public/Invoke-VPASReporting.ps1
|
<#
.Synopsis RUN VARIOUS REPORTS FROM CYBERARK CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GENERATE VARIOUS REPORTS FROM CYBERARK .LINK https://vpasmodule.com/commands/Invoke-VPASReporting .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER ReportType Specify which report will be run Possible values: SafeContent, SafeMembers, PlatformDetails, EPVUsers, PlatformLinkedAccounts, ApplicationIDAuthentications .PARAMETER ReportFormat Specify what format the report output should be Possible values: CSV, JSON, TXT, HTML, XML, ALL .PARAMETER OutputDirectory Where to place the newly generated report .PARAMETER WildCardSearch Treat the searchquery as a wildcard search (*searchquery*) instead of a single value .PARAMETER IncludePredefinedSafeMembers Include built in safe members when reporting on safe members .PARAMETER Confirm Skip the confirmation prompt to continue regardless on the size of the environment .PARAMETER HideOutput Suppress any output to the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $RunReporting = Invoke-VPASReporting -ReportType {REPORTTYPE VALUE} -ReportFormat {REPORTFORMAT VALUE} -SearchQuery {SEARCHQUERY VALUE} -OutputDirectory {OUTPUTDIRECTORY VALUE} .EXAMPLE $InputParameters = @{ ReportType = "SafeContent"|"SafeMembers"|"PlatformDetails"|"EPVUsers"|"ApplicationIDAuthentications"|"PlatformLinkedAccounts" ReportFormat = "CSV"|"JSON"|"TXT"|"HTML"|"XML"|"ALL" OutputDirectory = "C:\Temp\ReportOutput" SearchQuery = "TargetSearchQuery" WildCardSearch = $true|$false IncludePredefinedSafeMembers = $true|$false Confirm = $true|$false HideOutput = $true|$false } $RunReporting = Invoke-VPASReporting -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Invoke-VPASReporting{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter ReportType to be generated (SafeContent, SafeMembers, PlatformDetails, EPVUsers, ApplicationIDAuthentications, PlatformLinkedAccounts)")] [ValidateSet('SafeContent','SafeMembers','PlatformDetails','EPVUsers','ApplicationIDAuthentications','PlatformLinkedAccounts')] [String]$ReportType, [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter ReportOutput type (CSV, JSON, TXT, HTML, XML, ALL)")] [ValidateSet('CSV','JSON','TXT','HTML','XML','ALL')] [String]$ReportFormat, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$OutputDirectory, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [String]$SearchQuery, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$WildCardSearch, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$IncludePredefinedSafeMembers, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$Confirm, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$HideOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("ReportType","ReportFormat","OutputDirectory","SearchQuery","WildCardSearch","IncludePredefinedSafeMembers","Confirm","HideOutput") MandatoryKeys = @("ReportType","ReportFormat") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO INVOKE REPORTING" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($OutputDirectory)){ $curUser = $env:UserName $OutputDirectory = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Reports" Write-Verbose "NO OUTPUT DIRECTORY SUPPLIED, USING DEFAULT LOCATION: $OutputDirectory" if(Test-Path -Path $OutputDirectory){ #DO NOTHING } else{ write-verbose "$OutputDirectory DOES NOT EXIST, CREATING DIRECTORY" $MakeDirectory = New-Item -Path $OutputDirectory -Type Directory } } else{ if(Test-Path -Path $OutputDirectory){ #DO NOTHING } else{ $curUser = $env:UserName $OutputDirectory = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Reports" write-verbose "$OutputDirectory DOES NOT EXIST, USING DEFAULT LOCATION: $OutputDirectory" if(Test-Path -Path $OutputDirectory){ #DO NOTHING } else{ $MakeDirectory = New-Item -Path $OutputDirectory -Type Directory } } } if($ReportType -eq "SafeContent"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO SAFENAME SUPPLIED, ENTER SAFENAME (To report on all safes type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET SAFE(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Safes, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if($NoSSL){ $Safes = Get-VPASSafes -token $token -searchQuery " " } else{ $Safes = Get-VPASSafes -token $token -searchQuery " " } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } } else{ if($NoSSL){ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } else{ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } } $Data = @{} $counter = 1 $uniqueIDs = @() Write-Verbose "QUERYING CYBERARK FOR ACCOUNTS IN TARGET SAFE(S)" foreach($safe in $TargetSafes){ if($NoSSL){ $FoundAccounts = Get-VPASAccountDetails -token $token -safe $safe -HideWarning } else{ $FoundAccounts = Get-VPASAccountDetails -token $token -safe $safe -HideWarning } if(!$FoundAccounts){ if(!$HideOutput){ Write-VPASOutput -str "NO ACCOUNTS FOUND IN SAFE: $safe" -type M } Write-Verbose "NO ACCOUNTS FOUND IN SAFE: $safe" } else{ foreach($rec in $FoundAccounts.value){ $temparr = @{} $AcctID = $rec.id $AcctName = $rec.name $AcctAddress = $rec.address $AcctUsername = $rec.userName $AcctPlatformID = $rec.platformId $AcctSafename = $rec.safeName $AcctSecretType = $rec.secretType $AcctAutomaticManagementEnabled = $rec.secretManagement.automaticManagementEnabled $AcctAutomaticManagementEnabledReason = $rec.secretManagement.manualManagementReason $AcctStatus = $rec.secretManagement.status if([String]::IsNullOrEmpty($AcctStatus)){ $AcctStatus = "NoError" } $EpochTime = $rec.secretManagement.lastModifiedTime $AcctLastModifiedTime = (([System.DateTimeOffset]::FromUnixTimeSeconds($EpochTime)).DateTime.toLocalTime()).ToString() $CreatedTime = $rec.createdTime $AcctCreatedTime = (([System.DateTimeOffset]::FromUnixTimeSeconds($CreatedTime)).DateTime.toLocalTime()).ToString() if($SearchQuery -eq "all"){ $temparr = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } if($uniqueIDs.Contains($AcctID)){ #DO NOTHING } else{ $uniqueIDs += $AcctID $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } else{ if($WildCardSearch){ if($AcctSafename -match $SearchQuery){ $temparr = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } if($uniqueIDs.Contains($AcctID)){ #DO NOTHING } else{ $uniqueIDs += $AcctID $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } } else{ if($AcctSafename -eq $SearchQuery){ $temparr = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } if($uniqueIDs.Contains($AcctID)){ #DO NOTHING } else{ $uniqueIDs += $AcctID $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } } } } } } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $AcctID = $Data.$key.AcctID $AcctName = $Data.$key.AcctName $AcctAddress = $Data.$key.AcctAddress $AcctUsername = $Data.$key.AcctUsername $AcctPlatformID = $Data.$key.AcctPlatformID $AcctSafename = $Data.$key.AcctSafename $AcctSecretType = $Data.$key.AcctSecretType $AcctAutomaticManagementEnabled = $Data.$key.AcctAutomaticManagementEnabled $AcctAutomaticManagementEnabledReason = $Data.$key.AcctAutomaticManagementEnabledReason $AcctStatus = $Data.$key.AcctStatus $AcctLastModifiedTime = $Data.$key.AcctLastModifiedTime $AcctCreatedTime = $Data.$key.AcctCreatedTime $temphash = @{ AcctID = $AcctID AcctName = $AcctName AcctAddress = $AcctAddress AcctUsername = $AcctUsername AcctPlatformID = $AcctPlatformID AcctSafename = $AcctSafename AcctSecretType = $AcctSecretType AcctAutomaticManagementEnabled = $AcctAutomaticManagementEnabled AcctAutomaticManagementEnabledReason = $AcctAutomaticManagementEnabledReason AcctStatus = $AcctStatus AcctLastModifiedTime = $AcctLastModifiedTime AcctCreatedTime = $AcctCreatedTime } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.txt" write-output "SAFE CONTENT REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $AcctID = $Data.$key.AcctID $AcctName = $Data.$key.AcctName $AcctAddress = $Data.$key.AcctAddress $AcctUsername = $Data.$key.AcctUsername $AcctPlatformID = $Data.$key.AcctPlatformID $AcctSafename = $Data.$key.AcctSafename $AcctSecretType = $Data.$key.AcctSecretType $AcctAutomaticManagementEnabled = $Data.$key.AcctAutomaticManagementEnabled $AcctAutomaticManagementEnabledReason = $Data.$key.AcctAutomaticManagementEnabledReason $AcctStatus = $Data.$key.AcctStatus $AcctLastModifiedTime = $Data.$key.AcctLastModifiedTime $AcctCreatedTime = $Data.$key.AcctCreatedTime $str += "AcctID: $AcctID`r`n" $str += "AcctName: $AcctName`r`n" $str += "AcctAddress: $AcctAddress`r`n" $str += "AcctUsername: $AcctUsername`r`n" $str += "AcctPlatformID: $AcctPlatformID`r`n" $str += "AcctSafename: $AcctSafename`r`n" $str += "AcctSecretType: $AcctSecretType`r`n" $str += "AcctAutomaticManagementEnabled: $AcctAutomaticManagementEnabled`r`n" $str += "AcctAutomaticManagementEnabledReason: $AcctAutomaticManagementEnabledReason`r`n" $str += "AcctStatus: $AcctStatus`r`n" $str += "AcctLastModifiedTime: $AcctLastModifiedTime`r`n" $str += "AcctCreatedTime: $AcctCreatedTime`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.csv" write-output "ID,Name,Address,Username,PlatformID,SafeName,SecretType,AutomaticManagementEnabled,AutomaticManagementEnabledReason,Status,LastModifiedTime,CreatedTime" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $AcctID = $Data.$key.AcctID $AcctName = $Data.$key.AcctName $AcctAddress = $Data.$key.AcctAddress $AcctUsername = $Data.$key.AcctUsername $AcctPlatformID = $Data.$key.AcctPlatformID $AcctSafename = $Data.$key.AcctSafename $AcctSecretType = $Data.$key.AcctSecretType $AcctAutomaticManagementEnabled = $Data.$key.AcctAutomaticManagementEnabled $AcctAutomaticManagementEnabledReason = $Data.$key.AcctAutomaticManagementEnabledReason $AcctStatus = $Data.$key.AcctStatus $AcctLastModifiedTime = $Data.$key.AcctLastModifiedTime $AcctCreatedTime = $Data.$key.AcctCreatedTime $str = "$AcctID,$AcctName,$AcctAddress,$AcctUsername,$AcctPlatformID,$AcctSafename,$AcctSecretType,$AcctAutomaticManagementEnabled,$AcctAutomaticManagementEnabledReason,$AcctStatus,$AcctLastModifiedTime,$AcctCreatedTime" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeContent.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "SafeMembers"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO SAFENAME SUPPLIED, ENTER SAFENAME (To report on all safes type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET SAFE(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Safes, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if($NoSSL){ $Safes = Get-VPASSafes -token $token -searchQuery " " } else{ $Safes = Get-VPASSafes -token $token -searchQuery " " } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } } else{ if($NoSSL){ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } else{ if($WildCardSearch){ $Safes = Get-VPASSafes -token $token -searchQuery $SearchQuery } else{ $Safes = Get-VPASSafeDetails -token $token -safe $SearchQuery } if(!$Safes){ Write-VPASOutput -str "UNABLE TO QUERY SAFES" -type E Write-Verbose "UNABLE TO QUERY SAFES...RETURNING FALSE" return $false } else{ if($WildCardSearch){ #$TargetSafes = $Safes.SearchSafesResult.SafeName $TargetSafes = $Safes.value.safeName } else{ $TargetSafes = $Safes.SafeName } } } } $Data = @{} $counter = 1 Write-Verbose "QUERYING CYBERARK FOR SAFE MEMBERS IN TARGET SAFE(S)" foreach($safe in $TargetSafes){ if($NoSSL){ if($IncludePredefinedSafeMembers){ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe -IncludePredefinedMembers } else{ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe } } else{ if($IncludePredefinedSafeMembers){ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe -IncludePredefinedMembers } else{ $FoundMembers = Get-VPASSafeMembers -token $token -safe $safe } } if(!$FoundMembers){ if(!$HideOutput){ Write-VPASOutput -str "NO SAFE MEMBERS FOUND IN SAFE: $safe" -type M } Write-Verbose "NO SAFE MEMBERS FOUND IN SAFE: $safe" } else{ foreach($rec in $FoundMembers.value){ $temparr = @{} $SMSafe = $rec.safeName $SMSafeID = $rec.safeNumber $SMMemberID = $rec.memberId $SMMemberName = $rec.memberName $SMMemberType = $rec.memberType $SMMembershipExpirationDate = $rec.membershipExpirationDate $SMIsExpiredMembershipEnable = $rec.isExpiredMembershipEnable $SMIsPredefinedUser = $rec.isPredefinedUser $SMUseAccounts = $rec.permissions.useAccounts $SMRetrieveAccounts = $rec.permissions.retrieveAccounts $SMListAccounts = $rec.permissions.listAccounts $SMAddAccounts = $rec.permissions.addAccounts $SMUpdateAccountContent = $rec.permissions.updateAccountContent $SMUpdateAccountProperties = $rec.permissions.updateAccountProperties $SMInitiateCPMAccountManagementOperations = $rec.permissions.initiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $rec.permissions.specifyNextAccountContent $SMRenameAccounts = $rec.permissions.renameAccounts $SMDeleteAccounts = $rec.permissions.deleteAccounts $SMUnlockAccounts = $rec.permissions.unlockAccounts $SMManageSafe = $rec.permissions.manageSafe $SMManageSafeMembers = $rec.permissions.manageSafeMembers $SMBackupSafe = $rec.permissions.backupSafe $SMViewAuditLog = $rec.permissions.viewAuditLog $SMViewSafeMembers = $rec.permissions.viewSafeMembers $SMAccessWithoutConfirmation = $rec.permissions.accessWithoutConfirmation $SMCreateFolders = $rec.permissions.createFolders $SMDeleteFolders = $rec.permissions.deleteFolders $SMMoveAccountsAndFolders = $rec.permissions.moveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $rec.permissions.requestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $rec.permissions.requestsAuthorizationLevel2 $temparr = @{ SMSafeName = $SMSafe SMSafeID = $SMSafeID SMMemberId = $SMMemberID SMMemberName = $SMMemberName SMMemberType = $SMMemberType SMMembershipExpirationDate = $SMMembershipExpirationDate SMIsExpiredMembershipEnable = $SMIsExpiredMembershipEnable SMIsPredefinedUser = $SMIsPredefinedUser SMUseAccounts = $SMUseAccounts SMRetrieveAccounts = $SMRetrieveAccounts SMListAccounts = $SMListAccounts SMAddAccounts = $SMAddAccounts SMUpdateAccountContent = $SMUpdateAccountContent SMUpdateAccountProperties = $SMUpdateAccountProperties SMInitiateCPMAccountManagementOperations = $SMInitiateCPMAccountManagementOperations SMSpecifyNextAccountContent = $SMSpecifyNextAccountContent SMRenameAccounts = $SMRenameAccounts SMDeleteAccounts = $SMDeleteAccounts SMUnlockAccounts = $SMUnlockAccounts SMManageSafe = $SMManageSafe SMManageSafeMembers = $SMManageSafeMembers SMBackupSafe = $SMBackupSafe SMViewAuditLog = $SMViewAuditLog SMViewSafeMembers = $SMViewSafeMembers SMAccessWithoutConfirmation = $SMAccessWithoutConfirmation SMCreateFolders = $SMCreateFolders SMDeleteFolders = $SMDeleteFolders SMMoveAccountsAndFolders = $SMMoveAccountsAndFolders SMRequestsAuthorizationLevel1 = $SMRequestsAuthorizationLevel1 SMRequestsAuthorizationLevel2 = $SMRequestsAuthorizationLevel2 } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter += 1 } } } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $SMSafe = $Data.$key.SMSafeName $SMSafeID = $Data.$key.SMSafeID $SMMemberID = $Data.$key.SMMemberID $SMMemberName = $Data.$key.SMMemberName $SMMemberType = $Data.$key.SMMemberType $SMMembershipExpirationDate = $Data.$key.SMMembershipExpirationDate $SMIsExpiredMembershipEnable = $Data.$key.SMIsExpiredMembershipEnable $SMIsPredefinedUser = $Data.$key.SMIsPredefinedUser $SMUseAccounts = $Data.$key.SMUseAccounts $SMRetrieveAccounts = $Data.$key.SMRetrieveAccounts $SMListAccounts = $Data.$key.SMListAccounts $SMAddAccounts = $Data.$key.SMAddAccounts $SMUpdateAccountContent = $Data.$key.SMUpdateAccountContent $SMUpdateAccountProperties = $Data.$key.SMUpdateAccountProperties $SMInitiateCPMAccountManagementOperations = $Data.$key.SMInitiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $Data.$key.SMSpecifyNextAccountContent $SMRenameAccounts = $Data.$key.SMRenameAccounts $SMDeleteAccounts = $Data.$key.SMDeleteAccounts $SMUnlockAccounts = $Data.$key.SMUnlockAccounts $SMManageSafe = $Data.$key.SMManageSafe $SMManageSafeMembers = $Data.$key.SMManageSafeMembers $SMBackupSafe = $Data.$key.SMBackupSafe $SMViewAuditLog = $Data.$key.SMViewAuditLog $SMViewSafeMembers = $Data.$key.SMViewSafeMembers $SMAccessWithoutConfirmation = $Data.$key.SMAccessWithoutConfirmation $SMCreateFolders = $Data.$key.SMCreateFolders $SMDeleteFolders = $Data.$key.SMDeleteFolders $SMMoveAccountsAndFolders = $Data.$key.SMMoveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $Data.$key.SMRequestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $Data.$key.SMRequestsAuthorizationLevel2 $temphash = @{ SafeName = $SMSafe SafeID = $SMSafeID MemberId = $SMMemberID MemberName = $SMMemberName MemberType = $SMMemberType MembershipExpirationDate = $SMMembershipExpirationDate IsExpiredMembershipEnable = $SMIsExpiredMembershipEnable IsPredefinedUser = $SMIsPredefinedUser UseAccounts = $SMUseAccounts RetrieveAccounts = $SMRetrieveAccounts ListAccounts = $SMListAccounts AddAccounts = $SMAddAccounts UpdateAccountContent = $SMUpdateAccountContent UpdateAccountProperties = $SMUpdateAccountProperties InitiateCPMAccountManagementOperations = $SMInitiateCPMAccountManagementOperations SpecifyNextAccountContent = $SMSpecifyNextAccountContent RenameAccounts = $SMRenameAccounts DeleteAccounts = $SMDeleteAccounts UnlockAccounts = $SMUnlockAccounts ManageSafe = $SMManageSafe ManageSafeMembers = $SMManageSafeMembers BackupSafe = $SMBackupSafe ViewAuditLog = $SMViewAuditLog ViewSafeMembers = $SMViewSafeMembers AccessWithoutConfirmation = $SMAccessWithoutConfirmation CreateFolders = $SMCreateFolders DeleteFolders = $SMDeleteFolders MoveAccountsAndFolders = $SMMoveAccountsAndFolders RequestsAuthorizationLevel1 = $SMRequestsAuthorizationLevel1 RequestsAuthorizationLevel2 = $SMRequestsAuthorizationLevel2 } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.txt" write-output "SAFE MEMBERS REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $SMSafe = $Data.$key.SMSafeName $SMSafeID = $Data.$key.SMSafeID $SMMemberID = $Data.$key.SMMemberID $SMMemberName = $Data.$key.SMMemberName $SMMemberType = $Data.$key.SMMemberType $SMMembershipExpirationDate = $Data.$key.SMMembershipExpirationDate $SMIsExpiredMembershipEnable = $Data.$key.SMIsExpiredMembershipEnable $SMIsPredefinedUser = $Data.$key.SMIsPredefinedUser $SMUseAccounts = $Data.$key.SMUseAccounts $SMRetrieveAccounts = $Data.$key.SMRetrieveAccounts $SMListAccounts = $Data.$key.SMListAccounts $SMAddAccounts = $Data.$key.SMAddAccounts $SMUpdateAccountContent = $Data.$key.SMUpdateAccountContent $SMUpdateAccountProperties = $Data.$key.SMUpdateAccountProperties $SMInitiateCPMAccountManagementOperations = $Data.$key.SMInitiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $Data.$key.SMSpecifyNextAccountContent $SMRenameAccounts = $Data.$key.SMRenameAccounts $SMDeleteAccounts = $Data.$key.SMDeleteAccounts $SMUnlockAccounts = $Data.$key.SMUnlockAccounts $SMManageSafe = $Data.$key.SMManageSafe $SMManageSafeMembers = $Data.$key.SMManageSafeMembers $SMBackupSafe = $Data.$key.SMBackupSafe $SMViewAuditLog = $Data.$key.SMViewAuditLog $SMViewSafeMembers = $Data.$key.SMViewSafeMembers $SMAccessWithoutConfirmation = $Data.$key.SMAccessWithoutConfirmation $SMCreateFolders = $Data.$key.SMCreateFolders $SMDeleteFolders = $Data.$key.SMDeleteFolders $SMMoveAccountsAndFolders = $Data.$key.SMMoveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $Data.$key.SMRequestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $Data.$key.SMRequestsAuthorizationLevel2 $str += "Safe: $SMSafe`r`n" $str += "SafeID: $SMSafeID`r`n" $str += "MemberID: $SMMemberID`r`n" $str += "MemberName: $SMMemberName`r`n" $str += "MemberType: $SMMemberType`r`n" $str += "MembershipExpirationDate: $SMMembershipExpirationDate`r`n" $str += "IsExpiredMembershipEnable: $SMIsExpiredMembershipEnable`r`n" $str += "IsPredefinedUser: $SMIsPredefinedUser`r`n" $str += "UseAccounts: $SMUseAccounts`r`n" $str += "RetrieveAccounts: $SMRetrieveAccounts`r`n" $str += "ListAccounts: $SMListAccounts`r`n" $str += "AddAccounts: $SMAddAccounts`r`n" $str += "UpdateAccountContent: $SMUpdateAccountContent`r`n" $str += "UpdateAccountProperties: $SMUpdateAccountProperties`r`n" $str += "InitiateCPMAccountManagementOperations: $SMInitiateCPMAccountManagementOperations`r`n" $str += "SpecifyNextAccountContent: $SMSpecifyNextAccountContent`r`n" $str += "RenameAccounts: $SMRenameAccounts`r`n" $str += "DeleteAccounts: $SMDeleteAccounts`r`n" $str += "UnlockAccounts: $SMUnlockAccounts`r`n" $str += "ManageSafe: $SMManageSafe`r`n" $str += "ManageSafeMembers: $SMManageSafeMembers`r`n" $str += "BackupSafe: $SMBackupSafe`r`n" $str += "ViewAuditLog: $SMViewAuditLog`r`n" $str += "ViewSafeMembers: $SMViewSafeMembers`r`n" $str += "AccessWithoutConfirmation: $SMAccessWithoutConfirmation`r`n" $str += "CreateFolders: $SMCreateFolders`r`n" $str += "DeleteFolders: $SMDeleteFolders`r`n" $str += "MoveAccountsAndFolders: $SMMoveAccountsAndFolders`r`n" $str += "RequestsAuthorizationLevel1: $SMRequestsAuthorizationLevel1`r`n" $str += "RequestsAuthorizationLevel2: $SMRequestsAuthorizationLevel2`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.csv" write-output "SafeName,SafeID,MemberID,MemberName,MemberType,MembershipExpirationDate,IsExpiredMembershipEnabled,IsPredefinedUser,UseAccounts,RetrieveAccounts,ListAccounts,AddAccounts,UpdateAccountContent,UpdateAccountProperties,InitiateCPMAccountManagementOperations,SpecifyNextAccountContent,RenameAccounts,DeleteAccounts,UnlockAccounts,ManageSafe,ManageSafeMembers,BackupSafe,ViewAuditLog,ViewSafeMembers,AccessWithoutConfirmation,CreateFolders,DeleteFolders,MoveAccountsAndFolders,RequestsAuthorizationLevel1,RequestsAuthorizationLevel2" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $SMSafe = $Data.$key.SMSafeName $SMSafeID = $Data.$key.SMSafeID $SMMemberID = $Data.$key.SMMemberID $SMMemberName = $Data.$key.SMMemberName $SMMemberType = $Data.$key.SMMemberType $SMMembershipExpirationDate = $Data.$key.SMMembershipExpirationDate $SMIsExpiredMembershipEnable = $Data.$key.SMIsExpiredMembershipEnable $SMIsPredefinedUser = $Data.$key.SMIsPredefinedUser $SMUseAccounts = $Data.$key.SMUseAccounts $SMRetrieveAccounts = $Data.$key.SMRetrieveAccounts $SMListAccounts = $Data.$key.SMListAccounts $SMAddAccounts = $Data.$key.SMAddAccounts $SMUpdateAccountContent = $Data.$key.SMUpdateAccountContent $SMUpdateAccountProperties = $Data.$key.SMUpdateAccountProperties $SMInitiateCPMAccountManagementOperations = $Data.$key.SMInitiateCPMAccountManagementOperations $SMSpecifyNextAccountContent = $Data.$key.SMSpecifyNextAccountContent $SMRenameAccounts = $Data.$key.SMRenameAccounts $SMDeleteAccounts = $Data.$key.SMDeleteAccounts $SMUnlockAccounts = $Data.$key.SMUnlockAccounts $SMManageSafe = $Data.$key.SMManageSafe $SMManageSafeMembers = $Data.$key.SMManageSafeMembers $SMBackupSafe = $Data.$key.SMBackupSafe $SMViewAuditLog = $Data.$key.SMViewAuditLog $SMViewSafeMembers = $Data.$key.SMViewSafeMembers $SMAccessWithoutConfirmation = $Data.$key.SMAccessWithoutConfirmation $SMCreateFolders = $Data.$key.SMCreateFolders $SMDeleteFolders = $Data.$key.SMDeleteFolders $SMMoveAccountsAndFolders = $Data.$key.SMMoveAccountsAndFolders $SMRequestsAuthorizationLevel1 = $Data.$key.SMRequestsAuthorizationLevel1 $SMRequestsAuthorizationLevel2 = $Data.$key.SMRequestsAuthorizationLevel2 $str = "$SMSafe,$SMSafeID,$SMMemberID,$SMMemberName,$SMMemberType,$SMMembershipExpirationDate,$SMIsExpiredMembershipEnable,$SMIsPredefinedUser,$SMUseAccounts,$SMRetrieveAccounts,$SMListAccounts,$SMAddAccounts,$SMUpdateAccountContent,$SMUpdateAccountProperties,$SMInitiateCPMAccountManagementOperations,$SMSpecifyNextAccountContent,$SMRenameAccounts,$SMDeleteAccounts,$SMUnlockAccounts,$SMManageSafe,$SMManageSafeMembers,$SMBackupSafe,$SMViewAuditLog,$SMViewSafeMembers,$SMAccessWithoutConfirmation,$SMCreateFolders,$SMDeleteFolders,$SMMoveAccountsAndFolders,$SMRequestsAuthorizationLevel1,$SMRequestsAuthorizationLevel2" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\SafeMembers.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "PlatformDetails"){ $apifail = $false if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO PLATFORMID SUPPLIED, ENTER PLATFORMID (To report on all active platforms type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET PLATFORM(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Platforms, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } try{ if($NoSSL){ $uri = "http://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllPlatforms = $result.Platforms } else{ $uri = "https://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllPlatforms = $result.Platforms } }catch{ Write-Verbose "GET ALL PLATFORMS API FAILED: $_" Write-Verbose "RUNNING Get-VPASAllTargetPlatforms INSTEAD" Write-VPASOutput -str "FAILED TO GET ALL PLATFORMS, RUNNING Get-VPASAllTargetPlatforms INSTEAD" -type M Write-VPASOutput -str "KEEP IN MIND THE RETURN JSON SYNTAX DIFFERS FOR Get-VPASAllTargetPlatforms" -type M $apifail = $true if($NoSSL){ $uri = "http://$PVWA/PasswordVault/API/Platforms/targets" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllPlatforms = $result.Platforms } else{ $uri = "https://$PVWA/PasswordVault/API/Platforms/targets" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllPlatforms = $result.Platforms } } if(!$AllPlatforms){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORMS" -type E Write-Verbose "UNABLE TO QUERY PLATFORMS...RETURNING FALSE" return $false } } else{ if($NoSSL){ if($WildCardSearch){ $response = Get-VPASPlatformDetailsSearch -token $token -SearchQuery "$SearchQuery" $AllPlatforms = $response.value } else{ try{ $uri = "http://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } foreach($rec in $response.Platforms){ $recplatformid = $rec.general.id $recname = $rec.general.name if($recplatformid -eq $SearchQuery -or $recname -eq $SearchQuery){ $AllPlatforms = $rec } } }catch{ Write-Verbose "GET ALL PLATFORMS API FAILED: $_" Write-Verbose "RUNNING Get-VPASAllTargetPlatforms INSTEAD" Write-VPASOutput -str "FAILED TO GET ALL PLATFORMS, RUNNING Get-VPASAllTargetPlatforms INSTEAD" -type M Write-VPASOutput -str "KEEP IN MIND THE RETURN JSON SYNTAX DIFFERS FOR Get-VPASAllTargetPlatforms" -type M $apifail = $true $uri = "http://$PVWA/PasswordVault/API/Platforms/targets" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } foreach($rec in $response.Platforms){ $recplatformid = $rec.PlatformID $recname = $rec.Name if($recplatformid -eq $SearchQuery -or $recname -eq $SearchQuery){ $AllPlatforms = $rec } } } } if(!$AllPlatforms){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORMS" -type E Write-Verbose "UNABLE TO QUERY PLATFORMS...RETURNING FALSE" return $false } } else{ if($WildCardSearch){ $response = Get-VPASPlatformDetailsSearch -token $token -SearchQuery "$SearchQuery" $AllPlatforms = $response.value } else{ try{ $uri = "https://$PVWA/PasswordVault/API/Platforms" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } foreach($rec in $response.Platforms){ $recplatformid = $rec.general.id $recname = $rec.general.name if($recplatformid -eq $SearchQuery -or $recname -eq $SearchQuery){ $AllPlatforms = $rec } } }catch{ Write-Verbose "GET ALL PLATFORMS API FAILED: $_" Write-Verbose "RUNNING Get-VPASAllTargetPlatforms INSTEAD" Write-VPASOutput -str "FAILED TO GET ALL PLATFORMS, RUNNING Get-VPASAllTargetPlatforms INSTEAD" -type M Write-VPASOutput -str "KEEP IN MIND THE RETURN JSON SYNTAX DIFFERS FOR Get-VPASAllTargetPlatforms" -type M $apifail = $true $uri = "https://$PVWA/PasswordVault/API/Platforms/targets" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } foreach($rec in $response.Platforms){ $recplatformid = $rec.PlatformID $recname = $rec.Name if($recplatformid -eq $SearchQuery -or $recname -eq $SearchQuery){ $AllPlatforms = $rec } } } } if(!$AllPlatforms){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORMS" -type E Write-Verbose "UNABLE TO QUERY PLATFORMS...RETURNING FALSE" return $false } } } #FIXING ISSUE WITH RETRIEVING ALL PLATFORMS try{ if(!$AllPlatforms.general[0]){ $apifail = $true Write-Verbose "UNABLE TO RETRIEVE ALL PLATFORMS VIA Get-VPASAllPlatforms, USING Get-VPASAllTargetPlatforms INSTEAD" } }catch{ $apifail = $true Write-Verbose "UNABLE TO RETRIEVE ALL PLATFORMS VIA Get-VPASAllPlatforms, USING Get-VPASAllTargetPlatforms INSTEAD" } $Data = @{} $counter = 1 foreach($platform in $AllPlatforms){ $temparr = @{} if($apifail){ $PFGeneralID = $platform.PlatformID $PFGeneralName = $platform.Name $PFGeneralSystemType = $platform.SystemType $PFGeneralActive = $platform.Active $PFGeneralDescription = "" $PFGeneralPlatformBaseID = $platform.PlatformBaseID $PFGeneralPlatformType = $platform.PlatformBaseType } else{ $PFGeneralID = $platform.general.id $PFGeneralName = $platform.general.name $PFGeneralSystemType = $platform.general.systemType $PFGeneralActive = $platform.general.active $PFGeneralDescription = $platform.general.description $PFGeneralPlatformBaseID = $platform.general.platformBaseID $PFGeneralPlatformType = $platform.general.platformType } $str = "" $PFPropertiesRequiredTemp = $platform.properties.required foreach($rec in $PFPropertiesRequiredTemp){ $testval = $rec.name if([String]::IsNullOrEmpty($testval)){ $testval = $rec.displayName } $str += $testval + ";" } $PFPropertiesRequired = $str $str = "" $PFPropertiesOptionalTemp = $platform.properties.optional foreach($rec in $PFPropertiesOptionalTemp){ $testval = $rec.name if([String]::IsNullOrEmpty($testval)){ $testval = $rec.displayName } $str += $testval + ";" } $PFPropertiesOptional = $str $str = "" $PFLinkedAccountsTemp = $platform.linkedAccounts foreach($rec in $PFLinkedAccountsTemp){ $testval = $rec.name if([String]::IsNullOrEmpty($testval)){ $testval = $rec.displayName } $str += $testval + ";" } $PFLinkedAccounts = $str if($apifail){ $PFCredentialsManagementAllowedSafes = $platform.AllowedSafes $PFCredentialsManagementAllowManualChange = $platform.CredentialsManagementPolicy.Change.AllowManual $PFCredentialsManagementPerformPeriodicChange = $platform.CredentialsManagementPolicy.Change.PerformAutomatic $PFCredentialsManagementRequirePasswordChangeEveryXDays = $platform.CredentialsManagementPolicy.Change.RequirePasswordEveryXDays $PFCredentialsManagementAllowManualVerification = $platform.CredentialsManagementPolicy.Verification.AllowManual $PFCredentialsManagementPerformPeriodicVerification = $platform.CredentialsManagementPolicy.Verification.PerformAutomatic $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $platform.CredentialsManagementPolicy.Verification.RequirePasswordEveryXDays $PFCredentialsManagementAllowManualReconciliation = $platform.CredentialsManagementPolicy.Reconcile.AllowManual $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $platform.CredentialsManagementPolicy.Reconcile.AutomaticReconcileWhenUnsynced $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = "" $PFSessionManagementRecordAndSaveSessionActivity = "" $PFSessionManagementPSMServerID = "" $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $platform.PrivilegedAccessWorkflows.RequireDualControlPasswordAccessApproval.IsActive $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $platform.PrivilegedAccessWorkflows.EnforceCheckinCheckoutExclusiveAccess.IsActive $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $platform.PrivilegedAccessWorkflows.EnforceOnetimePasswordAccess.IsActive $PFConnectionComponents = "" } else{ $PFCredentialsManagementAllowedSafes = $platform.credentialsManagement.allowedSafes $PFCredentialsManagementAllowManualChange = $platform.credentialsManagement.allowManualChange $PFCredentialsManagementPerformPeriodicChange = $platform.credentialsManagement.performPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $platform.credentialsManagement.requirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $platform.credentialsManagement.allowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $platform.credentialsManagement.performPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $platform.credentialsManagement.requirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $platform.credentialsManagement.allowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $platform.credentialsManagement.automaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $platform.sessionManagement.requirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $platform.sessionManagement.recordAndSaveSessionActivity $PFSessionManagementPSMServerID = $platform.sessionManagement.PSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $platform.privilegedAccessWorkflows.requireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $platform.privilegedAccessWorkflows.enforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $platform.privilegedAccessWorkflows.enforceOnetimePasswordAccess $PFConnectionComponents = "" } if($NoSSL){ $response2 = Get-VPASPSMSettingsByPlatformID -token $token -PlatformID $PFGeneralID } else{ $response2 = Get-VPASPSMSettingsByPlatformID -token $token -PlatformID $PFGeneralID } $AllConnectionComponents = $response2.PSMConnectors foreach($cc in $AllConnectionComponents){ $ccName = $cc.PSMConnectorID $ccStatus = $cc.Enabled if($ccStatus.ToString() -eq "True"){ $PFConnectionComponents += "$ccName(ACTIVE);" } else{ $PFConnectionComponents += "$ccName(DISABLED);" } } #GET OTHER HALF OF PLATFORM PROPERTIES $PFSearchForUsages = "" $PFPolicyType = "" $PFImmediateInterval = "" $PFInterval = "" $PFMaxConcurrentConnections = "" $PFMinValidityPeriod = "" $PFResetOveridesMinValidity = "" $PFResetOveridesTimeFrame = "" $PFTimeout = "" $PFUnlockIfFail = "" $PFUnrecoverableErrors = "" $PFMaximumRetries = "" $PFMinDelayBetweenRetries = "" $PFDllName = "" $PFXMLFile = "" $PFHeadStartInterval = "" $PFFromHour = "" $PFToHour = "" $PFChangeNotificationPeriod = "" $PFDaysNotifyPriorExpiration = "" $PFVFFromHour = "" $PFVFToHour = "" $PFRCReconcileReasons = "" $PFRCFromHour = "" $PFRCToHour = "" $PFNFNotifyPriorExpiration = "" $PFNFPriorExpirationRecipients = "" $PFNFNotifyOnPasswordDisable = "" $PFNFOnPasswordDisableRecipients = "" $PFNFNotifyOnVerificationErrors = "" $PFNFOnVerificationErrorsRecipients = "" $PFNFNotifyOnPasswordUsed = "" $PFNFOnPasswordUsedRecipients = "" $PFPasswordLength = "" $PFMinUpperCase = "" $PFMinLowerCase = "" $PFMinDigit = "" $PFMinSpecial = "" $PFPasswordLevelRequestTimeframe = "" $MoreDetails = Get-VPASPlatformDetails -platformID $PFGeneralID -token $token if($MoreDetails){ $PFSearchForUsages = $MoreDetails.details.SearchForUsages $PFPolicyType = $MoreDetails.details.PolicyType $PFImmediateInterval = $MoreDetails.details.ImmediateInterval $PFInterval = $MoreDetails.details.Interval $PFMaxConcurrentConnections = $MoreDetails.details.MaxConcurrentConnections $PFMinValidityPeriod = $MoreDetails.details.MinValidityPeriod $PFResetOveridesMinValidity = $MoreDetails.details.ResetOveridesMinValidity $PFResetOveridesTimeFrame = $MoreDetails.details.ResetOveridesTimeFrame $PFTimeout = $MoreDetails.details.Timeout $PFUnlockIfFail = $MoreDetails.details.UnlockIfFail $PFUnrecoverableErrors = $MoreDetails.details.UnrecoverableErrors $PFMaximumRetries = $MoreDetails.details.MaximumRetries $PFMinDelayBetweenRetries = $MoreDetails.details.MinDelayBetweenRetries $PFDllName = $MoreDetails.details.DllName $PFXMLFile = $MoreDetails.details.XMLFile $PFHeadStartInterval = $MoreDetails.details.HeadStartInterval $PFFromHour = $MoreDetails.details.FromHour $PFToHour = $MoreDetails.details.ToHour $PFChangeNotificationPeriod = $MoreDetails.details.ChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $MoreDetails.details.DaysNotifyPriorExpiration $PFVFFromHour = $MoreDetails.details.VFFromHour $PFVFToHour = $MoreDetails.details.VFToHour $PFRCReconcileReasons = $MoreDetails.details.RCReconcileReasons $PFRCFromHour = $MoreDetails.details.RCFromHour $PFRCToHour = $MoreDetails.details.RCToHour $PFNFNotifyPriorExpiration = $MoreDetails.details.NFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $MoreDetails.details.NFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $MoreDetails.details.NFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $MoreDetails.details.NFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $MoreDetails.details.NFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $MoreDetails.details.NFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $MoreDetails.details.NFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $MoreDetails.details.NFOnPasswordUsedRecipients $PFPasswordLength = $MoreDetails.details.PasswordLength $PFMinUpperCase = $MoreDetails.details.MinUpperCase $PFMinLowerCase = $MoreDetails.details.MinLowerCase $PFMinDigit = $MoreDetails.details.MinDigit $PFMinSpecial = $MoreDetails.details.MinSpecial $PFPasswordLevelRequestTimeframe = $MoreDetails.details.PasswordLevelRequestTimeframe } $temparr = @{ PFGeneralID = "`"$PFGeneralID`"" PFGeneralName = "`"$PFGeneralName`"" PFGeneralSystemType = "`"$PFGeneralSystemType`"" PFGeneralActive = "`"$PFGeneralActive`"" PFGeneralDescription = "`"$PFGeneralDescription`"" PFGeneralPlatformBaseID = "`"$PFGeneralPlatformBaseID`"" PFGeneralPlatformType = "`"$PFGeneralPlatformType`"" PFPropertiesRequired = "`"$PFPropertiesRequired`"" PFPropertiesOptional = "`"$PFPropertiesOptional`"" PFLinkedAccounts = "`"$PFLinkedAccounts`"" PFCredentialsManagementAllowedSafes = "`"$PFCredentialsManagementAllowedSafes`"" PFCredentialsManagementAllowManualChange = "`"$PFCredentialsManagementAllowManualChange`"" PFCredentialsManagementPerformPeriodicChange = "`"$PFCredentialsManagementPerformPeriodicChange`"" PFCredentialsManagementRequirePasswordChangeEveryXDays = "`"$PFCredentialsManagementRequirePasswordChangeEveryXDays`"" PFCredentialsManagementAllowManualVerification = "`"$PFCredentialsManagementAllowManualVerification`"" PFCredentialsManagementPerformPeriodicVerification = "`"$PFCredentialsManagementPerformPeriodicVerification`"" PFCredentialsManagementRequirePasswordVerificationEveryXDays = "`"$PFCredentialsManagementRequirePasswordVerificationEveryXDays`"" PFCredentialsManagementAllowManualReconciliation = "`"$PFCredentialsManagementAllowManualReconciliation`"" PFCredentialsManagementAutomaticReconcileWhenUnsynched = "`"$PFCredentialsManagementAutomaticReconcileWhenUnsynched`"" PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = "`"$PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation`"" PFSessionManagementRecordAndSaveSessionActivity = "`"$PFSessionManagementRecordAndSaveSessionActivity`"" PFSessionManagementPSMServerID = "`"$PFSessionManagementPSMServerID`"" PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = "`"$PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval`"" PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = "`"$PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess`"" PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = "`"$PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess`"" PFConnectionComponents = "`"$PFConnectionComponents`"" PFSearchForUsages = "`"$PFSearchForUsages`"" PFPolicyType = "`"$PFPolicyType`"" PFImmediateInterval = "`"$PFImmediateInterval`"" PFInterval = "`"$PFInterval`"" PFMaxConcurrentConnections = "`"$PFMaxConcurrentConnections`"" PFMinValidityPeriod = "`"$PFMinValidityPeriod`"" PFResetOveridesMinValidity = "`"$PFResetOveridesMinValidity`"" PFResetOveridesTimeFrame = "`"$PFResetOveridesTimeFrame`"" PFTimeout = "`"$PFTimeout`"" PFUnlockIfFail = "`"$PFUnlockIfFail`"" PFUnrecoverableErrors = "`"$PFUnrecoverableErrors`"" PFMaximumRetries = "`"$PFMaximumRetries`"" PFMinDelayBetweenRetries = "`"$PFMinDelayBetweenRetries`"" PFDllName = "`"$PFDllName`"" PFXMLFile = "`"$PFXMLFile`"" PFHeadStartInterval = "`"$PFHeadStartInterval`"" PFFromHour = "`"$PFFromHour`"" PFToHour = "`"$PFToHour`"" PFChangeNotificationPeriod = "`"$PFChangeNotificationPeriod`"" PFDaysNotifyPriorExpiration = "`"$PFDaysNotifyPriorExpiration`"" PFVFFromHour = "`"$PFVFFromHour`"" PFVFToHour = "`"$PFVFToHour`"" PFRCReconcileReasons = "`"$PFRCReconcileReasons`"" PFRCFromHour = "`"$PFRCFromHour`"" PFRCToHour = "`"$PFRCToHour`"" PFNFNotifyPriorExpiration = "`"$PFNFNotifyPriorExpiration`"" PFNFPriorExpirationRecipients = "`"$PFNFPriorExpirationRecipients`"" PFNFNotifyOnPasswordDisable = "`"$PFNFNotifyOnPasswordDisable`"" PFNFOnPasswordDisableRecipients = "`"$PFNFOnPasswordDisableRecipients`"" PFNFNotifyOnVerificationErrors = "`"$PFNFNotifyOnVerificationErrors`"" PFNFOnVerificationErrorsRecipients = "`"$PFNFOnVerificationErrorsRecipients`"" PFNFNotifyOnPasswordUsed = "`"$PFNFNotifyOnPasswordUsed`"" PFNFOnPasswordUsedRecipients = "`"$PFNFOnPasswordUsedRecipients`"" PFPasswordLength = "`"$PFPasswordLength`"" PFMinUpperCase = "`"$PFMinUpperCase`"" PFMinLowerCase = "`"$PFMinLowerCase`"" PFMinDigit = "`"$PFMinDigit`"" PFMinSpecial = "`"$PFMinSpecial`"" PFPasswordLevelRequestTimeframe = "`"$PFPasswordLevelRequestTimeframe`"" } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter += 1 } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $PFGeneralID = $Data.$key.PFGeneralID $PFGeneralName = $Data.$key.PFGeneralName $PFGeneralSystemType = $Data.$key.PFGeneralSystemType $PFGeneralActive = $Data.$key.PFGeneralActive $PFGeneralDescription = $Data.$key.PFGeneralDescription $PFGeneralPlatformBaseID = $Data.$key.PFGeneralPlatformBaseID $PFGeneralPlatformType = $Data.$key.PFGeneralPlatformType $PFPropertiesRequired = $Data.$key.PFPropertiesRequired $PFPropertiesOptional = $Data.$key.PFPropertiesOptional $PFLinkedAccounts = $Data.$key.PFLinkedAccounts $PFCredentialsManagementAllowedSafes = $Data.$key.PFCredentialsManagementAllowedSafes $PFCredentialsManagementAllowManualChange = $Data.$key.PFCredentialsManagementAllowManualChange $PFCredentialsManagementPerformPeriodicChange = $Data.$key.PFCredentialsManagementPerformPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $Data.$key.PFCredentialsManagementAllowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $Data.$key.PFCredentialsManagementPerformPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $Data.$key.PFCredentialsManagementAllowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $Data.$key.PFCredentialsManagementAutomaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $Data.$key.PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $Data.$key.PFSessionManagementRecordAndSaveSessionActivity $PFSessionManagementPSMServerID = $Data.$key.PFSessionManagementPSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $Data.$key.PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess $PFConnectionComponents = $Data.$key.PFConnectionComponents $PFSearchForUsages = $Data.$key.PFSearchForUsages $PFPolicyType = $Data.$key.PFPolicyType $PFImmediateInterval = $Data.$key.PFImmediateInterval $PFInterval = $Data.$key.PFInterval $PFMaxConcurrentConnections = $Data.$key.PFMaxConcurrentConnections $PFMinValidityPeriod = $Data.$key.PFMinValidityPeriod $PFResetOveridesMinValidity = $Data.$key.PFResetOveridesMinValidity $PFResetOveridesTimeFrame = $Data.$key.PFResetOveridesTimeFrame $PFTimeout = $Data.$key.PFTimeout $PFUnlockIfFail = $Data.$key.PFUnlockIfFail $PFUnrecoverableErrors = $Data.$key.PFUnrecoverableErrors $PFMaximumRetries = $Data.$key.PFMaximumRetries $PFMinDelayBetweenRetries = $Data.$key.PFMinDelayBetweenRetries $PFDllName = $Data.$key.PFDllName $PFXMLFile = $Data.$key.PFXMLFile $PFHeadStartInterval = $Data.$key.PFHeadStartInterval $PFFromHour = $Data.$key.PFFromHour $PFToHour = $Data.$key.PFToHour $PFChangeNotificationPeriod = $Data.$key.PFChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $Data.$key.PFDaysNotifyPriorExpiration $PFVFFromHour = $Data.$key.PFVFFromHour $PFVFToHour = $Data.$key.PFVFToHour $PFRCReconcileReasons = $Data.$key.PFRCReconcileReasons $PFRCFromHour = $Data.$key.PFRCFromHour $PFRCToHour = $Data.$key.PFRCToHour $PFNFNotifyPriorExpiration = $Data.$key.PFNFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $Data.$key.PFNFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $Data.$key.PFNFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $Data.$key.PFNFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $Data.$key.PFNFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $Data.$key.PFNFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $Data.$key.PFNFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $Data.$key.PFNFOnPasswordUsedRecipients $PFPasswordLength = $Data.$key.PFPasswordLength $PFMinUpperCase = $Data.$key.PFMinUpperCase $PFMinLowerCase = $Data.$key.PFMinLowerCase $PFMinDigit = $Data.$key.PFMinDigit $PFMinSpecial = $Data.$key.PFMinSpecial $PFPasswordLevelRequestTimeframe = $Data.$key.PFPasswordLevelRequestTimeframe $temphash = @{ PFGeneralID = $PFGeneralID PFGeneralName = $PFGeneralName PFGeneralSystemType = $PFGeneralSystemType PFGeneralActive = $PFGeneralActive PFGeneralDescription = $PFGeneralDescription PFGeneralPlatformBaseID = $PFGeneralPlatformBaseID PFGeneralPlatformType = $PFGeneralPlatformType PFPropertiesRequired = $PFPropertiesRequired PFPropertiesOptional = $PFPropertiesOptional PFLinkedAccounts = $PFLinkedAccounts PFCredentialsManagementAllowedSafes = $PFCredentialsManagementAllowedSafes PFCredentialsManagementAllowManualChange = $PFCredentialsManagementAllowManualChange PFCredentialsManagementPerformPeriodicChange = $PFCredentialsManagementPerformPeriodicChange PFCredentialsManagementRequirePasswordChangeEveryXDays = $PFCredentialsManagementRequirePasswordChangeEveryXDays PFCredentialsManagementAllowManualVerification = $PFCredentialsManagementAllowManualVerification PFCredentialsManagementPerformPeriodicVerification = $PFCredentialsManagementPerformPeriodicVerification PFCredentialsManagementRequirePasswordVerificationEveryXDays = $PFCredentialsManagementRequirePasswordVerificationEveryXDays PFCredentialsManagementAllowManualReconciliation = $PFCredentialsManagementAllowManualReconciliation PFCredentialsManagementAutomaticReconcileWhenUnsynched = $PFCredentialsManagementAutomaticReconcileWhenUnsynched PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation PFSessionManagementRecordAndSaveSessionActivity = $PFSessionManagementRecordAndSaveSessionActivity PFSessionManagementPSMServerID = $PFSessionManagementPSMServerID PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess PFConnectionComponents = $PFConnectionComponents PFSearchForUsages = $PFSearchForUsages PFPolicyType = $PFPolicyType PFImmediateInterval = $PFImmediateInterval PFInterval = $PFInterval PFMaxConcurrentConnections = $PFMaxConcurrentConnections PFMinValidityPeriod = $PFMinValidityPeriod PFResetOveridesMinValidity = $PFResetOveridesMinValidity PFResetOveridesTimeFrame = $PFResetOveridesTimeFrame PFTimeout = $PFTimeout PFUnlockIfFail = $PFUnlockIfFail PFUnrecoverableErrors = $PFUnrecoverableErrors PFMaximumRetries = $PFMaximumRetries PFMinDelayBetweenRetries = $PFMinDelayBetweenRetries PFDllName = $PFDllName PFXMLFile = $PFXMLFile PFHeadStartInterval = $PFHeadStartInterval PFFromHour = $PFFromHour PFToHour = $PFToHour PFChangeNotificationPeriod = $PFChangeNotificationPeriod PFDaysNotifyPriorExpiration = $PFDaysNotifyPriorExpiration PFVFFromHour = $PFVFFromHour PFVFToHour = $PFVFToHour PFRCReconcileReasons = $PFRCReconcileReasons PFRCFromHour = $PFRCFromHour PFRCToHour = $PFRCToHour PFNFNotifyPriorExpiration = $PFNFNotifyPriorExpiration PFNFPriorExpirationRecipients = $PFNFPriorExpirationRecipients PFNFNotifyOnPasswordDisable = $PFNFNotifyOnPasswordDisable PFNFOnPasswordDisableRecipients = $PFNFOnPasswordDisableRecipients PFNFNotifyOnVerificationErrors = $PFNFNotifyOnVerificationErrors PFNFOnVerificationErrorsRecipients = $PFNFOnVerificationErrorsRecipients PFNFNotifyOnPasswordUsed = $PFNFNotifyOnPasswordUsed PFNFOnPasswordUsedRecipients = $PFNFOnPasswordUsedRecipients PFPasswordLength = $PFPasswordLength PFMinUpperCase = $PFMinUpperCase PFMinLowerCase = $PFMinLowerCase PFMinDigit = $PFMinDigit PFMinSpecial = $PFMinSpecial PFPasswordLevelRequestTimeframe = $PFPasswordLevelRequestTimeframe } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.txt" write-output "SAFE CONTENT REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $PFGeneralID = $Data.$key.PFGeneralID $PFGeneralName = $Data.$key.PFGeneralName $PFGeneralSystemType = $Data.$key.PFGeneralSystemType $PFGeneralActive = $Data.$key.PFGeneralActive $PFGeneralDescription = $Data.$key.PFGeneralDescription $PFGeneralPlatformBaseID = $Data.$key.PFGeneralPlatformBaseID $PFGeneralPlatformType = $Data.$key.PFGeneralPlatformType $PFPropertiesRequired = $Data.$key.PFPropertiesRequired $PFPropertiesOptional = $Data.$key.PFPropertiesOptional $PFLinkedAccounts = $Data.$key.PFLinkedAccounts $PFCredentialsManagementAllowedSafes = $Data.$key.PFCredentialsManagementAllowedSafes $PFCredentialsManagementAllowManualChange = $Data.$key.PFCredentialsManagementAllowManualChange $PFCredentialsManagementPerformPeriodicChange = $Data.$key.PFCredentialsManagementPerformPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $Data.$key.PFCredentialsManagementAllowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $Data.$key.PFCredentialsManagementPerformPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $Data.$key.PFCredentialsManagementAllowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $Data.$key.PFCredentialsManagementAutomaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $Data.$key.PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $Data.$key.PFSessionManagementRecordAndSaveSessionActivity $PFSessionManagementPSMServerID = $Data.$key.PFSessionManagementPSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $Data.$key.PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess $PFConnectionComponents = $Data.$key.PFConnectionComponents $PFSearchForUsages = $Data.$key.PFSearchForUsages $PFPolicyType = $Data.$key.PFPolicyType $PFImmediateInterval = $Data.$key.PFImmediateInterval $PFInterval = $Data.$key.PFInterval $PFMaxConcurrentConnections = $Data.$key.PFMaxConcurrentConnections $PFMinValidityPeriod = $Data.$key.PFMinValidityPeriod $PFResetOveridesMinValidity = $Data.$key.PFResetOveridesMinValidity $PFResetOveridesTimeFrame = $Data.$key.PFResetOveridesTimeFrame $PFTimeout = $Data.$key.PFTimeout $PFUnlockIfFail = $Data.$key.PFUnlockIfFail $PFUnrecoverableErrors = $Data.$key.PFUnrecoverableErrors $PFMaximumRetries = $Data.$key.PFMaximumRetries $PFMinDelayBetweenRetries = $Data.$key.PFMinDelayBetweenRetries $PFDllName = $Data.$key.PFDllName $PFXMLFile = $Data.$key.PFXMLFile $PFHeadStartInterval = $Data.$key.PFHeadStartInterval $PFFromHour = $Data.$key.PFFromHour $PFToHour = $Data.$key.PFToHour $PFChangeNotificationPeriod = $Data.$key.PFChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $Data.$key.PFDaysNotifyPriorExpiration $PFVFFromHour = $Data.$key.PFVFFromHour $PFVFToHour = $Data.$key.PFVFToHour $PFRCReconcileReasons = $Data.$key.PFRCReconcileReasons $PFRCFromHour = $Data.$key.PFRCFromHour $PFRCToHour = $Data.$key.PFRCToHour $PFNFNotifyPriorExpiration = $Data.$key.PFNFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $Data.$key.PFNFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $Data.$key.PFNFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $Data.$key.PFNFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $Data.$key.PFNFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $Data.$key.PFNFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $Data.$key.PFNFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $Data.$key.PFNFOnPasswordUsedRecipients $PFPasswordLength = $Data.$key.PFPasswordLength $PFMinUpperCase = $Data.$key.PFMinUpperCase $PFMinLowerCase = $Data.$key.PFMinLowerCase $PFMinDigit = $Data.$key.PFMinDigit $PFMinSpecial = $Data.$key.PFMinSpecial $PFPasswordLevelRequestTimeframe = $Data.$key.PFPasswordLevelRequestTimeframe $str += "ID: $PFGeneralID`r`n" $str += "Name: $PFGeneralName`r`n" $str += "SystemType: $PFGeneralSystemType`r`n" $str += "Active: $PFGeneralActive`r`n" $str += "Description: $PFGeneralDescription`r`n" $str += "PlatformBaseID: $PFGeneralPlatformBaseID`r`n" $str += "PlatformType: $PFGeneralPlatformType`r`n" $str += "PropertiesRequired: $PFPropertiesRequired`r`n" $str += "PropertiesOptional: $PFPropertiesOptional`r`n" $str += "LinkedAccounts: $PFLinkedAccounts`r`n" $str += "AllowedSafes: $PFCredentialsManagementAllowedSafes`r`n" $str += "AllowManualChange: $PFCredentialsManagementAllowManualChange`r`n" $str += "PerformPeriodicChange: $PFCredentialsManagementPerformPeriodicChange`r`n" $str += "RequirePasswordChangeEveryXDays: $PFCredentialsManagementRequirePasswordChangeEveryXDays`r`n" $str += "AllowManualVerification: $PFCredentialsManagementAllowManualVerification`r`n" $str += "PerformPeriodicVerification: $PFCredentialsManagementPerformPeriodicVerification`r`n" $str += "RequirePasswordVerificationEveryXDays: $PFCredentialsManagementRequirePasswordVerificationEveryXDays`r`n" $str += "AllowManualReconciliation: $PFCredentialsManagementAllowManualReconciliation`r`n" $str += "AutomaticReconcileWhenUnsynched: $PFCredentialsManagementAutomaticReconcileWhenUnsynched`r`n" $str += "RequirePrivilegedSessionMonitoringAndIsolation: $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation`r`n" $str += "RecordAndSaveSessionActivity: $PFSessionManagementRecordAndSaveSessionActivity`r`n" $str += "PSMServerID: $PFSessionManagementPSMServerID`r`n" $str += "RequireDualControlPasswordAccessApproval: $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval`r`n" $str += "EnforceCheckinCheckoutExclusiveAccess: $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess`r`n" $str += "EnforceOnetimePasswordAccess: $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess`r`n" $str += "ConnectionComponents: $PFConnectionComponents`r`n" $str += "SearchForUsages: $PFSearchForUsages`r`n" $str += "PolicyType: $PFPolicyType`r`n" $str += "ImmediateInterval: $PFImmediateInterval`r`n" $str += "Interval: $PFInterval`r`n" $str += "MaxConcurrentConnections: $PFMaxConcurrentConnections`r`n" $str += "MinValidityPeriod: $PFMinValidityPeriod`r`n" $str += "ResetOveridesMinValidity: $PFResetOveridesMinValidity`r`n" $str += "ResetOveridesTimeFrame: $PFResetOveridesTimeFrame`r`n" $str += "Timeout: $PFTimeout`r`n" $str += "UnlockIfFail: $PFUnlockIfFail`r`n" $str += "UnrecoverableErrors: $PFUnrecoverableErrors`r`n" $str += "MaximumRetries: $PFMaximumRetries`r`n" $str += "MinDelayBetweenRetries: $PFMinDelayBetweenRetries`r`n" $str += "DllName: $PFDllName`r`n" $str += "XMLFile: $PFXMLFile`r`n" $str += "HeadStartInterval: $PFHeadStartInterval`r`n" $str += "FromHour: $PFFromHour`r`n" $str += "ToHour: $PFToHour`r`n" $str += "ChangeNotificationPeriod: $PFChangeNotificationPeriod`r`n" $str += "DaysNotifyPriorExpiration: $PFDaysNotifyPriorExpiration`r`n" $str += "VFFromHour: $PFVFFromHour`r`n" $str += "VFToHour: $PFVFToHour`r`n" $str += "RCReconcileReasons: $PFRCReconcileReasons`r`n" $str += "RCFromHour: $PFRCFromHour`r`n" $str += "RCToHour: $PFRCToHour`r`n" $str += "NFNotifyPriorExpiration: $PFNFNotifyPriorExpiration`r`n" $str += "NFPriorExpirationRecipients: $PFNFPriorExpirationRecipients`r`n" $str += "NFNotifyOnPasswordDisable: $PFNFNotifyOnPasswordDisable`r`n" $str += "NFOnPasswordDisableRecipients: $PFNFOnPasswordDisableRecipients`r`n" $str += "NFNotifyOnVerificationErrors: $PFNFNotifyOnVerificationErrors`r`n" $str += "NFOnVerificationErrorsRecipients: $PFNFOnVerificationErrorsRecipients`r`n" $str += "NFNotifyOnPasswordUsed: $PFNFNotifyOnPasswordUsed`r`n" $str += "NFOnPasswordUsedRecipients: $PFNFOnPasswordUsedRecipients`r`n" $str += "PasswordLength: $PFPasswordLength`r`n" $str += "MinUpperCase: $PFMinUpperCase`r`n" $str += "MinLowerCase: $PFMinLowerCase`r`n" $str += "MinDigit: $PFMinDigit`r`n" $str += "MinSpecial: $PFMinSpecial`r`n" $str += "PasswordLevelRequestTimeframe: $PFPasswordLevelRequestTimeframe`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.csv" write-output "ID,Name,SystemType,Active,Description,PlatformBaseID,PlatformType,PropertiesRequired,PropertiesOptional,LinkedAccounts,AllowedSafes,AllowManualChange,PerformPeriodicChange,RequirePasswordChangeEveryXDays,AllowManualVerification,PerformPeriodicVerification,RequirePasswordVerificationEveryXDays,AllowManualReconciliation,AutomaticReconcileWhenUnsynched,RequirePrivilegedSessionMonitoringAndIsolation,RecordAndSaveSessionActivity,PSMServerID,RequireDualControlPasswordAccessApproval,EnforceCheckinCheckoutExclusiveAccess,EnforceOnetimePasswordAccess,ConnectionComponents,SearchForUsages,PolicyType,ImmediateInterval,Interval,MaxConcurrentConnections,MinValidityPeriod,ResetOveridesMinValidity,ResetOveridesTimeFrame,Timeout,UnlockIfFail,UnrecoverableErrors,MaximumRetries,MinDelayBetweenRetries,DllName,XMLFile,HeadStartInterval,FromHour,ToHour,ChangeNotificationPeriod,DaysNotifyPriorExpiration,VFFromHour,VFToHour,RCReconcileReasons,RCFromHour,RCToHour,NFNotifyPriorExpiration,NFPriorExpirationRecipients,NFNotifyOnPasswordDisable,NFOnPasswordDisableRecipients,NFNotifyOnVerificationErrors,NFOnVerificationErrorsRecipients,NFNotifyOnPasswordUsed,NFOnPasswordUsedRecipients,PasswordLength,MinUpperCase,MinLowerCase,MinDigit,MinSpecial,PasswordLevelRequestTimeframe" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $PFGeneralID = $Data.$key.PFGeneralID $PFGeneralName = $Data.$key.PFGeneralName $PFGeneralSystemType = $Data.$key.PFGeneralSystemType $PFGeneralActive = $Data.$key.PFGeneralActive $PFGeneralDescription = $Data.$key.PFGeneralDescription $PFGeneralPlatformBaseID = $Data.$key.PFGeneralPlatformBaseID $PFGeneralPlatformType = $Data.$key.PFGeneralPlatformType $PFPropertiesRequired = $Data.$key.PFPropertiesRequired $PFPropertiesOptional = $Data.$key.PFPropertiesOptional $PFLinkedAccounts = $Data.$key.PFLinkedAccounts $PFCredentialsManagementAllowedSafes = $Data.$key.PFCredentialsManagementAllowedSafes $PFCredentialsManagementAllowManualChange = $Data.$key.PFCredentialsManagementAllowManualChange $PFCredentialsManagementPerformPeriodicChange = $Data.$key.PFCredentialsManagementPerformPeriodicChange $PFCredentialsManagementRequirePasswordChangeEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordChangeEveryXDays $PFCredentialsManagementAllowManualVerification = $Data.$key.PFCredentialsManagementAllowManualVerification $PFCredentialsManagementPerformPeriodicVerification = $Data.$key.PFCredentialsManagementPerformPeriodicVerification $PFCredentialsManagementRequirePasswordVerificationEveryXDays = $Data.$key.PFCredentialsManagementRequirePasswordVerificationEveryXDays $PFCredentialsManagementAllowManualReconciliation = $Data.$key.PFCredentialsManagementAllowManualReconciliation $PFCredentialsManagementAutomaticReconcileWhenUnsynched = $Data.$key.PFCredentialsManagementAutomaticReconcileWhenUnsynched $PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation = $Data.$key.PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation $PFSessionManagementRecordAndSaveSessionActivity = $Data.$key.PFSessionManagementRecordAndSaveSessionActivity $PFSessionManagementPSMServerID = $Data.$key.PFSessionManagementPSMServerID $PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval = $Data.$key.PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval $PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess $PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess = $Data.$key.PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess $PFConnectionComponents = $Data.$key.PFConnectionComponents $PFSearchForUsages = $Data.$key.PFSearchForUsages $PFPolicyType = $Data.$key.PFPolicyType $PFImmediateInterval = $Data.$key.PFImmediateInterval $PFInterval = $Data.$key.PFInterval $PFMaxConcurrentConnections = $Data.$key.PFMaxConcurrentConnections $PFMinValidityPeriod = $Data.$key.PFMinValidityPeriod $PFResetOveridesMinValidity = $Data.$key.PFResetOveridesMinValidity $PFResetOveridesTimeFrame = $Data.$key.PFResetOveridesTimeFrame $PFTimeout = $Data.$key.PFTimeout $PFUnlockIfFail = $Data.$key.PFUnlockIfFail $PFUnrecoverableErrors = $Data.$key.PFUnrecoverableErrors $PFMaximumRetries = $Data.$key.PFMaximumRetries $PFMinDelayBetweenRetries = $Data.$key.PFMinDelayBetweenRetries $PFDllName = $Data.$key.PFDllName $PFXMLFile = $Data.$key.PFXMLFile $PFHeadStartInterval = $Data.$key.PFHeadStartInterval $PFFromHour = $Data.$key.PFFromHour $PFToHour = $Data.$key.PFToHour $PFChangeNotificationPeriod = $Data.$key.PFChangeNotificationPeriod $PFDaysNotifyPriorExpiration = $Data.$key.PFDaysNotifyPriorExpiration $PFVFFromHour = $Data.$key.PFVFFromHour $PFVFToHour = $Data.$key.PFVFToHour $PFRCReconcileReasons = $Data.$key.PFRCReconcileReasons $PFRCFromHour = $Data.$key.PFRCFromHour $PFRCToHour = $Data.$key.PFRCToHour $PFNFNotifyPriorExpiration = $Data.$key.PFNFNotifyPriorExpiration $PFNFPriorExpirationRecipients = $Data.$key.PFNFPriorExpirationRecipients $PFNFNotifyOnPasswordDisable = $Data.$key.PFNFNotifyOnPasswordDisable $PFNFOnPasswordDisableRecipients = $Data.$key.PFNFOnPasswordDisableRecipients $PFNFNotifyOnVerificationErrors = $Data.$key.PFNFNotifyOnVerificationErrors $PFNFOnVerificationErrorsRecipients = $Data.$key.PFNFOnVerificationErrorsRecipients $PFNFNotifyOnPasswordUsed = $Data.$key.PFNFNotifyOnPasswordUsed $PFNFOnPasswordUsedRecipients = $Data.$key.PFNFOnPasswordUsedRecipients $PFPasswordLength = $Data.$key.PFPasswordLength $PFMinUpperCase = $Data.$key.PFMinUpperCase $PFMinLowerCase = $Data.$key.PFMinLowerCase $PFMinDigit = $Data.$key.PFMinDigit $PFMinSpecial = $Data.$key.PFMinSpecial $PFPasswordLevelRequestTimeframe = $Data.$key.PFPasswordLevelRequestTimeframe $str = "$PFGeneralID,$PFGeneralName,$PFGeneralSystemType,$PFGeneralActive,$PFGeneralDescription,$PFGeneralPlatformBaseID,$PFGeneralPlatformType,$PFPropertiesRequired,$PFPropertiesOptional,$PFLinkedAccounts,$PFCredentialsManagementAllowedSafes,$PFCredentialsManagementAllowManualChange,$PFCredentialsManagementPerformPeriodicChange,$PFCredentialsManagementRequirePasswordChangeEveryXDays,$PFCredentialsManagementAllowManualVerification,$PFCredentialsManagementPerformPeriodicVerification,$PFCredentialsManagementRequirePasswordVerificationEveryXDays,$PFCredentialsManagementAllowManualReconciliation,$PFCredentialsManagementAutomaticReconcileWhenUnsynched,$PFSessionManagementRequirePrivilegedSessionMonitoringAndIsolation,$PFSessionManagementRecordAndSaveSessionActivity,$PFSessionManagementPSMServerID,$PFPrivilegedAccessWorkflowsRequireDualControlPasswordAccessApproval,$PFPrivilegedAccessWorkflowsEnforceCheckinCheckoutExclusiveAccess,$PFPrivilegedAccessWorkflowsEnforceOnetimePasswordAccess,$PFConnectionComponents,$PFSearchForUsages,$PFPolicyType,$PFImmediateInterval,$PFInterval,$PFMaxConcurrentConnections,$PFMinValidityPeriod,$PFResetOveridesMinValidity,$PFResetOveridesTimeFrame,$PFTimeout,$PFUnlockIfFail,$PFUnrecoverableErrors,$PFMaximumRetries,$PFMinDelayBetweenRetries,$PFDllName,$PFXMLFile,$PFHeadStartInterval,$PFFromHour,$PFToHour,$PFChangeNotificationPeriod,$PFDaysNotifyPriorExpiration,$PFVFFromHour,$PFVFToHour,$PFRCReconcileReasons,$PFRCFromHour,$PFRCToHour,$PFNFNotifyPriorExpiration,$PFNFPriorExpirationRecipients,$PFNFNotifyOnPasswordDisable,$PFNFOnPasswordDisableRecipients,$PFNFNotifyOnVerificationErrors,$PFNFOnVerificationErrorsRecipients,$PFNFNotifyOnPasswordUsed,$PFNFOnPasswordUsedRecipients,$PFPasswordLength,$PFMinUpperCase,$PFMinLowerCase,$PFMinDigit,$PFMinSpecial,$PFPasswordLevelRequestTimeframe" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformDetails.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "EPVUsers"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO EPVSearch SUPPLIED, ENTER EITHER AN EPVGROUP OR EPVUSER (To report on all epv users type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET EPVUSER(S) AND GROUP(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL EPVUsers, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } if($NoSSL){ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $result.Users } else{ $uri = "https://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true" if($sessionval){ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $result = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $result.Users } if(!$AllUsers){ Write-VPASOutput -str "UNABLE TO QUERY EPVUSERS" -type E Write-Verbose "UNABLE TO QUERY EPVUSERS...RETURNING FALSE" return $false } } else{ if($NoSSL){ if($WildCardSearch){ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $response.Users } else{ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output = @() foreach($rec in $response.Users){ $miniout = @{} $recid = $rec.id $recusername = $rec.username $recsource = $rec.source $recuserType = $rec.userType $reccomponentUser = $rec.componentUser $reclocation = $rec.location $recenableUser = $rec.enableUser $recsuspended = $rec.suspended $recgroupsMembership = $rec.groupsMembership $recvaultAuthorization = $rec.vaultAuthorization $recpersonalDetails = $rec.personalDetails if($recusername -eq $SearchQuery){ $miniout = @{ id = $recid username = $recusername source = $recsource userType = $recuserType componentUser = $reccomponentUser location = $reclocation enableUser = $recenableUser suspended = $recsuspended groupsMembership = $recgroupsMembership vaultAuthorization = $recvaultAuthorization personalDetails = $recpersonalDetails } $output += $miniout } } $AllUsers = $output | ConvertTo-Json $AllUsers = $AllUsers | ConvertFrom-Json } if(!