-
-
Notifications
You must be signed in to change notification settings - Fork 91
/
Add-PASPTARule.ps1
116 lines (85 loc) · 2.4 KB
/
Add-PASPTARule.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
Function Add-PASPTARule {
<#
.SYNOPSIS
Adds a new Risky Activity rule to PTA
.DESCRIPTION
Adds a new Risky Activity rule in the PTA server configuration.
.PARAMETER category
The Category of the risky activity
Valid values: SSH, WINDOWS, SCP, KEYSTROKES or SQL
.PARAMETER regex
Risky activity in regex form.
Must support all characters (including "/" and escaping characters)
.PARAMETER score
Activity score.
Number must be between 1 and 100
.PARAMETER description
Activity description.
The field is mandatory but can be empty
.PARAMETER response
Automatic response to be executed
Valid Values: NONE, TERMINATE or SUSPEND
.PARAMETER active
Indicate if the rule should be active or disbaled
.EXAMPLE
Add-PASPTARule -category KEYSTROKES -regex '(*.)risky command(.*)' -score 60 -description "Example Rule" -response NONE -active $true
Adds a new rule to PTA
.NOTES
Minimum Version CyberArk 10.4
#>
[CmdletBinding()]
param(
[parameter(
Mandatory = $true,
ValueFromPipelinebyPropertyName = $true
)]
[ValidateSet("SSH", "WINDOWS", "SCP", "KEYSTROKES", "SQL")]
[string]$category,
[parameter(
Mandatory = $true,
ValueFromPipelinebyPropertyName = $true
)]
[string]$regex,
[parameter(
Mandatory = $true,
ValueFromPipelinebyPropertyName = $true
)]
[ValidateRange(1, 100)]
[int]$score,
[parameter(
Mandatory = $true,
ValueFromPipelinebyPropertyName = $true
)]
[string]$description,
[parameter(
Mandatory = $true,
ValueFromPipelinebyPropertyName = $true
)]
[ValidateSet("NONE", "TERMINATE", "SUSPEND")]
[string]$response,
[parameter(
Mandatory = $true,
ValueFromPipelinebyPropertyName = $true
)]
[boolean]$active
)
BEGIN {
$MinimumVersion = [System.Version]"10.4"
}#begin
PROCESS {
Assert-VersionRequirement -ExternalVersion $Script:ExternalVersion -RequiredVersion $MinimumVersion
#Get all parameters that will be sent in the request
$boundParameters = $PSBoundParameters | Get-PASParameter
#Create URL for Request
$URI = "$Script:BaseURI/API/pta/API/Settings/RiskyActivity/"
#Create body of request
$body = $boundParameters | ConvertTo-Json
#send request to PAS web service
$result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -WebSession $Script:WebSession
if($result) {
#Return Results
$result | Add-ObjectDetail -typename "psPAS.CyberArk.Vault.PTA.Rule"
}
}#process
END {}#end
}