Resources/Hashes-GET.ps1

function Get-S1HashReputation {
<#
    .SYNOPSIS
        Get the reputation of a hash, given the required SHA1.
 
    .DESCRIPTION
        The Get-S1HashReputation cmdlet gets the reputation of a hash, given the required SHA1.
 
        To get a hash, run "threats" (best if filtered for a Group or Site)
        and take the fileContentHash value.
 
    .PARAMETER hash
        Return the hash reputation for the defined SHA1 hash
 
    .EXAMPLE
        Get-S1HashReputation -hash 1ce2472499424b6e4d3923f42024d002d7aeb7a6
 
        Returns the hash reputation for the defined SHA1 hash
 
    .EXAMPLE
        1ce2472499424b6e4d3923f42024d002d7aeb7a6 | Get-S1HashReputation
 
        Returns the hash reputation for the defined SHA1 hash
 
    .NOTES
        N\A
 
    .LINK
        https://celerium.github.io/SentinelOne-PowerShellWrapper/site/Hashes/Get-S1HashReputation.html
 
#>


    [CmdletBinding( DefaultParameterSetName = 'index' )]
    Param (
        [Parameter( Mandatory = $true, ValueFromPipeline = $true, Position=0, ParameterSetName = 'index' )]
        [ValidateNotNullOrEmpty()]
        [String]$hash
    )

    process {

        Write-Verbose "Running the [ $($PSCmdlet.ParameterSetName) ] parameterSet"

        Switch ($PSCmdlet.ParameterSetName){
            'index' {$resource_uri = "/hashes/$hash/reputation"}
        }

        $excludedParameters =   'Debug','ErrorAction','ErrorVariable','InformationAction',
                                'InformationVariable','OutBuffer','OutVariable','PipelineVariable',
                                'Verbose','WarningAction','WarningVariable'

        $body = @{}

        if ($PSCmdlet.ParameterSetName -eq 'index') {

            ForEach ( $Key in $PSBoundParameters.GetEnumerator() ){

                if( $excludedParameters -contains $Key.Key ){$null}
                elseif ( $Key.Value.GetType().IsArray ){
                    Write-Verbose "[ $($Key.Key) ] is an array parameter"
                    $body += @{ $Key.Key = $Key.Value -join (',') }
                }
                else{
                    $body += @{ $Key.Key = $Key.Value }
                }

            }
        }

        try {
            $ApiToken = Get-S1APIKey -PlainText
            $S1_Headers.Add('Authorization', "ApiToken $ApiToken")

            $rest_output = Invoke-RestMethod -Method Get -Uri ( $S1_Base_URI + $resource_uri ) -Headers $S1_Headers -Body $body -ErrorAction Stop -ErrorVariable rest_error
        } catch {
            Write-Error $_
        } finally {
            [void] ( $S1_Headers.Remove('Authorization') )
        }

        $data = @{}
        $data = $rest_output
        return $data

    }

}