public/Get-VPASPSMSessionActivities.ps1
|
<#
.Synopsis GET PSM SESSION ACTIVITIES CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET PSM SESSION ACTIVITIES .LINK https://vpasmodule.com/commands/Get-VPASPSMSessionActivities .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER PSMSessionID Unique ID that maps to the target PSMSession Supply the PSMSessionID to skip any querying to find the target PSMSession .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $GetPSMSessionActivitiesJSON = Get-VPASPSMSessionActivities -SearchQuery {SEARCHQUERY VALUE} .EXAMPLE $GetPSMSessionActivitiesJSON = Get-VPASPSMSessionActivities -PSMSessionID {PSM SESSION ID VALUE} .EXAMPLE $InputParameters = @{ SearchQuery = "DomainAdmin01" } $GetPSMSessionActivitiesJSON = Get-VPASPSMSessionActivities -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ PSMSessionID = "36_101" } $GetPSMSessionActivitiesJSON = Get-VPASPSMSessionActivities -InputParameters $InputParameters .OUTPUTS If successful: { "Activities": [ { "ActivityText": "explorer.exe, Program Manager", "ActivityType": 3, "ActivityId": "87657", "Formats": "vid", "Offsets": "@{vid=00:00:06}" }, { "ActivityText": "notepad.exe, Untitled - Notepad", "ActivityType": 3, "ActivityId": "87658", "Formats": "vid", "Offsets": "@{vid=00:00:19}" }, { "ActivityText": "notepad.exe, Notepad", "ActivityType": 3, "ActivityId": "87659", "Formats": "vid", "Offsets": "@{vid=00:00:36}" } ], "Total": 3 } --- $false if failed #> function Get-VPASPSMSessionActivities{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find the target PSM session (for example: DomainAdmin01)")] [String]$SearchQuery, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique PSMSessionID of the target PSM session (for example: 36_102)")] [String]$PSMSessionID, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("SearchQuery") MandatoryKeys = @("SearchQuery") } set2 = @{ AcceptableKeys = @("PSMSessionID") MandatoryKeys = @("PSMSessionID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE PSM SESSIONS" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($PSMSessionID)){ Write-Verbose "NO PSM SESSION ID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE PSM SESSION ID BASED ON SPECIFIED PARAMETERS" $PSMSessionID = Get-VPASRecordingIDHelper -token $token -SearchQuery $SearchQuery Write-Verbose "RETURNING PSM SESSION ID" } else{ Write-Verbose "PSM SESSION ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/recordings/$PSMSessionID/activities" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/recordings/$PSMSessionID/activities" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET PSM SESSION ACTIVITIES" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |