public/Get-VPASAllPSMSessions.ps1
|
<#
.Synopsis GET ALL PSM SESSIONS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET ALL PSM SESSIONS .LINK https://vpasmodule.com/commands/Get-VPASAllPSMSessions .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER confirm Skip the confirmation prompt to continue regardless on the size of the environment .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $AllPSMSessionsJSON = Get-VPASAllPSMSessions .EXAMPLE $InputParameters = @{ confirm = $true|$false } $AllPSMSessionsJSON = Get-VPASAllPSMSessions -InputParameters $InputParameters .OUTPUTS If successful: { "Recordings": [ ... { "SessionID": "36_102", "SessionGuid": "kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89", "SafeName": "PSMRecordings", "FolderName": "Root", "IsLive": false, "FileName": "kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.session", "Start": 1712111269, "End": 1712111328, "Duration": 59, "User": "vadim@vman.com", "RemoteMachine": "192.168.111.111", "ProtectionDate": 0, "ProtectedBy": "", "ProtectionEnabled": false, "AccountUsername": "vmanda", "AccountPlatformID": "VadimWindowsDomain", "AccountAddress": "vman.com", "PIMSuCommand": "", "PIMSuCWD": "", "ConnectionComponentID": "PSM-RDP", "PSMRecordingEntity": "SessionRecording", "TicketID": "", "FromIP": "192.168.222.222", "Protocol": "RDP", "Client": "RDP", "RiskScore": -1, "Severity": "", "IncidentDetails": null, "RawProperties": "@{Address=vman.com; ConnectionComponentID=PSM-RDP; DeviceType=Operating System; EntityVersion=1.0; ExpectedRecordingsList=kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.WIN.txt,kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.VID.avi; PSMClientApp=mstsc.exe; PSMPasswordID=9; PSMProtocol=RDP; PSMRecordingEntity=SessionRecording; PSMRemoteMachine=192.168.111.111; PSMSafeID=68; PSMSourceAddress=192.168.222.222; PSMStartTime=1712111269; PSMStatus=Final; PSMVaultUserName=vadim@vman.com; PolicyID=VadimWindowsDomain; ProviderID=PSMApp_VmanCon01; UserName=vmanda; PSMEndTime=1712111328; ActualRecordings=kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.WIN.txt;187,kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.VID.avi;188; Safe=PSMRecordings; Folder=Root; Name=kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.session}", "RecordingFiles": " ", "RecordedActivities": "", "VideoSize": 1772412, "TextSize": 3048, "DetailsUrl": "recordingdetails.aspx?Data=qjwhefjkhwr789439rt8h4j3fj943mh093cmfcj8kfq43kjf093jmf03j0cfk83cmd587yn93f874y9t7473f734y875nt475" }, { "SessionID": "36_103", "SessionGuid": "kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89", "SafeName": "PSMRecordings", "FolderName": "Root", "IsLive": false, "FileName": "kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.session", "Start": 1712100199, "End": 1712100250, "Duration": 51, "User": "vadim@vman.com", "RemoteMachine": "192.168.111.111", "ProtectionDate": 0, "ProtectedBy": "", "ProtectionEnabled": false, "AccountUsername": "vmanda", "AccountPlatformID": "VadimWindowsDomain", "AccountAddress": "vman.com", "PIMSuCommand": "", "PIMSuCWD": "", "ConnectionComponentID": "PSM-RDP", "PSMRecordingEntity": "SessionRecording", "TicketID": "", "FromIP": "192.168.222.222", "Protocol": "RDP", "Client": "RDP", "RiskScore": -1, "Severity": "", "IncidentDetails": null, "RawProperties": "@{Address=vman.com; ConnectionComponentID=PSM-RDP; DeviceType=Operating System; EntityVersion=1.0; ExpectedRecordingsList=kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.WIN.txt,kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.VID.avi; PSMClientApp=mstsc.exe; PSMPasswordID=9; PSMProtocol=RDP; PSMRecordingEntity=SessionRecording; PSMRemoteMachine=192.168.111.111; PSMSafeID=68; PSMSourceAddress=192.168.222.222; PSMStartTime=1712100199; PSMStatus=Final; PSMVaultUserName=vadim@vman.com; PolicyID=VadimWindowsDomain; ProviderID=PSMApp_VmanCon01; UserName=vmanda; PSMEndTime=1712100250; ActualRecordings=kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.WIN.txt;184,kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.VID.avi;185; Safe=PSMRecordings; Folder=Root; Name=kajshd7389-zxcv-asdf-qwer-4238746kjwdfhs89.session}", "RecordingFiles": " ", "RecordedActivities": "", "VideoSize": 1691132, "TextSize": 3048, "DetailsUrl": "recordingdetails.aspx?Data=je784o94kfg0ek67y8ke04958yefn5i847yjt78j4eo78t4jy5o7mt458yntd9285m70ws8k20348jytf4597fho94hmnoy9875mh49e87mh4o85d0wl89l509d38k45t983f54" }, ... ], "Total": 37 } --- $false if failed #> function Get-VPASAllPSMSessions{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [switch]$confirm, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("confirm") MandatoryKeys = @() } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE PSM SESSIONS" Write-VPASOutput -str $_ -type E return $false } if(!$confirm){ Write-VPASOutput -str "This command will query against ALL PSMSessions, depending on retention period and environment size, this could take some time..." -type M Write-VPASOutput -str "Consider running `"Get-VPASPSMSessions`" command to limit the return size via search query and/or a timeframe" -type M Write-VPASOutput -str "Continue? (Y/N) [Y]: " -type Y $cont = Read-Host if([String]::IsNullOrEmpty($cont)){$cont = "Y"} $cont = $cont.ToLower() if($cont -ne "y"){ Write-VPASOutput -str "EXITING COMMAND" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } } try{ $apiLimit = 1000 if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/recordings?limit=$apiLimit" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/recordings?limit=$apiLimit" } Write-Verbose "SETTING URI: $uri" $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY $curcount = $response.Total $curtotal = $curcount $curItems = $response.Recordings while($curcount -eq $apiLimit){ $LastStartTime = $response.Recordings[$apiLimit-1].start + 1 $TempEndTime = $LastStartTime - 31556926 if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/api/recordings?limit=$apiLimit&FromTime=$TempEndTime&ToTime=$LastStartTime" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/api/recordings?limit=$apiLimit&FromTime=$TempEndTime&ToTime=$LastStartTime" } Write-Verbose "SETTING URI: $uri" $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY $curcount = $response.Total $curtotal += $curcount $curItems += $response.Recordings } $response.Recordings = $curItems $response.Total = $curtotal Write-Verbose "RETURNING JSON OBJECT" return $response }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET ALL PSM SESSIONS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |