A PowerShell module for interfacing with the Darktrace Mail API
PS> Install-Module PSDarktraceMail
PS> Import-Module PSDarktraceMail
PS> Connect-DarktraceMail -ServerUri "https://<your appliance uri>" -Credential $(Get-Credential)
Enter the Token in the username and Private Token in the password
PS> # Save credentials
PS> Get-Credential | Export-CliXml "$($ENV:USERPROFILE)\darktrace.xml"
PS> # Use those save credentials (same computer, same windows session)
PS> Connect-DarktraceMail -ServerUri "https://<your appliance uri>" -Credential $(Import-Clixml "$($ENV:USERPROFILE)\darktrace.xml")
Search holded mails with sender address containing "scammer" up to 4 days ago
PS> $results = Search-DarktraceMail -StartDate $(get-date).AddDays(-4) -SenderFilter "scammer" -HoldedOnly
Search all mails up to 3 days ago
PS> $others = Search-DarktraceMail -StartDate $(get-date).AddDays(-3)
Advanced Options:
- Specify the
-StartDate
value for the starting date. - Specify the
-EndDate
value for the ending date. - Specify the
-SenderFilter
value for sender filtering (contains). - Specify the
-RecipientFilter
value for recipient filtering (contains). - Specify the
-HoldedOnly
flag to retrieve holder messages only.
From pipeline
PS> $message = "E8CF7E71-8F00-47BE-94A8-CF71D0FF8F3C.1" | Get-DarktraceMail
PS> $path = $($ENV:TMP)
PS> $message | Save-DarktraceMail -Path $path
PS> # or through UUID
PS> "E8CF7E71-8F00-47BE-94A8-CF71D0FF8F3C.1" | Save-DarktraceMail -Path $path
PS> $message | Unblock-DarktraceMail
PS> $message | Block-DarktraceMail