diff --git a/.gitignore b/.gitignore index b3313ca..ad6aa91 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ build/ tests/ +MdatpPwsh.dll-Help.xml + .DS_Store # User-specific files diff --git a/BuildModule.ps1 b/BuildModule.ps1 index 0f5d0af..cc2a727 100644 --- a/BuildModule.ps1 +++ b/BuildModule.ps1 @@ -8,6 +8,14 @@ $ScriptLocation = $PSScriptRoot $csProjectDir = [System.IO.Path]::Combine($ScriptLocation, "src\") $csProjectPublishDir = [System.IO.Path]::Combine($csProjectDir, "bin\", "Debug\", "netstandard2.1\", "publish\") +$helpDocsDir = [System.IO.Path]::Combine($ScriptLocation, "help-docs\") +$enusHelpDocs = [System.IO.Path]::Combine($helpDocsDir, "locale\", "en-us\") +$compiledHelpDir = [System.IO.Path]::Combine($helpDocsDir, "compiled\") +$compiledHelpFile = [System.IO.Path]::Combine($compiledHelpDir, "MdatpPwsh.dll-Help.xml") + +Import-Module -Name "platyPS" +New-ExternalHelp -Path $enusHelpDocs -OutputPath $compiledHelpDir -Force + $buildDir = [System.IO.Path]::Combine($ScriptLocation, "build\") $buildModuleDir = [System.IO.Path]::Combine($buildDir, "mdatp-pwsh\") @@ -18,7 +26,8 @@ $filesToCopy = [System.Collections.Generic.List[string[]]]@( ([System.IO.Path]::Combine($ScriptLocation, "module-manifest\", "mdatp-pwsh.psd1")), ([System.IO.Path]::Combine($csProjectPublishDir, "MdatpPwsh.dll")), ([System.IO.Path]::Combine($csProjectPublishDir, "Microsoft.Identity.Client.dll")), - ([System.IO.Path]::Combine($csProjectPublishDir, "System.Text.Json.dll")) + ([System.IO.Path]::Combine($csProjectPublishDir, "System.Text.Json.dll")), + $compiledHelpFile ) Push-Location -Path $csProjectDir diff --git a/help-docs/locale/en-us/Add-DatpMachineTag.md b/help-docs/locale/en-us/Add-DatpMachineTag.md new file mode 100644 index 0000000..b836e7c --- /dev/null +++ b/help-docs/locale/en-us/Add-DatpMachineTag.md @@ -0,0 +1,74 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Add-DatpMachineTag + +## SYNOPSIS +Add a tag to a machine. + +## SYNTAX + +``` +Add-DatpMachineTag [-MachineId] [-TagName] [] +``` + +## DESCRIPTION +Add a tag to a machine in Defender for Endpoint. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Add-DatpMachineTag -MachineId "comp-01.contoso.com" -TagName "TestTag-01" +``` + +Add a tag to the machine 'comp-01.contoso.com' with the name 'TestTag-01'. + +## PARAMETERS + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TagName +The name of the tag to add. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.Machine +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Connect-DatpGraph.md b/help-docs/locale/en-us/Connect-DatpGraph.md new file mode 100644 index 0000000..5b55d12 --- /dev/null +++ b/help-docs/locale/en-us/Connect-DatpGraph.md @@ -0,0 +1,37 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Connect-DatpGraph + +## SYNOPSIS +Connect to the Defender for Endpoint API. + +## SYNTAX + +``` +Connect-DatpGraph [] +``` + +## DESCRIPTION +Initiates the authentication process to connect to the Defender for Endpoint API. + +## EXAMPLES + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### None +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpAlert.md b/help-docs/locale/en-us/Get-DatpAlert.md new file mode 100644 index 0000000..2d5fdc2 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpAlert.md @@ -0,0 +1,88 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpAlert + +## SYNOPSIS +Get an alert or alerts from Defender for Endpoint. + +## SYNTAX + +### ListAlerts +``` +Get-DatpAlert [[-AlertStatus] ] [] +``` + +### GetAlert +``` +Get-DatpAlert [[-AlertId] ] [] +``` + +## DESCRIPTION +Get an alert or all alerts of a specific status from the Defender for Endpoint API. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpAlert -AlertId "da123456789123456_1234567890" +``` + +Get an alert by a specific AlertID. + +### Example 2 +```powershell +PS C:\> Get-DatpAlert -AlertStatus "New" +``` + +Get all alerts with the status of "New". + +## PARAMETERS + +### -AlertId +The ID of an alert generated by Defender for Endpoint. + +```yaml +Type: String +Parameter Sets: GetAlert +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlertStatus +The current status of the alerts to get. + +```yaml +Type: AlertStatus +Parameter Sets: ListAlerts +Aliases: +Accepted values: InProgress, New, Resolved, Unknown + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Alert[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainRelated.md b/help-docs/locale/en-us/Get-DatpDomainRelated.md new file mode 100644 index 0000000..10f1248 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpDomainRelated.md @@ -0,0 +1,75 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpDomainRelated + +## SYNOPSIS +Get machines or alerts that have interacted with a web domain. + +## SYNTAX + +``` +Get-DatpDomainRelated [-DomainName] [[-Type] ] [] +``` + +## DESCRIPTION +Get machines or alerts that have interacted with a web domain. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpDomainRelated -DomainName "www.reddit.com" -Type Machines +``` + +Get all machines that have made contact with 'www.reddit.com'. + +## PARAMETERS + +### -DomainName +The web domain name to search for. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Type +The type of objects to return. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Alerts, Machines + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Machine[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainStats.md b/help-docs/locale/en-us/Get-DatpDomainStats.md new file mode 100644 index 0000000..455706c --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpDomainStats.md @@ -0,0 +1,59 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpDomainStats + +## SYNOPSIS +Get the stats of a domain in Defender for Endpoint. + +## SYNTAX + +``` +Get-DatpDomainStats [-DomainName] [] +``` + +## DESCRIPTION +Get the stats of a domain in Defender for Endpoint with how often it has been seen in your organization and worldwide. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpDomainStats -DomainName "www.reddit.com" +``` + +Get the stats of how prevalent 'www.reddit.com' is. + +## PARAMETERS + +### -DomainName +The domain name to get stats for. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.DomainStats +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md new file mode 100644 index 0000000..da9cf3a --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -0,0 +1,59 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFile + +## SYNOPSIS +Get a file seen by Defender for Endpoint. + +## SYNTAX + +``` +Get-DatpFile [-FileIdentifier] [] +``` + +## DESCRIPTION +Get information about a file that has been by Defender for Endpoint. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpFile -FileIdentifier "36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2" +``` + +Get information about a file with a SHA256 hash of '36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2'. + +## PARAMETERS + +### -FileIdentifier +The SHA1 or SHA256 hash of the file. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.FileProperties +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md new file mode 100644 index 0000000..9672c4c --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -0,0 +1,61 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFileAlerts + +## SYNOPSIS +Get alerts related to a file identifier. + +## SYNTAX + +``` +Get-DatpFileAlerts [-FileIdentifier] [] +``` + +## DESCRIPTION +Get alerts seen in your organization related to a file's SHA1 hash. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpFileAlerts -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" +``` + +Getting alerts triggered by the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". + +## PARAMETERS + +### -FileIdentifier +The SHA1 hash of the file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Alert[] +## NOTES + +SHA256 hashes are not supported in the 'FileIdentifier' parameter. + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md new file mode 100644 index 0000000..9b8724d --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -0,0 +1,61 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFileMachines + +## SYNOPSIS +Get machines that have seen a file. + +## SYNTAX + +``` +Get-DatpFileMachines [-FileIdentifier] [] +``` + +## DESCRIPTION +Get machines that have been registered to have seen a file's SHA1 hash. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpFileMachines -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" +``` + +Get machines that have seen the file with the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". + +## PARAMETERS + +### -FileIdentifier +The SHA1 hash of the file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Machine[] +## NOTES + +SHA256 hashes are not supported in the 'FileIdentifier' parameter. + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md new file mode 100644 index 0000000..7f1f13d --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -0,0 +1,61 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFileStats + +## SYNOPSIS +Get the stats of a file. + +## SYNTAX + +``` +Get-DatpFileStats [-FileIdentifier] [] +``` + +## DESCRIPTION +Get stats on a file with how much it has been seen in your organization and worldwide. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpFileStats -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" +``` + +Get stats about a file with a SHA1 hash of 'eec6ebcbd8f725cfbd38240197f6b8e03d9d6139'. + +## PARAMETERS + +### -FileIdentifier +The SHA1 hash of the file. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.FileStats +## NOTES + +SHA256 hashes are not supported in the 'FileIdentifier' parameter. + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md new file mode 100644 index 0000000..8b48706 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -0,0 +1,88 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachine + +## SYNOPSIS +Get a machine from Defender for Endpoint. + +## SYNTAX + +### SingleMachine +``` +Get-DatpMachine [[-MachineId] ] [] +``` + +### AllMachines +``` +Get-DatpMachine [-AllMachines] [] +``` + +## DESCRIPTION +Get a machine or all machines that have been onboarded to Defender for Endpoint. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpMachine -MachineId "comp-01.contoso.com" +``` + +Get a machine by using it's fully qualified domain name (FQDN). + +### Example 2 +```powershell +PS C:\> Get-DatpMachine -AllMachines +``` + +Get all machines onboarded to your environment. + +## PARAMETERS + +### -AllMachines +Get all machines. + +```yaml +Type: SwitchParameter +Parameter Sets: AllMachines +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: SingleMachine +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.Machine +### MdatpPwsh.Models.Machine[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md new file mode 100644 index 0000000..15606c6 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -0,0 +1,88 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineAction + +## SYNOPSIS +Get the status of an action performed on a machine. + +## SYNTAX + +### SingleActivity +``` +Get-DatpMachineAction [[-ActivityId] ] [] +``` + +### AllActivities +``` +Get-DatpMachineAction [-AllActivities] [] +``` + +## DESCRIPTION +Get the status and details about an action that was performed on a machine through Defender for Endpoint. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpMachineAction -ActivityId "460e2875-7f91-4c32-8add-4a7b78f13254" +``` + +Get details of a specific action performed on a machine. + +### Example 2 +```powershell +PS C:\> Get-DatpMachineAction -AllActivities +``` + +Get all machine actions performed. + +## PARAMETERS + +### -ActivityId +The Activity ID for the action. + +```yaml +Type: String +Parameter Sets: SingleActivity +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AllActivities +Get all activities created. + +```yaml +Type: SwitchParameter +Parameter Sets: AllActivities +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String +## OUTPUTS + +### MdatpPwsh.Models.ActivityResponse +### MdatpPwsh.Models.ActivityResponse[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md new file mode 100644 index 0000000..308fb86 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineAlerts + +## SYNOPSIS +Get alerts triggered by a machine. + +## SYNTAX + +``` +Get-DatpMachineAlerts [-MachineId] [] +``` + +## DESCRIPTION +Get alerts triggered by a machine. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpMachineAlerts -MachineId "comp-01.contoso.edu" +``` + +Get alerts triggered on a specific machine. + +## PARAMETERS + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.Alert +### MdatpPwsh.Models.Alert[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md new file mode 100644 index 0000000..8f4d027 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineUsers + +## SYNOPSIS +Get users that have logged onto a machine. + +## SYNTAX + +``` +Get-DatpMachineUsers [-MachineId] [] +``` + +## DESCRIPTION +Get all of the user who have logged onto a machine interactively or through the network. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpMachineUsers -MachineId "comp-01.contoso.com" +``` + +Get all of the users for a specific machine. + +## PARAMETERS + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.User +### MdatpPwsh.Models.User[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpSessionClient.md b/help-docs/locale/en-us/Get-DatpSessionClient.md new file mode 100644 index 0000000..59ea35d --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpSessionClient.md @@ -0,0 +1,37 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpSessionClient + +## SYNOPSIS +Get the raw client used for sending API calls. + +## SYNTAX + +``` +Get-DatpSessionClient [] +``` + +## DESCRIPTION +Get the client that has been stored in your session for sending API calls. This client can be used to send custom API calls and can also be used for troubleshooting issues with the cmdlets. + +## EXAMPLES + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Session.DatpSessionClient +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md new file mode 100644 index 0000000..8104295 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpUserAlerts + +## SYNOPSIS +Get alerts triggered by a user. + +## SYNTAX + +``` +Get-DatpUserAlerts [-UserName] [] +``` + +## DESCRIPTION +Get alerts triggered by a user. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpUserAlerts -UserName "contoso\jwinger01" +``` + +Get all alerts that were triggered by a specific user. + +## PARAMETERS + +### -UserName +The username to search for. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Alert +### MdatpPwsh.Models.Alert[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md new file mode 100644 index 0000000..4396fdb --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -0,0 +1,59 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpUserMachines + +## SYNOPSIS +Get machines a user has logged into. + +## SYNTAX + +``` +Get-DatpUserMachines [-UserName] [] +``` + +## DESCRIPTION +Get machines a user has logged into. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Get-DatpUserMachines -UserName "jwinger01" +``` + +Get all of the machines a specific user has logged into. + +## PARAMETERS + +### -UserName +The username to search for. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Machine[] +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md new file mode 100644 index 0000000..a64c706 --- /dev/null +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -0,0 +1,76 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Out-DatpInvestigationPkg + +## SYNOPSIS +Save an investigation package. + +## SYNTAX + +``` +Out-DatpInvestigationPkg [-ActivityId] [-FolderPath] [] +``` + +## DESCRIPTION +Save an investigation package that has been collected through Defender for Endpoint. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> $pkgCollection = Start-DatpInvestigationPkgCollection -MachineId "comp-01.contoso.com" -Comment "Collecting investigation package." + +PS C:\> Out-DatpInvestigationPkg -ActivityId $pkgCollection.ActivityId -FolderPath ".\" +``` + +Start a package collection on a machine and then save it to your local machine. + +## PARAMETERS + +### -ActivityId +The Activity ID for the "Collect investigation package" action. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FolderPath +The folder path to save the package to. + +```yaml +Type: DirectoryInfo +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### System.IO.FileInfo +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md new file mode 100644 index 0000000..d8328a0 --- /dev/null +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -0,0 +1,74 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Remove-DatpMachineTag + +## SYNOPSIS +Remove a tag from a machine. + +## SYNTAX + +``` +Remove-DatpMachineTag [-MachineId] [-TagName] [] +``` + +## DESCRIPTION +Remove a tag from a machine. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Remove-DatpMachineTag -MachineId "comp-01.contoso.com" -TagName "TestTag-01" +``` + +Remove a tag from the machine 'comp-01.contoso.com' with the name 'TestTag-01'. + +## PARAMETERS + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TagName +The name of the tag to remove. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.Machine +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpMachineIsolation.md b/help-docs/locale/en-us/Set-DatpMachineIsolation.md new file mode 100644 index 0000000..7c053ec --- /dev/null +++ b/help-docs/locale/en-us/Set-DatpMachineIsolation.md @@ -0,0 +1,98 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Set-DatpMachineIsolation + +## SYNOPSIS +Set a machine to be isolated or to be released from isolation. + +## SYNTAX + +``` +Set-DatpMachineIsolation [-MachineId] [-Comment] [-IsolationType] + [] +``` + +## DESCRIPTION +Set a machine to be isolated with a full or selective isolation or release a machine from isolation. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Set-DatpMachineIsolation -MachineId "comp-01.contoso.com" -IsolationType "Full Isolation" -Comment "Laterally moving malware was found on this machine." +``` + +Set the machine 'comp-01.contoso.com' to be in a "Full Isolation" mode. + +### Example 2 +```powershell +PS C:\> Set-DatpMachineIsolation -MachineId "employee-comp-00.contoso.com" -IsolationType "Release Isolation" -Comment "Machine has been fully investigated. No malicious indicators were found." +``` + +Set the machine 'employee-comp-00.contoso.com' to be released from isolation. + +## PARAMETERS + +### -Comment +A message explaining why the action must be done. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsolationType +The type of isolation to perform on the machine. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Full Isolation, Selective Isolation, Release Isolation + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.ActivityResponse +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md new file mode 100644 index 0000000..4ce81d9 --- /dev/null +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -0,0 +1,74 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Set-DatpModuleConfig + +## SYNOPSIS +Set the configuration for the module to use for authentication. + +## SYNTAX + +``` +Set-DatpModuleConfig [-PublicClientAppId] [-TenantId] [] +``` + +## DESCRIPTION +Set the configuration for the module to use for authentication. This will require information related to your Azure AD tenant. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Set-DatpModuleConfig -PublicClientAppID "02f0f9c2-73a5-4952-895b-86e518c14dbf" -TenantId "e51020fe-9fbc-4a4b-9e8d-16dac9fcd6b4" +``` + +Set the module config to use the specified app and tenant ID for Azure AD. + +## PARAMETERS + +### -PublicClientAppId +The ClientID for the registered Azure AD app in your tenant. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantId +The ID for your Azure AD tenant. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### MdatpPwsh.Models.Core.DatpModuleConfig +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md new file mode 100644 index 0000000..46dff16 --- /dev/null +++ b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md @@ -0,0 +1,74 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Start-DatpInvestigationPkgCollection + +## SYNOPSIS +Start the investigation package collection process on a machine. + +## SYNTAX + +``` +Start-DatpInvestigationPkgCollection [-MachineId] [-Comment] [] +``` + +## DESCRIPTION +Start the investigation package collection process on a machine. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Start-DatpInvestigationPkgCollection -MachineId "comp-01.contoso.com" -Comment "Collecting investigation package." +``` + +Start a package collection on a machine. + +## PARAMETERS + +### -Comment +A message explaining why the action must be done. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.ActivityResponse +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md new file mode 100644 index 0000000..1db94ea --- /dev/null +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -0,0 +1,99 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Start-DatpMachineScan + +## SYNOPSIS +Start a scan on a machine. + +## SYNTAX + +``` +Start-DatpMachineScan [-MachineId] [[-ScanType] ] [-Comment] [] +``` + +## DESCRIPTION +Start a quick or full scan on a machine. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> Start-DatpMachineScan -MachineId "comp-01.constoso.com" -ScanType Quick -Comment "Running quick scan on machine" +``` + +Start a quick scan on a machine. + +### Example 2 +```powershell +PS C:\> $scanAction = Start-DatpMachineScan -MachineId "comp-01.constoso.com" -ScanType Full -Comment "Running a full scan on machine" + +PS C:\> $scanAction | Get-DatpMachineAction +``` + +Start a full scan on a machine and save the action object to a variable. Then use that action object as a pipeline input to 'Get-DatpMachineAction' to monitor the progress of the scan. + +## PARAMETERS + +### -Comment +A message explaining why the action must be done. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +The ID or the FQDN of the machine. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ScanType +The type of scan to perform. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Quick, Full + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] +## OUTPUTS + +### MdatpPwsh.Models.ActivityResponse +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Update-DatpAlert.md b/help-docs/locale/en-us/Update-DatpAlert.md new file mode 100644 index 0000000..a767a12 --- /dev/null +++ b/help-docs/locale/en-us/Update-DatpAlert.md @@ -0,0 +1,141 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Update-DatpAlert + +## SYNOPSIS +Update an alert. + +## SYNTAX + +``` +Update-DatpAlert [-AlertId] [-Status] [-AssignedTo] + [-Classification] [-Determination] [-Comment] + [] +``` + +## DESCRIPTION +Update an alert with details in Defender for Endpoint. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> $alert = Get-DatpAlert -AlertId "da123456789123456_1234567890" + +PS C:\> $alert | Update-DatpAlert -Status Resolved -AssignedTo "bperry@contoso.com" -Classification FalsePositive -Determination Other -Comment "Blaming A Bridge Collapse On A School Is Like Me Blaming Owls For How Much I Suck At Analogies." +``` + +Get an alert and pipe it into 'Update-DatpAlert' to set the status to resolved, assign it to 'bperry@contoso.com', classify it as a false positive, set the determination to other, and add a comment to the alert. + +## PARAMETERS + +### -AlertId +The ID of the alert. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AssignedTo +The UserPrincipalName (UPN) of the security personnel assigned to the alert. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Classification +The classification of the alert. + +```yaml +Type: AlertClassification +Parameter Sets: (All) +Aliases: +Accepted values: Unknown, FalsePositive, TruePositive + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Comment +A message describing why the alert was updated. + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 5 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Determination +The determination reason for why an alert was updated. + +```yaml +Type: AlertDetermination +Parameter Sets: (All) +Aliases: +Accepted values: NotAvailable, Apt, Malware, SecurityPersonnel, SecurityTesting, UnwantedSoftware, Other + +Required: True +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Status +The status of the alert. + +```yaml +Type: AlertStatus +Parameter Sets: (All) +Aliases: +Accepted values: InProgress, New, Resolved, Unknown + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/module-manifest/mdatp-pwsh.psd1 b/module-manifest/mdatp-pwsh.psd1 index 3c1d807..f1255da 100644 --- a/module-manifest/mdatp-pwsh.psd1 +++ b/module-manifest/mdatp-pwsh.psd1 @@ -40,7 +40,6 @@ "Get-DatpMachine", "Get-DatpMachineAlerts", "Get-DatpMachineUsers", - "Get-DatpMachineByIp", "Set-DatpMachineIsolation", "Add-DatpMachineTag", "Remove-DatpMachineTag", diff --git a/src/mdatp-pwsh.csproj b/src/mdatp-pwsh.csproj index fbfe36a..ea05770 100644 --- a/src/mdatp-pwsh.csproj +++ b/src/mdatp-pwsh.csproj @@ -6,11 +6,11 @@ - + All - + diff --git a/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs b/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs index 14951a2..87e5094 100644 --- a/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs +++ b/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs @@ -1,7 +1,9 @@ using System; using System.Linq; +using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; + using Microsoft.Identity.Client; namespace MdatpPwsh @@ -14,7 +16,7 @@ public PublicAuthenticationHelper(IPublicClientApplication app) } private IPublicClientApplication App { get; set; } - public async Task StartAcquire(IEnumerable scopes) + public async Task StartAcquire(IEnumerable scopes, CancellationToken token) { AuthenticationResult result = null; @@ -26,29 +28,45 @@ public async Task StartAcquire(IEnumerable scopes) } else { - result = await GetDeviceCode(scopes); + result = await GetDeviceCode(scopes, token); } return result; } - public async Task GetDeviceCode(IEnumerable scopes) + public async Task GetDeviceCode(IEnumerable scopes, CancellationToken token) { AuthenticationResult result = null; - try { - result = await App.AcquireTokenWithDeviceCode(scopes, + result = await App.AcquireTokenWithDeviceCode( + scopes, deviceCodeCallback => { Console.WriteLine(deviceCodeCallback.Message); - return Task.FromResult(0); - }).ExecuteAsync(); + + Task resultFromTask = null; + if (token.IsCancellationRequested) + { + token.ThrowIfCancellationRequested(); + } + else + { + resultFromTask = Task.FromResult(0); + } + + return resultFromTask; + } + ).ExecuteAsync(token); } catch (MsalServiceException e) { throw e; } + catch (OperationCanceledException e) + { + throw e; + } catch (MsalClientException e) { throw e; diff --git a/src/mdatp-pwsh/models/domains/DomainStats.cs b/src/mdatp-pwsh/models/domains/DomainStats.cs index 0dd7f9f..bb79512 100644 --- a/src/mdatp-pwsh/models/domains/DomainStats.cs +++ b/src/mdatp-pwsh/models/domains/DomainStats.cs @@ -10,7 +10,7 @@ public class DomainStats public string DomainHost { get; set; } [JsonPropertyName("orgPrevalence")] - public Nullable OrgPrevalence { get; set; } + public string OrgPrevalence { get; set; } [JsonPropertyName("orgFirstSeen")] public Nullable OrgFirstSeen { get; set; } diff --git a/src/mdatp-pwsh/models/files/FileProperties.cs b/src/mdatp-pwsh/models/files/FileProperties.cs index ac3a8cd..f20e177 100644 --- a/src/mdatp-pwsh/models/files/FileProperties.cs +++ b/src/mdatp-pwsh/models/files/FileProperties.cs @@ -28,25 +28,7 @@ public class FileProperties public string FileType { get; set; } [JsonPropertyName("isPeFile")] - public dynamic IsPeFile - { - get { return isPeFile; } - set - { - switch (null == value) - { - case true: - isPeFile = false; - break; - - default: - isPeFile = true; - break; - - } - } - } - private dynamic isPeFile; + public bool IsPeFile { get; set; } [JsonPropertyName("globalPrevalence")] public Int64 GlobalPrevalence { get; set; } @@ -67,24 +49,6 @@ public dynamic IsPeFile public string SignerHash { get; set; } [JsonPropertyName("isValidCertificate")] - public dynamic IsValidCertificate - { - get { return isValidCertificate; } - set - { - switch (null == value) - { - case true: - isValidCertificate = false; - break; - - default: - isValidCertificate = true; - break; - - } - } - } - private dynamic isValidCertificate; + public Nullable IsValidCertificate { get; set; } } } \ No newline at end of file diff --git a/src/mdatp-pwsh/models/files/FileStats.cs b/src/mdatp-pwsh/models/files/FileStats.cs index af81c28..81aac86 100644 --- a/src/mdatp-pwsh/models/files/FileStats.cs +++ b/src/mdatp-pwsh/models/files/FileStats.cs @@ -11,7 +11,7 @@ public class FileStats public string SHA1 { get; set; } [JsonPropertyName("orgPrevalence")] - public int OrgPrevalence { get; set; } + public string OrgPrevalence { get; set; } [JsonPropertyName("orgFirstSeen")] public Nullable OrgFirstSeen { get; set; } @@ -20,7 +20,7 @@ public class FileStats public Nullable OrgLastSeen { get; set; } [JsonPropertyName("globalPrevalence")] - public int GlobalPrevalence { get; set; } + public string GlobalPrevalence { get; set; } [JsonPropertyName("globalFirstObserved")] public Nullable GlobalFirstObserved { get; set; } diff --git a/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs b/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs index 6c51309..b71c26d 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs @@ -12,6 +12,7 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommon.Get, "DatpAlert")] [CmdletBinding(DefaultParameterSetName = "ListAlerts")] + [OutputType(typeof(Alert[]))] public class GetDatpAlert : DatpCmdlet { [Parameter( @@ -26,7 +27,7 @@ public AlertStatus AlertStatus private AlertStatus alertStatus = AlertStatus.New; [Parameter( - Position = 1, + Position = 0, ParameterSetName = "GetAlert" )] public string AlertId diff --git a/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs b/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs index c35f714..098cc10 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs @@ -15,7 +15,8 @@ public class UpdateDatpAlert : DatpCmdlet { [Parameter( Position = 0, - Mandatory = true + Mandatory = true, + ValueFromPipelineByPropertyName = true )] public string AlertId { diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs index 4b44cb5..a221cf6 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.IO; using System.Management.Automation; +using System.Runtime.CompilerServices; using System.Threading; using System.Threading.Tasks; @@ -16,6 +17,8 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommunications.Connect, "DatpGraph")] public class ConnectDatpGraph : DatpCmdlet { + + private CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); protected override void BeginProcessing() { base.BeginProcessing(); @@ -68,27 +71,50 @@ protected override void ProcessRecord() }; AuthenticationResult result = null; - CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); + ConsoleCancelEventHandler cancelEventHandler = new ConsoleCancelEventHandler(cancelHandler); try { - result = TokenFlow.StartAcquire(scopes).GetAwaiter().GetResult(); + Console.CancelKeyPress += cancelEventHandler; + CancellationToken token = cancellationTokenSource.Token; + + result = TokenFlow.GetDeviceCode(scopes, token).GetAwaiter().GetResult(); } - catch (System.Exception e) + catch (TaskCanceledException e) { - throw e; + Console.CancelKeyPress -= cancelEventHandler; + cancellationTokenSource.Dispose(); + + ErrorRecord psErrorRecordObj = new ErrorRecord( + e, + "LoginCancelled", + ErrorCategory.CloseError, + result + ); + + ThrowTerminatingError(psErrorRecordObj); + } + finally + { + Console.CancelKeyPress -= cancelEventHandler; + cancellationTokenSource.Dispose(); } - cancellationTokenSource = null; DatpSessionClient sessionClient = new DatpSessionClient(new Uri("https://api.securitycenter.microsoft.com/api/v1.0/"), result, app); SessionState.PSVariable.Set(new PSVariable("DatpSessionClient", sessionClient, ScopedItemOptions.Private)); - WriteObject("You are now connected to the Defender ATP API."); + WriteObject("You are now connected to the Defender for Endpoint API."); } protected override void EndProcessing() { base.EndProcessing(); } + + protected void cancelHandler(object sender, ConsoleCancelEventArgs args) + { + cancellationTokenSource.Cancel(); + args.Cancel = true; + } } } \ No newline at end of file diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs b/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs index f764959..867b453 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs @@ -6,6 +6,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Session; [Cmdlet(VerbsCommon.Get, "DatpSessionClient")] + [OutputType(typeof(DatpSessionClient))] public class GetDatpSessionClient : DatpCmdlet { protected override void BeginProcessing() diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs b/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs index 5c2386b..58da993 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs @@ -8,6 +8,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Models.Core; [Cmdlet(VerbsCommon.Set, "DatpModuleConfig")] + [OutputType(typeof(DatpModuleConfig))] public class SetDatpModuleConfig : PSCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs index 834f013..b7a1263 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs @@ -10,6 +10,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpDomainRelated")] + [OutputType( + typeof(Machine[]), + typeof(Alert[]) + )] public class GetDatpDomainRelated : DatpCmdlet { [Parameter( @@ -50,24 +54,27 @@ protected override void ProcessRecord() WriteVerbose($"Getting related info for domain '{domainName}'."); string apiJson = SendApiCall(apiUri, null, HttpMethod.Get); - dynamic apiResult = null; switch (searchType) { case "Alerts": - apiResult = new JsonConverter>(apiJson).Value; + ResponseCollection apiResultAlerts = new JsonConverter>(apiJson).Value; + + foreach (Alert obj in apiResultAlerts.Value) + { + WriteObject(obj); + } break; case "Machines": - apiResult = new JsonConverter>(apiJson).Value; - break; + ResponseCollection apiResultMachines = new JsonConverter>(apiJson).Value; - } + foreach (Machine obj in apiResultMachines.Value) + { + WriteObject(obj); + } + break; - foreach (dynamic obj in apiResult.value) - { - WriteObject(obj); } - } } } \ No newline at end of file diff --git a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs index 2b5a49c..d90848e 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpDomainStats")] + [OutputType(typeof(DomainStats))] public class GetDatpDomainStats : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs index ed093c1..bbfa44f 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs @@ -11,19 +11,20 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFile")] + [OutputType(typeof(FileProperties))] public class GetDatpFile : DatpCmdlet { [Parameter( Position = 0, Mandatory = true )] - public List FileIdentifier + public string[] FileIdentifier { get { return fileIdentifier; } set { fileIdentifier = value; } } - private List fileIdentifier; + private string[] fileIdentifier; protected override void BeginProcessing() { diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs index 39df887..a95c482 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFileAlerts")] + [OutputType(typeof(Alert[]))] public class GetDatpFileAlerts : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs index 1707a01..6607449 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFileMachines")] + [OutputType(typeof(Machine[]))] public class GetDatpFileMachines : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs index a6ffad9..86f5ad4 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFileStats")] + [OutputType(typeof(FileStats))] public class GetDatpFileStats : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs index f8d27b4..a51b7cb 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs @@ -12,6 +12,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Add, "DatpMachineTag")] + [OutputType(typeof(Machine))] public class AddDatpMachineTag : DatpCmdlet { [Parameter( @@ -19,12 +20,12 @@ public class AddDatpMachineTag : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs index 0719452..2853617 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs @@ -13,6 +13,10 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommon.Get, "DatpMachine")] [CmdletBinding(DefaultParameterSetName = "AllMachines")] + [OutputType( + typeof(Machine), + typeof(Machine[]) + )] public class GetDatpMachine : DatpCmdlet { [Parameter( @@ -20,12 +24,12 @@ public class GetDatpMachine : DatpCmdlet ParameterSetName = "SingleMachine", ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs index 266e8d4..ccb9859 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommon.Get, "DatpMachineAction")] [CmdletBinding(DefaultParameterSetName = "AllActivities")] + [OutputType( + typeof(ActivityResponse), + typeof(ActivityResponse[]) + )] public class GetDatpMachineAction : DatpCmdlet { [Parameter( @@ -70,7 +74,11 @@ protected override void ProcessRecord() } break; } + } + protected override void EndProcessing() + { + base.EndProcessing(); } } } \ No newline at end of file diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs index 33a595e..0e306ef 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpMachineAlerts")] + [OutputType( + typeof(Alert), + typeof(Alert[]) + )] public class GetDatpMachineAlerts : DatpCmdlet { [Parameter( @@ -18,12 +22,12 @@ public class GetDatpMachineAlerts : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; protected override void BeginProcessing() diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs index 6105e67..d2f0f43 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs @@ -11,18 +11,22 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpMachineByIp")] + [OutputType( + typeof(Machine), + typeof(Machine[]) + )] public class GetDatpMachineByIp : DatpCmdlet { [Parameter( Position = 0, ValueFromPipelineByPropertyName = true )] - public List IpAddress + public string[] IpAddress { get { return ipAddress; } set { ipAddress = value; } } - private List ipAddress; + private string[] ipAddress; public DateTime TimeStamp { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs index 35e0a8b..fcba162 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpMachineUsers")] + [OutputType( + typeof(User), + typeof(User[]) + )] public class GetDatpMachineUsers : DatpCmdlet { [Parameter( @@ -18,12 +22,12 @@ public class GetDatpMachineUsers : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; protected override void BeginProcessing() { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs index 6895ec5..d17436d 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsData.Out, "DatpInvestigationPkg")] + [OutputType(typeof(FileInfo))] public class OutDatpInvestigationPkg : DatpCmdlet { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs index 10f30a1..47d34a1 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Remove, "DatpMachineTag")] + [OutputType(typeof(Machine))] public class RemoveDatpMachineTag : DatpCmdlet { [Parameter( @@ -18,12 +19,12 @@ public class RemoveDatpMachineTag : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs index 1ce1f4d..99c774c 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Set, "DatpMachineIsolation")] + [OutputType(typeof(ActivityResponse))] public class SetDatpMachineIsolation : DatpCmdlet { [Parameter( @@ -18,12 +19,12 @@ public class SetDatpMachineIsolation : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs index e584132..a282824 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsLifecycle.Start, "DatpInvestigationPkgCollection")] + [OutputType(typeof(ActivityResponse))] public class StartDatpInvestigationPkgCollection : DatpCmdlet { [Parameter( @@ -18,12 +19,12 @@ public class StartDatpInvestigationPkgCollection : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs index 9249614..09156c0 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsLifecycle.Start, "DatpMachineScan")] + [OutputType(typeof(ActivityResponse))] public class StartDatpMachineScan : DatpCmdlet { [Parameter( @@ -18,12 +19,12 @@ public class StartDatpMachineScan : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1 diff --git a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs index 1b3ba4d..b84c237 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs @@ -11,18 +11,22 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpUserAlerts")] + [OutputType( + typeof(Alert), + typeof(Alert[]) + )] public class GetDatpUserAlerts : DatpCmdlet { [Parameter( Position = 0, Mandatory = true )] - public List UserName + public string[] UserName { get { return userName; } set { userName = value; } } - private List userName; + private string[] userName; protected override void BeginProcessing() { diff --git a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs index 229d518..128f313 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs @@ -11,18 +11,19 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpUserMachines")] + [OutputType(typeof(Machine[]))] public class GetDatpUserMachines : DatpCmdlet { [Parameter( Position = 0, Mandatory = true )] - public List UserName + public string[] UserName { get { return userName; } set { userName = value; } } - private List userName; + private string[] userName; protected override void BeginProcessing() {