public/Get-VPASActiveSessionActivities.ps1
|
<#
.Synopsis GET ACTIVE SESSION ACTIVITIES CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET ACTIVE PSM SESSION ACTIVITIES .LINK https://vpasmodule.com/commands/Get-VPASActiveSessionActivities .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER ActiveSessionID Unique ID that maps to the target ActiveSession Supply the ActiveSessionID to skip any querying to find the target ActiveSession .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $GetActiveSessionActivitiesJSON = Get-VPASActiveSessionActivities -SearchQuery {SEARCHQUERY VALUE} .EXAMPLE $GetActiveSessionActivitiesJSON = Get-VPASActiveSessionActivities -ActiveSessionID {ACTIVE SESSION ID VALUE} .EXAMPLE $InputParameters = @{ SearchQuery = "DomainAdmin01" } $GetActiveSessionActivitiesJSON = Get-VPASActiveSessionActivities -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ ActiveSessionID = "31_24" } $GetActiveSessionActivitiesJSON = Get-VPASActiveSessionActivities -InputParameters $InputParameters .OUTPUTS If successful: { "Activities": [ { "ActivityText": "explorer.exe, Program Manager", "ActivityType": 3, "ActivityId": "87657", "Formats": "vid", "Offsets": "@{vid=00:00:06}" }, { "ActivityText": "notepad.exe, Untitled - Notepad", "ActivityType": 3, "ActivityId": "87658", "Formats": "vid", "Offsets": "@{vid=00:00:19}" }, { "ActivityText": "notepad.exe, Notepad", "ActivityType": 3, "ActivityId": "87659", "Formats": "vid", "Offsets": "@{vid=00:00:36}" } ], "Total": 3 } --- $false if failed #> function Get-VPASActiveSessionActivities{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Searchquery to find the target active PSM session (for example: DomainAdmin01)")] [String]$SearchQuery, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique ActiveSessionID of the target active PSM session (for example: 36_102)")] [String]$ActiveSessionID, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("SearchQuery") MandatoryKeys = @("SearchQuery") } set2 = @{ AcceptableKeys = @("ActiveSessionID") MandatoryKeys = @("ActiveSessionID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE ACTIVE SESSIONS" Write-VPASOutput -str $_ -type E return $false } try{ if([String]::IsNullOrEmpty($ActiveSessionID)){ Write-Verbose "NO ACTIVESESSIONID PROVIDED...INVOKING HELPER FUNCTION TO RETRIEVE UNIQUE ACTIVE SESSION ID BASED ON SPECIFIED PARAMETERS" $ActiveSessionID = Get-VPASActiveSessionIDHelper -token $token -SearchQuery $SearchQuery Write-Verbose "RETURNING ACTIVE SESSION ID" } else{ Write-Verbose "ACTIVE SESSION ID SUPPLIED, SKIPPING HELPER FUNCTION" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/API/livesessions/$ActiveSessionID/activities/" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/API/livesessions/$ActiveSessionID/activities/" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET ACTIVE SESSION ACTIVITIES" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |