SentinelOneAPI Module

Description

This PowerShell module acts as a wrapper for the SentinelOne API.

SentinelOneAPI Cmdlets

Add-SentinelOneAPIKey

Sets your API key used to authenticate all API calls.

Add-SentinelOneBaseURI

Sets the base URI for the SentinelOne API connection.

Connect-SentinelOneUserBySSO

Redirects the login to SSO if SSO is enabled

Connect-SentinelOneUserByToken

Log in with a user token.

Export-SentinelOneAccounts

Exports account data from one more more accounts

Export-SentinelOneActivities

Exports the activities, and their data, that match the filters.

Export-SentinelOneAgentLogs

Exports an agents fetched logs to a 7zip file.

Export-SentinelOneAgents

Export Agent data to a CSV, for Agents that match the filter.

Export-SentinelOneApplications

Export the list of applications installed on endpoints

Export-SentinelOneBlacklists

Export a csv of all the items in the Blacklist that match the filter.

Export-SentinelOneDeepVisibilityProcessFile

Download the source process file associated with a Deep Visibility event.

Export-SentinelOneDeviceControlRules

Export Device Control rules to a CSV file.

Export-SentinelOneExclusions

Export a csv of all the items in the Exclusions that match the filter.

Export-SentinelOneFirewallCategoryRules

Export Firewall Control rules that match the filter to a JSON file

Export-SentinelOneFirewallRules

Export Firewall Control rules that match the filter to a JSON file

Export-SentinelOneModuleSettings

Exports the SentinelOne BaseURI, API, & JSON configuration information to file.

Export-SentinelOneRangers

Exports Ranger data to a csv or json file

Export-SentinelOneReports

Exports generated reports to HTML or PDF

Export-SentinelOneRogues

Exports Rogues data to CSV

Export-SentinelOneSites

Exports site data from one more more sites under an account

Export-SentinelOneThreatEvents

Export threat events in CSV or JSON format.

Export-SentinelOneThreatFiles

Exports a threat file from cloud.

Export-SentinelOneThreatMitigations

Export the mitigation report as a CSV file.

Export-SentinelOneThreats

Exports data of threats that match the filter.

Export-SentinelOneThreatTimelines

Export a threat’s timeline.

Export-SentinelOneUpdatePackages

Download a package by site_id (“sites”) and filename.

Export-SentinelOneUsers

Export user data to a CSV, for users that match the filter.

Get-SentinelOneAccounts

Gets account data from one more more accounts under an account

Get-SentinelOneAccountsUninstallPassword

Get the uninstall password or metadata to uninstall several Agents of one Account with one command.

Get-SentinelOneActivities

Get the activities, and their data, that match the filters.

Get-SentinelOneActivitiesAsSyslog

Get the activities, and their data as Syslog, that match the filters.

Get-SentinelOneAgentApplications

Get the installed applications for a specific Agent.

Get-SentinelOneAgentContentUpdates

Gets various agent content updates.

Get-SentinelOneAgentPassphrases

Show the passphrase for the Agents that match the filter.

Get-SentinelOneAgents

Get the Agents, and their data, that match the filter.

Get-SentinelOneAgentTags

Get endpoint Tags.

Get-SentinelOneAlerts

Get a list of alerts for a given scope

Get-SentinelOneAPIKey

Gets the SentinelOne API key global variable.

Get-SentinelOneApplicationCVEs

Get known CVEs for applications that are installed on endpoints with Application Risk-enabled Agents.

Get-SentinelOneApplications

Get the applications, and their data (such as risk level), installed on endpoints with Application Risk-enabled Agents that match the filter.

Get-SentinelOneAutoUpgradePolicy

Get paginated and ordered policies or parent policies by a given scope

Get-SentinelOneBaseURI

Shows the SentinelOne base URI global variable.

Get-SentinelOneBlacklists

Get a list of all the items in the Blacklist that match the filter.

Get-SentinelOneConfigOverrides

Get the configuration values that are changed for each Agent that matches the filter.

Get-SentinelOneCustomDetectionRules

Get a list of Custom Detection Rules for a given scope.

Get-SentinelOneDeepVisibilityEvents

Get all Deep Visibility events from a queryId

Get-SentinelOneDeepVisibilityPowerQueryPing

Ping a Deep Visibility Power Query using the queryId if results have not returned from an initial Power Query or a previous ping

Get-SentinelOneDeepVisibilityProcessState

Get details of all Deep Visibility processes from a queryId

Get-SentinelOneDeepVisibilityQueryStatus

Get the status of a Deep Visibility Query

Get-SentinelOneDeviceControlConfiguration

Get Device Control configuration for a given scope.

Get-SentinelOneDeviceControlEvents

Get the data of Device Control events on Windows and macOS endpoints with Device Control-enabled Agents that match the filter.

Get-SentinelOneDeviceControlRules

Get the Device Control rules of a specified Account, Site, Group or Global (tenant) that match the filter.

Get-SentinelOneExclusions

Get a list of all the Exclusions that match the filters

Get-SentinelOneFilters

Get the list of saved filters or Get saved Deep Visibility queries with full data

Get-SentinelOneFirewallCategoryConfig

Get the Firewall Control configuration for a given scope.

Get-SentinelOneFirewallCategoryProtocols

Get a list of protocols that can be used in Firewall Control rules.

Get-SentinelOneFirewallCategoryRules

Get the Firewall Control rules for a scope

Get-SentinelOneFirewallConfig

Get the Firewall Control configuration for a given scope.

Get-SentinelOneFirewallProtocols

Get a list of protocols that can be used in Firewall Control rules.

Get-SentinelOneFirewallRules

Get the Firewall Control rules that match the filter

Get-SentinelOneFirewallRulesByTag

Get all Firewall rules linked to tag, regardless of inheritance mode.

Get-SentinelOneGateways

Get the gateways in your deployment that match the filter from a Ranger scan.

Get-SentinelOneGroups

Get data of groups that match the filter.

Get-SentinelOneHashReputation

Get the reputation of a hash, given the required SHA1.

Get-SentinelOneLocations

Get the locations of Agents in a given scope that match the filter.

Get-SentinelOneMarketplaceAppCatalog

Get the Marketplace Application Catalog.

Get-SentinelOneMarketplaceAppConfigFields

Get the Catalog Application Configuration Fields.

Get-SentinelOneMarketplaceAppConfigSchema

Get the configuration schema for a requested Application Catalog.

Get-SentinelOneMarketplaceAppInstalls

Get the installed Marketplace applications for a scope specified.

Get-SentinelOnePolicies

Get the policies for defined scopes

Get-SentinelOneRangerDeployCredGroups

Get the data for each row in the Cred Groups table.

Get-SentinelOneRangerEnablementDefaults

Get the self-enablement feature settings for Sites

Get-SentinelOneRangerEnablements

Get data about Accounts and Sites with self-enablement features enabled.

Get-SentinelOneRangers

Get a json string with the Ranger data for one device

Get-SentinelOneRangerSettings

Gets ranger visibility settings

Get-SentinelOneRangerTables

Get the data for each row in the Ranger Device Inventory Table.

Get-SentinelOneRBACRoles

Gets roles assigned to users that match the filter or the role definition

Get-SentinelOneRBACRoleTemplate

Gets the template for a new role.

Get-SentinelOneRemoteScripts

Gets data of the scripts in the SentinelOne Script Library.

Get-SentinelOneRemoteScriptStatus

Gets remote scripts tasks using a variety of filters

Get-SentinelOneReportInsights

Get the Insight Report types.

Get-SentinelOneReports

Get the reports that match the filter and the data of the reports.

Get-SentinelOneReportTasks

Get the tasks that were done to generate reports and to schedule future reports.

Get-SentinelOneRogueSettings

Gets rogue settings

Get-SentinelOneRogueTables

Get the data for each row in the Rogues Device Inventory Table.

Get-SentinelOneRSSFeeds

Get the SentinelOne RSS feed.

Get-SentinelOneSettingEmailRecipients

Get the emails that are configured to receive notifications.

Get-SentinelOneSettings

Gets SentinelOne settings for various endpoints

Get-SentinelOneSites

Gets site data from one more more sites under an account

Get-SentinelOneSystems

Gets general SentinelOne system platform data

Get-SentinelOneSystemsOverview

Gets general SentinelOne system platform data

Get-SentinelOneTags

Get tags.

Get-SentinelOneTaskChildScopeConfigurations

Get the task configuration of child scopes of the given scope

Get-SentinelOneTaskConfigurations

Get the task configuration of a scope.

Get-SentinelOneTaskHasChildScopes

From a given scope, see if there are scopes under it that have local, explicit tasks.

Get-SentinelOneThreatEvents

Get all threat events.

Get-SentinelOneThreatExclusionTypes

Get the Exclusion types that can be created from the detection data.

Get-SentinelOneThreatIntelligence

Get the IOCs of a specified Account that match the filter.

Get-SentinelOneThreatNotes

Get the threat notes that match the filter.

Get-SentinelOneThreats

Get data of threats that match the filter.

Get-SentinelOneThreatTimelines

Get a threat’s timeline.

Get-SentinelOneUpdatePackages

Get the Agent packages that are uploaded to your Management.

Get-SentinelOneUserAccess

Checks various access levels for the logged in user

Get-SentinelOneUserApiToken

Get the details of the API token generated for a given user.

Get-SentinelOneUserByToken

Get the current users information by token.

Get-SentinelOneUsers

Gets a list of users or a single user

Get-SentinelOneUserTokenVerification

Validates a token users management gets when a user verifies their email.

Import-SentinelOneModuleSettings

Imports the SentinelOne BaseURI, API, & JSON configuration information to the current session.

Remove-SentinelOneAPIKey

Removes the SentinelOne API key global variable.

Remove-SentinelOneBaseURI

Removes the SentinelOne base URI global variable.

Remove-SentinelOneModuleSettings

Removes the stored SentinelOne configuration folder.

Test-SentinelOneAPIKey

Test the SentinelOne API key.