Get-SentinelOneFirewallCategoryRules

SYNOPSIS

Get the Firewall Control rules for a scope

SYNTAX

Get-SentinelOneFirewallCategoryRules -firewall_rule_category <String> [-accountIds <Int64[]>] [-actions <String[]>]
 [-application__contains <String[]>] [-applications <String[]>] [-countOnly] [-createdAt__between <String>]
 [-createdAt__gt <DateTime>] [-createdAt__gte <DateTime>] [-createdAt__lt <DateTime>]
 [-createdAt__lte <DateTime>] [-cursor <String>] [-directions <String[]>] [-disablePagination]
 [-groupIds <Int64[]>] [-ids <Int64[]>] [-locationIds <String[]>] [-name <String>] [-name__contains <String[]>]
 [-osTypes <String[]>] [-protocol__contains <String[]>] [-protocols <String[]>] [-query <String>]
 [-scopes <String[]>] [-service__contains <String[]>] [-siteIds <Int64[]>] [-skip <Int64>] [-skipCount]
 [-sortBy <String>] [-sortOrder <String>] [-statuses <String[]>] [-tagIds <String[]>]
 [-tagName__contains <String[]>] [-tenant] [<CommonParameters>]

DESCRIPTION

The Get-SentinelOneFirewallCategoryRules cmdlet gets the Firewall Control rules for a scope specified by ID specified by ID

Firewall Control requires Control SKU.

The response will be quite long because it includes all the rule properties, thus filters are highly encouraged

Filter ids can be some of the following “accounts”, “groupIds”,

To filter the results for a scope: Global - Make sure “tenant” is “true” and no other scope ID is given. Account - Make sure “tenant” is “false” and at least one Account ID is given. Site - Make sure “tenant” is “false” and at least one Site ID is given.

EXAMPLES

EXAMPLE 1

Get-SentinelOneFirewallCategoryRules -firewall_rule_category firewall

Gets Firewall Control category rules using the defined value from a global scope

EXAMPLE 2

Get-SentinelOneFirewallCategoryRules -firewall_rule_category firewall -createdAt__gte '2022-02-27'

Inputted data is converted to UTC time

Returns Firewall Control category rules created after or at this timestamp.

EXAMPLE 3

Get-SentinelOneFirewallCategoryRules -firewall_rule_category firewall -cursor 'YWdlbnRfaWQ6NTgwMjkzODE='

Returns data after the first 10 results

The cursor value can be found under pagination

PARAMETERS

-firewall_rule_category

To affect Network Quarantine use network-quarantine

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-accountIds

List of Account IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-actions

Return firewall rules with the filtered action.

Allowed values: ‘Allow’, ‘Block’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-application__contains

Free-text filter by application

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-applications

Return firewall rules with the filtered firewall class.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-countOnly

If true, only total number of items will be returned, without any of the actual objects.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__between

Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__gt

Returns firewall rules created after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__gte

Returns firewall rules created after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__lt

Returns firewall rules created before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-createdAt__lte

Returns firewall rules created before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-cursor

Cursor position returned by the last request. Use to iterate over more than 1000 items.

Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-directions

Return firewall rules with the filtered action.

Allowed values: ‘any’, ‘inbound’, ‘outbound’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-disablePagination

If true, all rules for requested scope will be returned

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-groupIds

List of Group IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ids

List of ids to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-locationIds

Filter by associated locations.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-name

Return firewall rules with the filtered name.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-name__contains

Free-text filter by the Rule name

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osTypes

Return firewall rules with the filtered os_type.

Allowed values: ‘linux’, ‘macos’, ‘windows’, ‘windows_legacy’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-protocol__contains

Free-text filter by protocol

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-protocols

Return firewall rules with the filtered protocols.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-query

Free text search on name, tag, application, protocol

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-scopes

Return firewall rules with the filtered os_type.

Allowed values: ‘account’, ‘global’, ‘group’, ‘site’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-service__contains

Free-text filter by service

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-siteIds

List of Site IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-skip

Skip first number of items (0-1000). To iterate over more than 1000 items, use “cursor”.

Example: “150”.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-skipCount

If true, total number of items will not be calculated, which speeds up execution time.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-sortBy

Sorts the returned results by a defined value

Allowed values: ‘action’, ‘id’, ‘name’, ‘order’, ‘status’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-sortOrder

Sort direction

Allowed values: ‘asc’, ‘desc’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-statuses

Return firewall rules with the filtered status.

Allowed values: ‘Disabled’, ‘Enabled’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tagIds

Filter by associated tags.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tagName__contains

Free-text filter by the Tag name

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tenant

Indicates a tenant scope request

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

N\A

RELATED LINKS

https://celerium.github.io/SentinelOne-PowerShellWrapper/site/NetworkQuarantineControl/Get-SentinelOneFirewallCategoryRules.html