Export-SentinelOneBlacklists

SYNOPSIS

Export a csv of all the items in the Blacklist that match the filter.

SYNTAX

Export-SentinelOneBlacklists [-accountIds <String[]>] [-createdAt__between <String>] [-createdAt__gt <DateTime>]
 [-createdAt__gte <DateTime>] [-createdAt__lt <DateTime>] [-createdAt__lte <DateTime>]
 [-description__contains <String[]>] [-groupIds <Int64[]>] [-ids <Int64[]>] [-includeChildren]
 [-includeParents] [-osTypes <String[]>] [-query <String>] [-recommendations <String[]>] [-siteIds <Int64[]>]
 [-source <String[]>] [-tenant] [-type <String>] [-types <String[]>] [-unified] [-updatedAt__between <String>]
 [-updatedAt__gt <DateTime>] [-updatedAt__gte <DateTime>] [-updatedAt__lt <DateTime>]
 [-updatedAt__lte <DateTime>] [-user__contains <String[]>] [-userIds <String[]>] [-value <String>]
 [-value__contains <String[]>] [-fileName <String>] [-filePath <String>] [-showReport] [<CommonParameters>]

DESCRIPTION

The Export-SentinelOneBlacklists cmdlet exports a csv of all the items in the Blacklist that match the filter.

To see items from the Global Blacklist, make sure “tenant” is “true” and no other scope ID is given.

EXAMPLES

EXAMPLE 1

Export-SentinelOneBlacklists

If less then 10k results then it returns a top level blacklist and saves the results to a csv in the current working directory

fileName: blacklists-2022-10-29_105845.

EXAMPLE 2

225494730938493804 | Export-SentinelOneBlacklists

If less then 10k results then it returns a blacklist for the defined site and saves the results to a csv in the current working directory

fileName: blacklists-2022-10-29_105845.csv

EXAMPLE 3

Export-SentinelOneBlacklists -siteIds 225494730938493804  -fileName MyFile -filePath C:\Logs -showReport

If less then 10k results then it returns a blacklist for the defined site, saves the results to a csv in the defined directory with the defined name and opens the location to were the file is saved.

fileName: MyFile.csv

PARAMETERS

-accountIds

List of Account IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__between

Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__gt

Returns blacklists created after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__gte

Returns blacklists created after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__lt

Returns blacklists created before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__lte

Returns blacklists created before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-description__contains

Free-text filter by description

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-groupIds

List of Group IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ids

List of IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-includeChildren

Return filters from children scope levels

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-includeParents

Return filters from parent scope levels

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-osTypes

List of Os types to filter by.

Allowed values: ‘linux’, ‘macos’, ‘windows’, ‘windows_legacy’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-query

A free-text search term, will match applicable attributes

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-recommendations

List of recommendations to filter by.

Allowed values: ‘None’, ‘Not allowed’, ‘Not recommended’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-siteIds

List of Site IDs to filter by.

Example: “225494730938493804,225494730938493915”

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-source

List sources to filter by.

Allowed values: ‘action_from_threat’, ‘catalog’, ‘cloud’, ‘user’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tenant

Indicates a tenant scope request

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-type

Type

Allowed values: ‘black_hash’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-types

Type

Allowed values: ‘black_hash’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-unified

Unified

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__between

Date range for update time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__gt

Returns blacklists updated after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__gte

Returns blacklists updated after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__lt

Returns blacklists updated before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__lte

Returns blacklists updated before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-user__contains

Free-text filter by user name

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-userIds

List of user ids to filter by.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-value

value

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-value__contains

Free-text filter by value

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-fileName

Name of the file

Example: ‘MyAgents-2022’

The default name format is ‘blacklists-yyyy-MM-dd_HHmmss’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: "blacklists-$( Get-date -Format 'yyyy-MM-dd_HHmmss' )"
Accept pipeline input: False
Accept wildcard characters: False

-filePath

The location to save the file to

Example: ‘C:\Logs’

The default save location is the current working directory

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: $( (Get-Location).Path )
Accept pipeline input: False
Accept wildcard characters: False

-showReport

Open the location where the file was saved to

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

N\A

https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ExclusionsAndBlacklist/Export-SentinelOneBlacklists.html

Export-SentinelOneBlacklists

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

PARAMETERS

-accountIds

-createdAt__between

-createdAt__gt

-createdAt__gte

-createdAt__lt

-createdAt__lte

-description__contains

-groupIds

-ids

-includeChildren

-includeParents

-osTypes

-query

-recommendations

-siteIds

-source

-tenant

-type

-types

-unified

-updatedAt__between

-updatedAt__gt

-updatedAt__gte

-updatedAt__lt

-updatedAt__lte

-user__contains

-userIds

-value

-value__contains

-fileName

-filePath

-showReport

CommonParameters

INPUTS

OUTPUTS

NOTES

RELATED LINKS