$AllUsers){ Write-VPASOutput -str "UNABLE TO FIND $SearchQuery" -type E Write-Verbose "UNABLE TO FIND $SearchQuery...RETURNING FALSE" return $false } } else{ if($WildCardSearch){ $uri = "https://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $AllUsers = $response.Users } else{ $uri = "http://$PVWA/PasswordVault/api/Users?ExtendedDetails=$true&Search=$SearchQuery" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output = @() foreach($rec in $response.Users){ $miniout = @{} $recid = $rec.id $recusername = $rec.username $recsource = $rec.source $recuserType = $rec.userType $reccomponentUser = $rec.componentUser $reclocation = $rec.location $recenableUser = $rec.enableUser $recsuspended = $rec.suspended $recgroupsMembership = $rec.groupsMembership $recvaultAuthorization = $rec.vaultAuthorization $recpersonalDetails = $rec.personalDetails if($recusername -eq $SearchQuery){ $miniout = @{ id = $recid username = $recusername source = $recsource userType = $recuserType componentUser = $reccomponentUser location = $reclocation enableUser = $recenableUser suspended = $recsuspended groupsMembership = $recgroupsMembership vaultAuthorization = $recvaultAuthorization personalDetails = $recpersonalDetails } $output += $miniout } } $AllUsers = $output | ConvertTo-Json $AllUsers = $AllUsers | ConvertFrom-Json } if(!$AllUsers){ Write-VPASOutput -str "UNABLE TO FIND $SearchQuery" -type E Write-Verbose "UNABLE TO FIND $SearchQuery...RETURNING FALSE" return $false } } } $Data = @{} $counter = 1 foreach($user in $AllUsers){ $temparr = @{} $EPVid = $user.id $EPVusername = $user.username $EPVsource = $user.source $EPVusertype = $user.userType $EPVcomponentuser = $user.componentUser $EPVlocation = $user.location $EPVenableuser = $user.enableUser $EPVsuspended = $user.suspended $EPVfirstName = $user.personalDetails.firstName $EPVmiddleName = $user.personalDetails.middleName $EPVlastName = $user.personalDetails.lastName $EPVorganization = $user.personalDetails.organization $EPVdepartment = $user.personalDetails.department $EPVgroups = "" foreach($group in $user.groupsMembership){ $EPVgroupid = $group.groupID $EPVgroupname = $group.groupName $EPVgrouptype = $group.groupType $EPVgroups += "($EPVgroupid|$EPVgroupname|$EPVgrouptype);" } $EPVAddSafes = "FALSE" $EPVAuditUsers = "FALSE" $EPVAddUpdateUsers = "FALSE" $EPVResetUsersPasswords = "FALSE" $EPVActivateUsers = "FALSE" $EPVAddNetworkAreas = "FALSE" $EPVManageDirectoryMapping = "FALSE" $EPVManageServerFileCategories = "FALSE" $EPVBackupAllSafes = "FALSE" $EPVRestoreAllSafes = "FALSE" foreach($permission in $user.vaultAuthorization){ if($permission -eq "AddSafes"){ $EPVAddSafes = "TRUE" } elseif($permission -eq "AuditUsers"){ $EPVAuditUsers = "TRUE" } elseif($permission -eq "AddUpdateUsers"){ $EPVAddUpdateUsers = "TRUE" } elseif($permission -eq "ResetUsersPasswords"){ $EPVResetUsersPasswords = "TRUE" } elseif($permission -eq "ActivateUsers"){ $EPVActivateUsers = "TRUE" } elseif($permission -eq "AddNetworkAreas"){ $EPVAddNetworkAreas = "TRUE" } elseif($permission -eq "ManageDirectoryMapping"){ $EPVManageDirectoryMapping = "TRUE" } elseif($permission -eq "ManageServerFileCategories"){ $EPVManageServerFileCategories = "TRUE" } elseif($permission -eq "BackupAllSafes"){ $EPVBackupAllSafes = "TRUE" } elseif($permission -eq "RestoreAllSafes"){ $EPVRestoreAllSafes = "TRUE" } } $temparr = @{ EPVID = $EPVid EPVUsername = $EPVusername EPVSource = $EPVsource EPVUserType = $EPVusertype EPVComponentUser = $EPVcomponentuser EPVLocation = $EPVlocation EPVEnabledUser = $EPVenableuser EPVSuspended = $EPVsuspended EPVFirstName = $EPVfirstName EPVMiddleName = $EPVmiddleName EPVLastName = $EPVlastName EPVOrganization = $EPVorganization EPVDepartment = $EPVdepartment EPVGroups = $EPVgroups EPVAddSafes = $EPVAddSafes EPVAuditUsers = $EPVAuditUsers EPVAddUpdateUsers = $EPVAddUpdateUsers EPVResetUsersPasswords = $EPVResetUsersPasswords EPVActivateUsers = $EPVActivateUsers EPVAddNetworkAreas = $EPVAddNetworkAreas EPVManageDirectoryMapping = $EPVManageDirectoryMapping EPVManageServerFileCategories = $EPVManageServerFileCategories EPVBackupAllSafes = $EPVBackupAllSafes EPVRestoreAllSafes = $EPVRestoreAllSafes } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter += 1 } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $EPVID = $Data.$key.EPVID $EPVUsername = $Data.$key.EPVUsername $EPVSource = $Data.$key.EPVSource $EPVUserType = $Data.$key.EPVUserType $EPVComponentUser = $Data.$key.EPVComponentUser $EPVLocation = $Data.$key.EPVLocation $EPVEnabledUser = $Data.$key.EPVEnabledUser $EPVSuspended = $Data.$key.EPVSuspended $EPVFirstName = $Data.$key.EPVFirstName $EPVMiddleName = $Data.$key.EPVMiddleName $EPVLastName = $Data.$key.EPVLastName $EPVOrganization = $Data.$key.EPVOrganization $EPVDepartment = $Data.$key.EPVDepartment $EPVGroups = $Data.$key.EPVGroups $EPVAddSafes = $Data.$key.EPVAddSafes $EPVAuditUsers = $Data.$key.EPVAuditUsers $EPVAddUpdateUsers = $Data.$key.EPVAddUpdateUsers $EPVResetUsersPasswords = $Data.$key.EPVResetUsersPasswords $EPVActivateUsers = $Data.$key.EPVActivateUsers $EPVAddNetworkAreas = $Data.$key.EPVAddNetworkAreas $EPVManageDirectoryMapping = $Data.$key.EPVManageDirectoryMapping $EPVManageServerFileCategories = $Data.$key.EPVManageServerFileCategories $EPVBackupAllSafes = $Data.$key.EPVBackupAllSafes $EPVRestoreAllSafes = $Data.$key.EPVRestoreAllSafes $temphash = @{ ID = $EPVID Username = $EPVUsername Source = $EPVSource UserType = $EPVUserType ComponentUser = $EPVComponentUser Location = $EPVLocation EnabledUser = $EPVEnabledUser Suspended = $EPVSuspended FirstName = $EPVFirstName MiddleName = $EPVMiddleName LastName = $EPVLastName Organization = $EPVOrganization Department = $EPVDepartment Groups = $EPVGroups AddSafes = $EPVAddSafes AuditUsers = $EPVAuditUsers AddUpdateUsers = $EPVAddUpdateUsers ResetUsersPasswords = $EPVResetUsersPasswords ActivateUsers = $EPVActivateUsers AddNetworkAreas = $EPVAddNetworkAreas ManageDirectoryMapping = $EPVManageDirectoryMapping ManageServerFileCategories = $EPVManageServerFileCategories BackupAllSafes = $EPVBackupAllSafes RestoreAllSafes = $EPVRestoreAllSafes } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.txt" write-output "SAFE CONTENT REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $EPVID = $Data.$key.EPVID $EPVUsername = $Data.$key.EPVUsername $EPVSource = $Data.$key.EPVSource $EPVUserType = $Data.$key.EPVUserType $EPVComponentUser = $Data.$key.EPVComponentUser $EPVLocation = $Data.$key.EPVLocation $EPVEnabledUser = $Data.$key.EPVEnabledUser $EPVSuspended = $Data.$key.EPVSuspended $EPVFirstName = $Data.$key.EPVFirstName $EPVMiddleName = $Data.$key.EPVMiddleName $EPVLastName = $Data.$key.EPVLastName $EPVOrganization = $Data.$key.EPVOrganization $EPVDepartment = $Data.$key.EPVDepartment $EPVGroups = $Data.$key.EPVGroups $EPVAddSafes = $Data.$key.EPVAddSafes $EPVAuditUsers = $Data.$key.EPVAuditUsers $EPVAddUpdateUsers = $Data.$key.EPVAddUpdateUsers $EPVResetUsersPasswords = $Data.$key.EPVResetUsersPasswords $EPVActivateUsers = $Data.$key.EPVActivateUsers $EPVAddNetworkAreas = $Data.$key.EPVAddNetworkAreas $EPVManageDirectoryMapping = $Data.$key.EPVManageDirectoryMapping $EPVManageServerFileCategories = $Data.$key.EPVManageServerFileCategories $EPVBackupAllSafes = $Data.$key.EPVBackupAllSafes $EPVRestoreAllSafes = $Data.$key.EPVRestoreAllSafes $str += "EPVID: $EPVID`r`n" $str += "EPVUsername: $EPVUsername`r`n" $str += "EPVSource: $EPVSource`r`n" $str += "EPVUserType: $EPVUserType`r`n" $str += "EPVComponentUser: $EPVComponentUser`r`n" $str += "EPVLocation: $EPVLocation`r`n" $str += "EPVEnabledUser: $EPVEnabledUser`r`n" $str += "EPVSuspended: $EPVSuspended`r`n" $str += "EPVFirstName: $EPVFirstName`r`n" $str += "EPVMiddleName: $EPVMiddleName`r`n" $str += "EPVLastName: $EPVLastName`r`n" $str += "EPVOrganization: $EPVOrganization`r`n" $str += "EPVDepartment: $EPVDepartment`r`n" $str += "EPVGroups (EPVGroupID|EPVGroupName|EPVGroupType): $EPVGroups`r`n" $str += "EPVAddSafes: $EPVAddSafes`r`n" $str += "EPVAuditUsers: $EPVAuditUsers`r`n" $str += "EPVAddUpdateUsers: $EPVAddUpdateUsers`r`n" $str += "EPVResetUsersPasswords: $EPVResetUsersPasswords`r`n" $str += "EPVActivateUsers: $EPVActivateUsers`r`n" $str += "EPVAddNetworkAreas: $EPVAddNetworkAreas`r`n" $str += "EPVManageDirectoryMapping: $EPVManageDirectoryMapping`r`n" $str += "EPVManageServerFileCategories: $EPVManageServerFileCategories`r`n" $str += "EPVBackupAllSafes: $EPVBackupAllSafes`r`n" $str += "EPVRestoreAllSafes: $EPVRestoreAllSafes`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.csv" write-output "ID,Username,Source,UserType,ComponentUser,Location,EnabledUser,Suspended,FirstName,MiddleName,LastName,Organization,Department,Groups(EPVGroupID|EPVGroupName|EPVGroupType),AddSafes,AuditUsers,AddUpdateUsers,ResetUsersPasswords,ActivateUsers,AddNetworkAreas,ManageDirectoryMapping,ManageServerFileCategories,BackupAllSafes,RestoreAllSafes" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $EPVID = $Data.$key.EPVID $EPVUsername = $Data.$key.EPVUsername $EPVSource = $Data.$key.EPVSource $EPVUserType = $Data.$key.EPVUserType $EPVComponentUser = $Data.$key.EPVComponentUser $EPVLocation = $Data.$key.EPVLocation $EPVEnabledUser = $Data.$key.EPVEnabledUser $EPVSuspended = $Data.$key.EPVSuspended $EPVFirstName = $Data.$key.EPVFirstName $EPVMiddleName = $Data.$key.EPVMiddleName $EPVLastName = $Data.$key.EPVLastName $EPVOrganization = $Data.$key.EPVOrganization $EPVDepartment = $Data.$key.EPVDepartment $EPVGroups = $Data.$key.EPVGroups $EPVAddSafes = $Data.$key.EPVAddSafes $EPVAuditUsers = $Data.$key.EPVAuditUsers $EPVAddUpdateUsers = $Data.$key.EPVAddUpdateUsers $EPVResetUsersPasswords = $Data.$key.EPVResetUsersPasswords $EPVActivateUsers = $Data.$key.EPVActivateUsers $EPVAddNetworkAreas = $Data.$key.EPVAddNetworkAreas $EPVManageDirectoryMapping = $Data.$key.EPVManageDirectoryMapping $EPVManageServerFileCategories = $Data.$key.EPVManageServerFileCategories $EPVBackupAllSafes = $Data.$key.EPVBackupAllSafes $EPVRestoreAllSafes = $Data.$key.EPVRestoreAllSafes $str = "$EPVID,$EPVUsername,$EPVSource,$EPVUserType,$EPVComponentUser,$EPVLocation,$EPVEnabledUser,$EPVSuspended,$EPVFirstName,$EPVMiddleName,$EPVLastName,$EPVOrganization,$EPVDepartment,$EPVGroups,$EPVAddSafes,$EPVAuditUsers,$EPVAddUpdateUsers,$EPVResetUsersPasswords,$EPVActivateUsers,$EPVAddNetworkAreas,$EPVManageDirectoryMapping,$EPVManageServerFileCategories,$EPVBackupAllSafes,$EPVRestoreAllSafes" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\EPVUsers.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "ApplicationIDAuthentications"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO APPLICATION ID SUPPLIED, ENTER APPLICATION ID (To report on all ApplicationIDs type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET APPLICATION ID(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL ApplicationIDs, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } $ApplicationIDs = Get-VPASAllApplications -token $token if(!