我正在尝试使用Cylance API创建Powershell脚本,
我有Perl背景,但是我是Powershell的新手,所以我认为我可以这样:
查找每台超过45天的设备,将它们存储为名称->日期在哈希表中,将哈希表打印到.csv文件中,然后删除哈希表中存储的设备。
但是,我只有几个设备,而csv文件为空白。这就是存储在HashTable中的内容(我知道实际上应该在此HashTable中存储更多的设备)。
Name Value
---- -----
MPB8NTVR 2018-12-11T17:25:38.259
FENAPPTESTNICK 2018-12-11T15:50:31.924
SERSENM2 2018-12-11T14:57:50.109
FENWAPNMSP40 2018-12-07T20:26:04.005
FENXENAPPD01 2018-12-13T16:42:34.517
FENXENAPPD02 2018-12-13T16:43:54.908
M5CG7193HR4 2018-12-14T17:10:20.588
param (
[string]$AccessTokenPath = "Documents\Cylance\",
[string]$CylanceGenerator = "CylanceGeneratorTest.exe",
[int]$PageNumber = 1,
[int]$PageSize = 200,
[string]$CylanceURI = "https://protectapi.cylance.com/devices/v2?page=$PageNumber&page_size=$PageSize",
[string]$CylanceDeviceURI = "https://protectapi.cylance.com/devices/v2/",
[string]$OutFile = "$PWD\testfile.txt",
$TodaysDate = (Get-Date -Format 'yyyy-MM-ddTHH:mm:ss.fff'),
$date = 45
)
$AccessToken = & $AccessTokenPath\$CylanceGenerator
$CSVHash = @{}
do {
[string]$CylanceURI = "https://protectapi.cylance.com/devices/v2?page=$PageNumber&page_size=$PageSize"
try {
$CylanceRequest = Invoke-RestMethod -Method Get -Uri $CylanceURI -Header @{"Authorization" = "Bearer $AccessToken"}
}
catch {
$CylanceError = $_
}
$response = $CylanceRequest | Select-object -ExpandProperty page_items | Select-Object -Property id, name, date_first_registered, date_offline
$response | ForEach-Object {
try {
$uri = $CylanceDeviceURI + $_.id
$CylanceDeviceReq = Invoke-RestMethod -Method Get -Uri $uri -Header @{"Authorization" = "Bearer $AccessToken"}
$DaysOffline = $CylanceDeviceReq.date_offline
if ($DaysOffline) {
"Days offline = " + $DaysOffline
$TimeDiff = New-TimeSpan -Start $TodaysDate -End $DaysOffline
"TimeDiff.Days = " + $TimeDiff.Days
}
if ($DaysOffline -and ($TimeDiff.Days -le -$date)) {
"Adding " + $_.name + " " + $DaysOffline
$CSVHash.Add($_.name, $DaysOffline)
}
$temp = $_ | ForEach-Object {
if ($_.date_offline) {
New-Object psobject -Property @{
"Name" = $_.name
"ID" = $_.id
"Date Offline" = $CylanceDeviceReq.date_offline
}
}
$temp | Export-csv -Append $PWD\raw.csv -NoTypeInformation
}
}
catch {
$CylanceError = $_
}
$PageNumber++
}
} while ($PageNumber -le $PageSize)
#$CompHash
$CSVHash
答案 0 :(得分:1)
至于……
我有Perl背景,但是我是Powershell的新手
您的意思是说,您在开始沿这条路径之前已经在PowerShell上进行了一些改进,并且您已经利用了来自MS PowerShellGallery,GitHub的Cylance模块/脚本,无法直接利用它们或对其进行调整在尝试发布内容之前您有什么需要?
Cylance-API-PS
https://github.com/Maliek/Cylance-API-PSCylanceDSCScript.ps1
GetNewThreatsAndDeviceLastDay.ps1
GetOldDevices.ps1
GetOldDevicesAndRemove.ps1
GetRansom.ps1
GetSubClassificationsThreats.ps1
GetThreatsAndDevice.ps1
README.md
SendMailLatestThreatsAndDevices.ps1
UploadMultipleHashes.ps1
hashes.txtCylance-API-Powershell-示例
https://github.com/regexninja826/Cylance-API-Powershell-example
https://www.powershellgallery.com/packages/CyCLI/0.5.6/Content/CyAPI.ps1
哈希表不限制返回的数据量。
因此,请首先从本地提取原始数据集,以确保获得所需的计数,从而确定格式。
答案 1 :(得分:1)
在我看来,奇怪的是您将值分配给$ response的行。我不熟悉你正在处理的对象,但乍一看我怀疑-ExpandProperty的该线路上的一个误用。这将以字符串形式返回属性。然后,您将管道传输到第二个Select-Object,这也不常见。尝试类似$ CylanceRequest.page_items的操作|选择对象...。
我可能是错误的,但就是这样跳出我作为玄乎位。