This repository has been archived by the owner on Nov 8, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Get-All-TDRs.ps1
58 lines (48 loc) · 1.99 KB
/
Get-All-TDRs.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<#
.SYNOPSIS
Downloads a number of Cylance console's TDR reports and converts them into Excel.
.DESCRIPTION
Downloads a pre-configured list of of Cylance console's TDR reports and converts them into Excel.
Configure "Consoles.json" in the TDR path with your console data; e.g.
.PARAMETER TDRPath
Optional, the base path to store the TDR data. Defaults to $HOME\TDRs (use symoblic links!)
.PARAMETER DefaultTDRUrl
Optional. When no TDR URL is specified in the console profile, use this default TDR URL (default = EUC1 shard)
.PARAMETER ConsoleId
Optional. Name of a particular console to retrieve.
.NOTES
.LINK
Blog: http://tietze.io/
Jan Tietze
#>
[CmdletBinding()]
Param (
[parameter(Mandatory=$False)]
[ValidateScript({Test-Path $_ -PathType Container })]
[String]$TDRPath = "$($HOME)\TDRs",
[parameter(Mandatory=$False)]
[String]$DefaultTDRUrl = "https://protect-euc1.cylance.com/Reports/ThreatDataReportV1/",
[parameter(Mandatory=$False)]
[String]$ConsoleId = ""
)
Import-Module CyCLI
try {
$Consoles = Get-CyConsoleConfig
} catch {
Write-Error "There was an error parsing or accessing the console JSON file: $($TDRPath)\Consoles.json"
break
}
if ([String]::Empty -eq $ConsoleId) {
ForEach ($Console in ($Consoles | Where "AutoRetrieve" -ne $false)) {
Write-Host "Retrieving console $($Console.ConsoleId)..."
$TDRUrl = if (([String]::Empty -eq $Console.TDRUrl) -or ($Console.TDRUrl -eq $null)) { $DefaultTDRUrl } else { $Console.TDRUrl }
Get-CyTDRs -TDRPath $TDRPath -Id $Console.ConsoleId -AccessToken $Console.Token -TDRUrl $TDRUrl
}
} else {
$Consoles |
Where ConsoleId -eq $ConsoleId | ForEach-Object {
Write-Host "Retrieving console $($_.ConsoleId)..."
$TDRUrl = if (([String]::Empty -eq $_.TDRUrl) -or ($_.TDRUrl -eq $null)) { $DefaultTDRUrl } else { $_.TDRUrl }
Get-CyTDRs -TDRPath $TDRPath -Id $_.ConsoleId -AccessToken $_.Token -TDRUrl $TDRUrl
}
}