public/Get-VPASDiscoveredAccounts.ps1
|
<#
.Synopsis GET DISCOVERED ACCOUNTS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO GET DISCOVERED ACCOUNTS IN THE PENDING SAFE LIST .LINK https://vpasmodule.com/commands/Get-VPASDiscoveredAccounts .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER SearchQuery Search string to find target resource via username, address, safe, platform, etc. Comma separated for multiple fields, or to search all pass a blank value like so: " " .PARAMETER PlatformType Limit the scope of accounts returned based on PlatformType Possible values: Windows Server Local, Windows Desktop Local, Windows Domain, Unix, Unix SSH Key, AWS, AWS Access Keys, Azure Password Management .PARAMETER Privileged Limit the scope of accounts returned based on Privileged status Possible values: true, false .PARAMETER Enabled Limit the scope of accounts returned based in account status Possible values: true, false .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $DiscoveredAccountsJSON = Get-VPASDiscoveredAccounts -SearchQuery {SEARCHQUERY VALUE} .EXAMPLE $InputParameters = @{ SearchQuery = "domainadmin01" PlatformType = "Windows Server Local"|"Windows Desktop Local"|"Windows Domain"|"Unix"|"Unix SSH Key"|"AWS"|"AWS Access Keys"|"Azure Password Management" Privileged = "true"|"false" Enabled = "true"|"false" } $DiscoveredAccountsJSON = Get-VPASDiscoveredAccounts -InputParameters $InputParameters .OUTPUTS If successful: { "count": 1, "value": [ { "id": "19_15", "name": "vman.com-vmanda-aa06b546-f19d-4716-a89b-d3bedfbb6858", "userName": "vmanda", "address": "vman.com", "discoveryDateTime": 1724216092, "accountEnabled": true, "osGroups": "Administrators, Remote Desktop Users", "platformType": "Windows Domain", "domain": "vman.com", "lastLogonDateTime": 1724213492, "lastPasswordSetDateTime": 1718764060, "passwordNeverExpires": true, "osVersion": "Windows Server 2022 Standard Evaluation", "privileged": true, "userDisplayName": "vmanda", "passwordExpirationDateTime": 0, "osFamily": "Server", "organizationalUnit": "CN=vmanda,CN=Users,DC=vman,DC=com", "additionalProperties": "@{AccountType=Domain; CreationMethod=AutoDetected}", "platformTypeAccountProperties": "@{SID=S-1-5-21-859712872-1750767134-752027284-1104}", "numberOfDependencies": 0 } ] } --- $false if failed #> function Get-VPASDiscoveredAccounts{ [OutputType([bool],'System.Collections.Hashtable')] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter wildcard search to query for target Discovered Accounts")] [String]$SearchQuery, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [ValidateSet('Windows Server Local','Windows Desktop Local','Windows Domain','Unix','Unix SSH Key','AWS','AWS Access Keys','Azure Password Management')] [String]$PlatformType, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [ValidateSet('true','false')] [String]$Privileged, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [ValidateSet('true','false')] [String]$Enabled, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("SearchQuery","PlatformType","Privileged","Enabled") MandatoryKeys = @("SearchQuery") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE DISCOVERED ACCOUNTS" Write-VPASOutput -str $_ -type E return $false } try{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/passwordvault/api/DiscoveredAccounts?offset=0&limit=1000&search=$searchQuery" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/passwordvault/api/DiscoveredAccounts?offset=0&limit=1000&search=$searchQuery" } if(![String]::IsNullOrEmpty($PlatformType) -or ![String]::IsNullOrEmpty($Privileged) -or ![String]::IsNullOrEmpty($Enabled)){ $uri += "&filter=" $numparams = 0 if(![String]::IsNullOrEmpty($PlatformType)){ if($numparams -eq 0){ $uri += "platformType eq $PlatformType" $numparams += 1 } else{ $uri += " AND platformType eq $PlatformType" $numparams += 1 } } if(![String]::IsNullOrEmpty($Privileged)){ if($numparams -eq 0){ $uri += "privileged eq $Privileged" $numparams += 1 } else{ $uri += " AND privileged eq $Privileged" $numparams += 1 } } if(![String]::IsNullOrEmpty($Enabled)){ if($numparams -eq 0){ $uri += "accountEnabled eq $Enabled" $numparams += 1 } else{ $uri += "AND accountEnabled eq $Enabled" $numparams += 1 } } } $output = @{ count = 0 value = "" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD write-verbose "MAKING API CALL TO CYBERARK" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output.count = $response.count $output.value = $response.value $nextlink = $response.nextLink while(![String]::IsNullOrEmpty($nextlink)){ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$PVWA/PasswordVault/$nextlink" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$PVWA/PasswordVault/$nextlink" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD if($sessionval){ $newresponse = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval } else{ $newresponse = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" } $output.count = $newresponse.count $output.value += $newresponse.value $nextlink = $newresponse.nextLink } $result = $output $outputlog = $result | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURNARRAY Write-Verbose "RETURNING JSON OBJECT" return $result }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNABLE TO GET DISCOVERED ACCOUNTS FOR SEARCHQUERY: $SearchQuery" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |