Get-SentinelOneExclusions

SYNOPSIS

Get a list of all the Exclusions that match the filters

SYNTAX

Get-SentinelOneExclusions [-accountIds <String[]>] [-countOnly] [-createdAt__between <String>]
 [-createdAt__gt <DateTime>] [-createdAt__gte <DateTime>] [-createdAt__lt <DateTime>]
 [-createdAt__lte <DateTime>] [-cursor <String>] [-description__contains <String[]>] [-groupIds <Int64[]>]
 [-ids <Int64[]>] [-includeChildren] [-includeParents] [-limit <Int64>] [-modes <String[]>]
 [-pathExclusionTypes <String[]>] [-osTypes <String[]>] [-query <String>] [-recommendations <String[]>]
 [-siteIds <Int64[]>] [-skip <Int64>] [-skipCount] [-sortBy <String>] [-sortOrder <String>]
 [-source <String[]>] [-tenant] [-type <String>] [-types <String[]>] [-unified] [-updatedAt__between <String>]
 [-updatedAt__gt <DateTime>] [-updatedAt__gte <DateTime>] [-updatedAt__lt <DateTime>]
 [-updatedAt__lte <DateTime>] [-user__contains <String[]>] [-userIds <String[]>] [-value <String>]
 [-value__contains <String[]>] [<CommonParameters>]

DESCRIPTION

The Get-SentinelOneExclusions cmdlet gets a list of all the Exclusions that match the filter.

Note: To filter the results for a scope: Global - Make sure “tenant” is “true” and no other scope ID is given. Account - Make sure “tenant” is “false” and at least one Account ID is given. Site - Make sure “tenant” is “false” and at least one Site ID is given.

EXAMPLES

EXAMPLE 1

Get-SentinelOneExclusions -tenant -countonly

Gets a count of all exclusions from the main tenant

EXAMPLE 2

225494730938493804 | Get-SentinelOneExclusions

Gets a list of all exclusions from the defined site

EXAMPLE 3

Get-SentinelOneExclusions -createdAt__gt '2018-02-27 14:32'

Gets a list of all exclusions that were created after the defined dataTime

DataTime values are converted to UTC, use -verbose to see the value it is converted to.

EXAMPLE 4

Get-SentinelOneExclusions -cursor 'YWdlbnRfaWQ6NTgwMjkzODE='

Returns results after the first 10 results

The cursor value can be found under pagination

PARAMETERS

-accountIds

List of Account IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-countOnly

If true, only total number of items will be returned, without any of the actual objects.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__between

Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__gt

Returns exclusions created after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__gte

Returns exclusions created after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__lt

Returns exclusions created before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__lte

Returns exclusions created before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-cursor

Cursor position returned by the last request. Use to iterate over more than 1000 items.

Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-description__contains

Free-text filter by description

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-groupIds

List of Group IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ids

List of IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-includeChildren

Return filters from children scope levels

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-includeParents

Return filters from parent scope levels

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-limit

Limit number of returned items (1-1000).

Example: “10”.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-modes

List of modes to filter by (Path exclusions only).

Allowed values: ‘disable_all_monitors’, ‘disable_all_monitors_deep’, ‘disable_in_process_monitor’, ‘disable_in_process_monitor_deep’, ‘suppress’, ‘suppress_app_control’, ‘suppress_dfi_only’, ‘suppress_dynamic_only’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-pathExclusionTypes

List of excluded paths in an exclusion (Path exclusions only).

Allowed values: ‘file’, ‘folder’, ‘subfolder’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osTypes

List of Os types to filter by.

Allowed values: ‘linux’, ‘macos’, ‘windows’, ‘windows_legacy’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-query

A free-text search term, will match applicable attributes

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-recommendations

List of recommendations to filter by.

Allowed values: ‘None’, ‘Not allowed’, ‘Not recommended’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-siteIds

List of Site IDs to filter by.

Example: “225494730938493804,225494730938493915”

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-skip

Skip first number of items (0-1000). To iterate over more than 1000 items, use “cursor”.

Example: “150”.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-skipCount

If true, total number of items will not be calculated, which speeds up execution time.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-sortBy

Sorts the returned results by a defined value

Allowed values: ‘actions’, ‘createdAt’, ‘description’, ‘id’, ‘mode’, ‘osType’, ‘pathExclusionType’, ‘scope’, ‘scopePath’, ‘source’, ‘subfolders’, ‘type’, ‘updatedAt’, ‘userName’, ‘value’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-sortOrder

Sort direction

Allowed values: ‘asc’, ‘desc’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-source

List sources to filter by.

Allowed values: ‘action_from_threat’, ‘catalog’, ‘cloud’, ‘user’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tenant

Indicates a tenant scope request

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-type

Type

Allowed values: ‘black_hash’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-types

Type

Allowed values: ‘black_hash’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-unified

Unified

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__between

Date range for update time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__gt

Returns exclusions updated after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__gte

Returns exclusions updated after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__lt

Returns exclusions updated before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-updatedAt__lte

Returns exclusions updated before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-user__contains

Free-text filter by user name

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-userIds

List of user ids to filter by.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-value

value

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-value__contains

Free-text filter by value

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

N\A

https://celerium.github.io/SentinelOne-PowerShellWrapper/site/ExclusionsAndBlacklist/Get-SentinelOneExclusions.html

Get-SentinelOneExclusions

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

EXAMPLE 4

PARAMETERS

-accountIds

-countOnly

-createdAt__between

-createdAt__gt

-createdAt__gte

-createdAt__lt

-createdAt__lte

-cursor

-description__contains

-groupIds

-ids

-includeChildren

-includeParents

-limit

-modes

-pathExclusionTypes

-osTypes

-query

-recommendations

-siteIds

-skip

-skipCount

-sortBy

-sortOrder

-source

-tenant

-type

-types

-unified

-updatedAt__between

-updatedAt__gt

-updatedAt__gte

-updatedAt__lt

-updatedAt__lte

-user__contains

-userIds

-value

-value__contains

CommonParameters

INPUTS

OUTPUTS

NOTES

RELATED LINKS