$ApplicationIDs){ Write-VPASOutput -str "UNABLE TO QUERY APPLICATION IDS" -type E Write-Verbose "UNABLE TO QUERY APPLICATION IDS...RETURNING FALSE" return $false } else{ $TargetAppIDs = $ApplicationIDs.AppID } } else{ $TargetAppIDs = @() $ApplicationIDs = Get-VPASAllApplications -token $token if(!$ApplicationIDs){ Write-VPASOutput -str "UNABLE TO QUERY APPLICATION IDS" -type E Write-Verbose "UNABLE TO QUERY APPLICATION IDS...RETURNING FALSE" return $false } if($WildCardSearch){ foreach($rec in $ApplicationIDs.AppID){ if($rec -match $SearchQuery){ $TargetAppIDs += @($rec) } } } else{ foreach($rec in $ApplicationIDs.AppID){ if($rec -eq $SearchQuery){ $TargetAppIDs = @($rec) } } } } $Data = @{} $counter = 1 $uniqueIDs = @() Write-Verbose "QUERYING CYBERARK FOR APPLICATION ID AUTHENTICATIONS FOR TARGET APPLICATION ID(S)" foreach($appID in $TargetAppIDs){ $AllAuthentications = Get-VPASApplicationAuthentications -AppID $appID foreach($auth in $AllAuthentications.authentication){ $temparr = @{} $AuthAllowInternalScripts = $auth.AllowInternalScripts $AuthAppID = $auth.AppID $AuthAuthType = $auth.AuthType $AuthAuthValue = $auth.AuthValue $AuthComment = $auth.Comment $AuthIsFolder = $auth.IsFolder $AuthauthID = $auth.authID $temparr = @{ AllowInternalScripts = $AuthAllowInternalScripts AppID = $AuthAppID AuthType = $AuthAuthType AuthValue = $AuthAuthValue Comment = $AuthComment IsFolder = $AuthIsFolder AuthID = $AuthauthID } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $AuthAllowInternalScripts = $Data.$key.AllowInternalScripts $AuthAppID = $Data.$key.AppID $AuthAuthType = $Data.$key.AuthType $AuthAuthValue = $Data.$key.AuthValue $AuthComment = $Data.$key.Comment $AuthIsFolder = $Data.$key.IsFolder $AuthauthID = $Data.$key.AuthID $temphash = @{ AllowInternalScripts = $AuthAllowInternalScripts AppID = $AuthAppID AuthType = $AuthAuthType AuthValue = $AuthAuthValue Comment = $AuthComment IsFolder = $AuthIsFolder AuthID = $AuthauthID } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\ApplicationIDAuthentications.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\ApplicationIDAuthentications.txt" write-output "APPLICATION AUTHENTICATIONS REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $AuthAllowInternalScripts = $Data.$key.AllowInternalScripts $AuthAppID = $Data.$key.AppID $AuthAuthType = $Data.$key.AuthType $AuthAuthValue = $Data.$key.AuthValue $AuthComment = $Data.$key.Comment $AuthIsFolder = $Data.$key.IsFolder $AuthauthID = $Data.$key.AuthID $str += "AllowInternalScripts: $AuthAllowInternalScripts`r`n" $str += "AppID: $AuthAppID`r`n" $str += "AuthType: $AuthAuthType`r`n" $str += "AuthValue: $AuthAuthValue`r`n" $str += "Comment: $AuthComment`r`n" $str += "IsFolder: $AuthIsFolder`r`n" $str += "AuthID: $AuthauthID`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\ApplicationIDAuthentications.csv" write-output "AppID,AllowInternalScripts,AuthType,AuthValue,Comment,IsFolder,AuthID" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $AuthAllowInternalScripts = $Data.$key.AllowInternalScripts $AuthAppID = $Data.$key.AppID $AuthAuthType = $Data.$key.AuthType $AuthAuthValue = $Data.$key.AuthValue $AuthComment = $Data.$key.Comment $AuthIsFolder = $Data.$key.IsFolder $AuthauthID = $Data.$key.AuthID $str = "$AuthAppID,$AuthAllowInternalScripts,$AuthAuthType,$AuthAuthValue,$AuthComment,$AuthIsFolder,$AuthauthID" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\ApplicationIDAuthentications.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\ApplicationIDAuthentications.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } if($ReportType -eq "PlatformLinkedAccounts"){ if([String]::IsNullOrEmpty($SearchQuery)){ Write-VPASOutput -str "NO PLATFORM ID SUPPLIED, ENTER PLATFORM ID (To report on all Platforms type ALL): " -type Y $SearchQuery = Read-Host } $SearchQuery = $SearchQuery.ToLower() Write-Verbose "QUERYING CYBERARK FOR TARGET PLATFORM ID(S)" if($SearchQuery -eq "all"){ if(!$Confirm){ Write-VPASOutput -str "This report will run against ALL Platforms, and could take some time depending on environment size" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $contreport = Read-Host if([String]::IsNullOrEmpty($contreport)){$contreport = "Y"} $contreport = $contreport.ToLower() if($contreport -ne "y"){ Write-VPASOutput -str "EXITING REPORT UTILITY" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } $AllPlatformIDs = Get-VPASAllPlatforms -token $token if(!$AllPlatformIDs){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORM IDS" -type E Write-Verbose "UNABLE TO QUERY PLATFORM IDS...RETURNING FALSE" return $false } $targetPlatformIDs = $AllPlatformIDs.Platforms } else{ $AllPlatformIDs = Get-VPASPlatformDetailsSearch -SearchQuery $SearchQuery -token $token if(!$AllPlatformIDs){ Write-VPASOutput -str "UNABLE TO QUERY PLATFORM IDS" -type E Write-Verbose "UNABLE TO QUERY PLATFORM IDS...RETURNING FALSE" return $false } if($WildCardSearch){ $targetPlatformIDs = $AllPlatformIDs.value } else{ foreach($rec in $AllPlatformIDs.value){ $recplatformid = $rec.general.id $recname = $rec.general.name if($recplatformid -eq $SearchQuery){ $targetPlatformIDs = $rec } } } } $Data = @{} $counter = 1 $uniqueIDs = @() Write-Verbose "QUERYING CYBERARK FOR PLATFORM ID(S) LINKED ACCOUNT(S)" foreach($rec in $targetPlatformIDs){ $platformID = $rec.general.id $PlatformDetails = Get-VPASPlatformDetails -platformID $platformID -token $token if(!$PlatformDetails){ Write-VPASOutput -str "UNABLE TO QUERY DETAILS FOR: $platformID...SKIPPING" -type M Write-Verbose "UNABLE TO QUERY DETAILS FOR: $platformID...SKIPPING" } else{ $temparr = @{} $CurPlatformID = $PlatformDetails.PlatformID $LogonAccountSafe = $PlatformDetails.Details.LogonAccountSafe $LogonAccountName = $PlatformDetails.Details.LogonAccountName $LogonAccountFolder = $PlatformDetails.Details.LogonAccountFolder $ReconcileAccountSafe = $PlatformDetails.Details.ReconcileAccountSafe $ReconcileAccountName = $PlatformDetails.Details.ReconcileAccountName $ReconcileAccountFolder = $PlatformDetails.Details.ReconcileAccountFolder $temparr = @{ PlatformID = $CurPlatformID LogonAccountSafe = $LogonAccountSafe LogonAccountName = $LogonAccountName LogonAccountFolder = $LogonAccountFolder ReconcileAccountSafe = $ReconcileAccountSafe ReconcileAccountName = $ReconcileAccountName ReconcileAccountFolder = $ReconcileAccountFolder } $label = "Record" + $counter $Data += @{ $label = $temparr } $counter+=1 } } $output = @() $keys = $Data.Keys foreach($key in $keys){ $temphash = @{} $keyPlatformID = $Data.$key.PlatformID $keyLogonAccountSafe = $Data.$key.LogonAccountSafe $keyLogonAccountName = $Data.$key.LogonAccountName $keyLogonAccountFolder = $Data.$key.LogonAccountFolder $keyReconcileAccountSafe = $Data.$key.ReconcileAccountSafe $keyReconcileAccountName = $Data.$key.ReconcileAccountName $keyReconcileAccountFolder = $Data.$key.ReconcileAccountFolder $temphash = @{ PlatformID = $keyPlatformID LogonAccountSafe = $keyLogonAccountSafe LogonAccountName = $keyLogonAccountName LogonAccountFolder = $keyLogonAccountFolder ReconcileAccountSafe = $keyReconcileAccountSafe ReconcileAccountName = $keyReconcileAccountName ReconcileAccountFolder = $keyReconcileAccountFolder } $output += $temphash } if($ReportFormat -eq "JSON" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformLinkedAccounts.json" $jsonoutput = $output | ConvertTo-Json Write-Output $jsonoutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING JSON FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING JSON FILE: $targetFile" } if($ReportFormat -eq "TXT" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformLinkedAccounts.txt" write-output "PLATFORM LINKED ACCOUNTS REPORT" | Set-Content $targetFile Write-Output "" | Add-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $str = "" $keyPlatformID = $Data.$key.PlatformID $keyLogonAccountSafe = $Data.$key.LogonAccountSafe $keyLogonAccountName = $Data.$key.LogonAccountName $keyLogonAccountFolder = $Data.$key.LogonAccountFolder $keyReconcileAccountSafe = $Data.$key.ReconcileAccountSafe $keyReconcileAccountName = $Data.$key.ReconcileAccountName $keyReconcileAccountFolder = $Data.$key.ReconcileAccountFolder $str += "PlatformID: $keyPlatformID`r`n" $str += "LogonAccountSafe: $keyLogonAccountSafe`r`n" $str += "LogonAccountName: $keyLogonAccountName`r`n" $str += "LogonAccountFolder: $keyLogonAccountFolder`r`n" $str += "ReconcileAccountSafe: $keyReconcileAccountSafe`r`n" $str += "ReconcileAccountName: $keyReconcileAccountName`r`n" $str += "ReconcileAccountFolder: $keyReconcileAccountFolder`r`n" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING TXT FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING TXT FILE: $targetFile" } if($ReportFormat -eq "CSV" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformLinkedAccounts.csv" write-output "PlatformID,LogonAccountSafe,LogonAccountName,LogonAccountFolder,ReconcileAccountSafe,ReconcileAccountName,ReconcileAccountFolder" | Set-Content $targetFile $keys = $Data.Keys foreach($key in $keys){ $keyPlatformID = $Data.$key.PlatformID $keyLogonAccountSafe = $Data.$key.LogonAccountSafe $keyLogonAccountName = $Data.$key.LogonAccountName $keyLogonAccountFolder = $Data.$key.LogonAccountFolder $keyReconcileAccountSafe = $Data.$key.ReconcileAccountSafe $keyReconcileAccountName = $Data.$key.ReconcileAccountName $keyReconcileAccountFolder = $Data.$key.ReconcileAccountFolder $str = "$keyPlatformID,$keyLogonAccountSafe,$keyLogonAccountName,$keyLogonAccountFolder,$keyReconcileAccountSafe,$keyReconcileAccountName,$keyReconcileAccountFolder" write-output $str | Add-Content $targetFile } if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING CSV FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING CSV FILE: $targetFile" } if($ReportFormat -eq "HTML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformLinkedAccounts.html" $htmloutput = $output | ConvertTo-Json $htmloutput = $htmloutput | ConvertFrom-Json $htmloutput = $htmloutput | ConvertTo-Html -As List Write-Output $htmloutput | Set-Content $targetFile if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING HTML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING HTML FILE: $targetFile" } if($ReportFormat -eq "XML" -or $ReportFormat -eq "ALL"){ $targetFile = "$OutputDirectory\PlatformLinkedAccounts.xml" $xmloutput = $output | ConvertTo-Json $xmloutput = $xmloutput | ConvertFrom-Json $XML = ConvertTo-Xml -As Stream -InputObject $xmloutput -Depth 3 -NoTypeInformation Out-File -FilePath $targetFile -InputObject $XML if(!$HideOutput){ Write-VPASOutput -str "FINISHED EXPORTING XML FILE: $targetFile" -type C } Write-Verbose "FINISHED EXPORTING XML FILE: $targetFile" } } return $true }catch{ Write-Verbose "UNABLE TO RUN REPORT...RETURNING FALSE" Write-VPASOutput -str "UNABLE TO RUN REPORT...RETURNING FALSE" -type E Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |