter by. Allowed values: 'action_from_threat', 'catalog', 'cloud', 'user' .PARAMETER tenant Indicates a tenant scope request .PARAMETER type Type Allowed values: 'black_hash' .PARAMETER types Type Allowed values: 'black_hash' .PARAMETER unified Unified .PARAMETER updatedAt__between Date range for update time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER updatedAt__gt Returns exclusions updated after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__gte Returns exclusions updated after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lt Returns exclusions updated before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lte Returns exclusions updated before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER user__contains Free-text filter by user name .PARAMETER userIds List of user ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER value value .PARAMETER value__contains Free-text filter by value .PARAMETER fileName Name of the file Example: 'MyAgents-2022' The default name format is 'exclusions-yyyy-MM-dd_HHmmss' .PARAMETER filePath The location to save the file to Example: 'C:\Logs' The default save location is the current working directory .PARAMETER showReport Open the location where the file was saved to .EXAMPLE Export-S1Exclusions If less then 10k results then it returns a top level blacklist and saves the results to a csv in the current working directory fileName: blacklists-2022-10-29_105845. .EXAMPLE 225494730938493804 | Export-S1Exclusions If less then 10k results then it returns a blacklist for the defined site and saves the results to a csv in the current working directory fileName: blacklists-2022-10-29_105845.csv .EXAMPLE Export-S1Exclusions -siteIds 225494730938493804 -fileName MyFile -filePath C:\Logs -showReport If less then 10k results then it returns a blacklist for the defined site, saves the results to a csv in the defined directory with the defined name and opens the location to were the file is saved. fileName: MyFile.csv .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ExclusionsAndBlacklist/Export-S1Exclusions.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$createdAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$description__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeChildren, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeParents, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'disable_all_monitors', 'disable_all_monitors_deep', 'disable_in_process_monitor', 'disable_in_process_monitor_deep', 'suppress', 'suppress_app_control', 'suppress_dfi_only', 'suppress_dynamic_only' )] [String[]]$modes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'file', 'folder', 'subfolder' )] [String[]]$pathExclusionTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )] [String[]]$osTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'NONE', 'Not allowed', 'Not recommended' )] [String[]]$recommendations, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'action_from_threat', 'catalog', 'cloud', 'user' )] [String[]]$source, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String]$type, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String[]]$types, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$unified, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$updatedAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$user__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$userIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$value, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$value__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$fileName = "exclusions-$( Get-date -Format 'yyyy-MM-dd_HHmmss' )", [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$filePath = $( (Get-Location).Path ), [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$showReport ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' { $resource_uri = "/export/exclusions" } } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable', 'fileName','filePath','showReport' $body = @{} if ($PSCmdlet.ParameterSetName -eq 'index') { ForEach ($Key in $PSBoundParameters.GetEnumerator()){ if($excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } } try { $fileOutput = "$filePath\$filename.csv" if ( (Test-Path -Path $filePath -PathType Container) -eq $false ){ New-Item -Path $filePath -ItemType Directory > $null } $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -OutFile $fileOutput ` -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } if (Test-Path -Path $fileOutput -PathType Leaf){ Write-Verbose "[ $($fileName) ] was saved to [ $($filePath) ]" if ($showReport){ Invoke-Item -Path $filePath } } else{Write-Warning "[ $($fileName) ] was not saved to [ $($filePath) ]"} } } function Get-S1Blacklists { <# .SYNOPSIS Get a list of all the items in the Blacklist that match the filter. .DESCRIPTION The Get-S1Blacklists cmdlet gets a list of all the items in the Blacklist that match the filter. To filter the results for a scope: Global - Make sure "tenant" is "true" and no other scope ID is given. Account - Make sure "tenant" is "false" and at least one Account ID is given. Site - Make sure "tenant" is "false" and at least one Site ID is given. .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER countOnly If true, only total number of items will be returned, without any of the actual objects. .PARAMETER createdAt__between Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER createdAt__gt Returns blacklists created after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__gte Returns blacklists created after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lt Returns blacklists created before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lte Returns blacklists created before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER cursor Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=". .PARAMETER description__contains Free-text filter by description .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER includeChildren Return filters from children scope levels .PARAMETER includeParents Return filters from parent scope levels .PARAMETER limit Limit number of returned items (1-1000). Example: "10". .PARAMETER modes List of modes to filter by (Path exclusions only). Allowed values: 'disable_all_monitors', 'disable_all_monitors_deep', 'disable_in_process_monitor', 'disable_in_process_monitor_deep', 'suppress', 'suppress_app_control', 'suppress_dfi_only', 'suppress_dynamic_only' .PARAMETER osTypes List of Os types to filter by. Allowed values: 'linux', 'macos', 'windows', 'windows_legacy' .PARAMETER query A free-text search term, will match applicable attributes .PARAMETER recommendations List of recommendations to filter by. Allowed values: 'None', 'Not allowed', 'Not recommended' .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915" .PARAMETER skip Skip first number of items (0-1000). To iterate over more than 1000 items, use "cursor". Example: "150". .PARAMETER skipCount If true, total number of items will not be calculated, which speeds up execution time. .PARAMETER sortBy Sorts the returned results by a defined value Allowed values: 'createdAt', 'description', 'id', 'osType', 'scope', 'scopePath', 'source', 'updatedAt', 'userName', 'value' .PARAMETER sortOrder Sort direction Allowed values: 'asc', 'desc' .PARAMETER source List sources to filter by. Allowed values: 'action_from_threat', 'catalog', 'cloud', 'user' .PARAMETER tenant Indicates a tenant scope request .PARAMETER type Type Allowed values: 'black_hash' .PARAMETER types Type Allowed values: 'black_hash' .PARAMETER unified Unified .PARAMETER updatedAt__between Date range for update time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER updatedAt__gt Returns blacklists updated after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__gte Returns blacklists updated after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lt Returns blacklists updated before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lte Returns blacklists updated before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER user__contains Free-text filter by user name .PARAMETER userIds List of user ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER value value .PARAMETER value__contains Free-text filter by value .EXAMPLE Get-S1Blacklists -tenant -countonly Gets a count of all exclusions from the main tenant .EXAMPLE 225494730938493804 | Get-S1Blacklists Gets a list of all exclusions from the defined site .EXAMPLE Get-S1Blacklists -createdAt__gt '2018-02-27 14:32' Gets a list of all exclusions that were created after the defined dataTime DataTime values are converted to UTC, use -verbose to see the value it is converted to. .EXAMPLE Get-S1Blacklists -cursor 'YWdlbnRfaWQ6NTgwMjkzODE=' Returns results after the first 10 results The cursor value can be found under pagination .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ExclusionsAndBlacklist/Get-S1Blacklists.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$countOnly, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$createdAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$cursor, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$description__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeChildren, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeParents, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, 1000)] [Int64]$limit, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'disable_all_monitors', 'disable_all_monitors_deep', 'disable_in_process_monitor', 'disable_in_process_monitor_deep', 'suppress', 'suppress_app_control', 'suppress_dfi_only', 'suppress_dynamic_only' )] [String[]]$modes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )] [String[]]$osTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'NONE', 'Not allowed', 'Not recommended' )] [String[]]$recommendations, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, [Int64]::MaxValue)] [Int64]$skip, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$skipCount, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'createdAt', 'description', 'id', 'osType', 'scope', 'scopePath', 'source', 'updatedAt', 'userName', 'value' )] [String]$sortBy, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'asc', 'desc' )] [String]$sortOrder, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'action_from_threat', 'catalog', 'cloud', 'user' )] [String[]]$source, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String]$type, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String[]]$types, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$unified, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$updatedAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$user__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$userIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$value, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$value__contains ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' {$resource_uri = "/restrictions"} } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable' $body = @{} ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){ if( $excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } try { $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } $data = @{} $data = $rest_output return $data } } function Get-S1Exclusions { <# .SYNOPSIS Get a list of all the Exclusions that match the filters .DESCRIPTION The Get-S1Exclusions cmdlet gets a list of all the Exclusions that match the filter. Note: To filter the results for a scope: Global - Make sure "tenant" is "true" and no other scope ID is given. Account - Make sure "tenant" is "false" and at least one Account ID is given. Site - Make sure "tenant" is "false" and at least one Site ID is given. .PARAMETER accountIds List of Account IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER countOnly If true, only total number of items will be returned, without any of the actual objects. .PARAMETER createdAt__between Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER createdAt__gt Returns exclusions created after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__gte Returns exclusions created after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lt Returns exclusions created before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER createdAt__lte Returns exclusions created before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER cursor Cursor position returned by the last request. Use to iterate over more than 1000 items. Example: "YWdlbnRfaWQ6NTgwMjkzODE=". .PARAMETER description__contains Free-text filter by description .PARAMETER groupIds List of Group IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER ids List of IDs to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER includeChildren Return filters from children scope levels .PARAMETER includeParents Return filters from parent scope levels .PARAMETER limit Limit number of returned items (1-1000). Example: "10". .PARAMETER modes List of modes to filter by (Path exclusions only). Allowed values: 'disable_all_monitors', 'disable_all_monitors_deep', 'disable_in_process_monitor', 'disable_in_process_monitor_deep', 'suppress', 'suppress_app_control', 'suppress_dfi_only', 'suppress_dynamic_only' .PARAMETER osTypes List of Os types to filter by. Allowed values: 'linux', 'macos', 'windows', 'windows_legacy' .PARAMETER pathExclusionTypes List of excluded paths in an exclusion (Path exclusions only). Allowed values: 'file', 'folder', 'subfolder' .PARAMETER query A free-text search term, will match applicable attributes .PARAMETER recommendations List of recommendations to filter by. Allowed values: 'None', 'Not allowed', 'Not recommended' .PARAMETER siteIds List of Site IDs to filter by. Example: "225494730938493804,225494730938493915" .PARAMETER skip Skip first number of items (0-1000). To iterate over more than 1000 items, use "cursor". Example: "150". .PARAMETER skipCount If true, total number of items will not be calculated, which speeds up execution time. .PARAMETER sortBy Sorts the returned results by a defined value Allowed values: 'actions', 'createdAt', 'description', 'id', 'mode', 'osType', 'pathExclusionType', 'scope', 'scopePath', 'source', 'subfolders', 'type', 'updatedAt', 'userName', 'value' .PARAMETER sortOrder Sort direction Allowed values: 'asc', 'desc' .PARAMETER source List sources to filter by. Allowed values: 'action_from_threat', 'catalog', 'cloud', 'user' .PARAMETER tenant Indicates a tenant scope request .PARAMETER type Type Allowed values: 'black_hash' .PARAMETER types Type Allowed values: 'black_hash' .PARAMETER unified Unified .PARAMETER updatedAt__between Date range for update time (format: <from_timestamp>-<to_timestamp>, inclusive). Example: "1514978890136-1514978650130". .PARAMETER updatedAt__gt Returns exclusions updated after this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__gte Returns exclusions updated after or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lt Returns exclusions updated before this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER updatedAt__lte Returns exclusions updated before or at this timestamp. Inputted data is converted to UTC time Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z .PARAMETER user__contains Free-text filter by user name .PARAMETER userIds List of user ids to filter by. Example: "225494730938493804,225494730938493915". .PARAMETER value value .PARAMETER value__contains Free-text filter by value .EXAMPLE Get-S1Exclusions -tenant -countonly Gets a count of all exclusions from the main tenant .EXAMPLE 225494730938493804 | Get-S1Exclusions Gets a list of all exclusions from the defined site .EXAMPLE Get-S1Exclusions -createdAt__gt '2018-02-27 14:32' Gets a list of all exclusions that were created after the defined dataTime DataTime values are converted to UTC, use -verbose to see the value it is converted to. .EXAMPLE Get-S1Exclusions -cursor 'YWdlbnRfaWQ6NTgwMjkzODE=' Returns results after the first 10 results The cursor value can be found under pagination .NOTES N\A .LINK https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ExclusionsAndBlacklist/Get-S1Exclusions.html #> [CmdletBinding( DefaultParameterSetName = 'index' )] Param ( [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$accountIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$countOnly, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$createdAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$createdAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$cursor, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$description__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$groupIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$ids, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeChildren, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$includeParents, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, 1000)] [Int64]$limit, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'disable_all_monitors', 'disable_all_monitors_deep', 'disable_in_process_monitor', 'disable_in_process_monitor_deep', 'suppress', 'suppress_app_control', 'suppress_dfi_only', 'suppress_dynamic_only' )] [String[]]$modes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'file', 'folder', 'subfolder' )] [String[]]$pathExclusionTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'linux', 'macos', 'windows', 'windows_legacy' )] [String[]]$osTypes, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$query, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'NONE', 'Not allowed', 'Not recommended' )] [String[]]$recommendations, [Parameter( Mandatory = $false, ValueFromPipeline = $true, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [Int64[]]$siteIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateRange(1, [Int64]::MaxValue)] [Int64]$skip, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$skipCount, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'actions', 'createdAt', 'description', 'id', 'mode', 'osType', 'pathExclusionType', 'scope', 'scopePath', 'source', 'subfolders', 'type', 'updatedAt', 'userName', 'value' )] [String]$sortBy, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'asc', 'desc' )] [String]$sortOrder, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'action_from_threat', 'catalog', 'cloud', 'user' )] [String[]]$source, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$tenant, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String]$type, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateSet( 'black_hash' )] [String[]]$types, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [Switch]$unified, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$updatedAt__between, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__gte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lt, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [DateTime]$updatedAt__lte, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$user__contains, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$userIds, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String]$value, [Parameter( Mandatory = $false, ParameterSetName = 'index' )] [ValidateNotNullOrEmpty()] [String[]]$value__contains ) process { Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet" Switch ($PSCmdlet.ParameterSetName){ 'index' {$resource_uri = "/exclusions"} } $excludedParameters = 'Debug','ErrorAction','ErrorVariable','InformationAction', 'InformationVariable','OutBuffer','OutVariable','PipelineVariable', 'Verbose','WarningAction','WarningVariable' $body = @{} ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){ if( $excludedParameters -contains $Key.Key ){$null} elseif ( $Key.Value.GetType().IsArray ){ Write-Verbose "[ $($Key.Key) ] is an array parameter" $body += @{ $Key.Key = $Key.Value -join (',') } } elseif ( $Key.Value.GetType().FullName -eq 'System.DateTime' ){ Write-Verbose "[ $($Key.Key) ] is a dateTime parameter" $universalTime = ($Key.Value).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ') Write-Verbose "Converting [ $($Key.Value) ] to [ $universalTime ]" $body += @{ $Key.Key = $universalTime } } else{ $body += @{ $Key.Key = $Key.Value } } } try { $ApiToken = Get-S1APIKey -PlainText $S1_Headers.Add('Authorization', "ApiToken $ApiToken") $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error } catch { Write-Error $_ } finally { [void] ( $S1_Headers.Remove('Authorization') ) } $data = @{} $data = $rest_output return $data } } |