Get-SentinelOneRangerTables

SYNOPSIS

Get the data for each row in the Ranger Device Inventory Table.

SYNTAX

Get-SentinelOneRangerTables [-accountIds <Int64[]>] [-agentIds <String[]>] [-countOnly] [-cursor <String>]
 [-deviceFunction__contains <String[]>] [-deviceReviews <String[]>] [-deviceType <String>]
 [-deviceTypes <String[]>] [-discoveryMethods <String[]>] [-domains <String[]>] [-externalIp <String>]
 [-externalIp__contains <String[]>] [-firstSeen__between <String>] [-firstSeen__gt <DateTime>]
 [-firstSeen__gte <DateTime>] [-firstSeen__lt <DateTime>] [-firstSeen__lte <DateTime>]
 [-gatewayMacAddress <String>] [-gatewayMacAddress__contains <String[]>] [-hostnames <String>]
 [-hostnames__contains <String[]>] [-ids <Int64[]>] [-knownFingerprintingData <String[]>]
 [-lastSeen__between <String>] [-lastSeen__gt <DateTime>] [-lastSeen__gte <DateTime>]
 [-lastSeen__lt <DateTime>] [-lastSeen__lte <DateTime>] [-limit <Int64>] [-localIp <String>]
 [-localIp__contains <String[]>] [-macAddress <String>] [-macAddress__contains <String[]>]
 [-managedState <String>] [-managedStates <String[]>] [-manufacturer <String>]
 [-manufacturer__contains <String[]>] [-networkName <String>] [-networkName__contains <String[]>]
 [-osName <String>] [-osType <String>] [-osTypes <String[]>] [-osVersion <String>]
 [-osVersion__contains <String[]>] [-period <String>] [-query <String>] [-siteIds <Int64[]>]
 [-siteNames <String[]>] [-skip <Int64>] [-skipCount] [-sortBy <String>] [-sortOrder <String>]
 [-subnetAddress__contains <String[]>] [-tagName__contains <String[]>] [-tcpPorts__contains <String[]>]
 [-udpPorts__contains <String[]>] [<CommonParameters>]

DESCRIPTION

The Get-SentinelOneRangerTables cmdlet gets the data for each row in the Ranger Device Inventory Table.

EXAMPLES

EXAMPLE 1

Get-SentinelOneRangerTables

Returns the data for each row in the Ranger Device Inventory Table from a global scope

EXAMPLE 2

Get-SentinelOneRangerTables -siteIds 225494730938493804

Returns the data for each row in the Ranger Device Inventory Table from the defined site

EXAMPLE 3

225494730938493804 | Get-SentinelOneRangerTables

Returns the data for each row in the Ranger Device Inventory Table from the defined site

EXAMPLE 4

Get-SentinelOneRangerTables -firstSeen__gt '2018-02-27 14:32' -siteIds 225494730938493804

Returns rangers first seen after defined dataTime from the defined site

DataTime values are converted to UTC, use -verbose to see the value it is converted to.

EXAMPLE 5

Get-SentinelOneRangerTables -cursor 'YWdlbnRfaWQ6NTgwMjkzODE='

Returns data after the first 10 results

The cursor value can be found under pagination

PARAMETERS

-accountIds

Single Account ID to filter by.

Example: “225494730938493804”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-agentIds

List of agent ids.

Example: “225494730938493804,225494730938493915”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-countOnly

If true, only total number of items will be returned, without any of the actual objects.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-cursor

Cursor position returned by the last request. Use to iterate over more than 1000 items.

Example: “YWdlbnRfaWQ6NTgwMjkzODE=”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-deviceFunction__contains

Free-text filter by device function

Example: “security,mobile”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-deviceReviews

The device review state

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-deviceType

Device type.

Example: “Server/Workstation/…”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-deviceTypes

Device types.

Example: “Server/Workstation/…”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-discoveryMethods

Discovery methods

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-domains

Included network domains.

Example: “mybusiness,workgroup”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-externalIp

Search external ip using a CIDR expression or exact IP

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-externalIp__contains

Free-text filter by visible IP

Example: “192.168.0.1/24,10.1”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-firstSeen__between

Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-firstSeen__gt

Returns rangers created after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-firstSeen__gte

Returns rangers created after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-firstSeen__lt

Returns rangers created before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-firstSeen__lte

Returns rangers created before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-gatewayMacAddress

A gateway mac address to search for

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-gatewayMacAddress__contains

Free-text filter by gateway mac address

Example: “aa:ee:b1”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-hostnames

Hostnames

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-hostnames__contains

Free-text filter by hostname

Example: “s1_host,SomeHost”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ids

List of device ids.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-knownFingerprintingData

Known fingerprinting data.

Allowed values: ‘Hostname’, ‘MAC Address’, ‘Manufacturer’, ‘OS Version’

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-lastSeen__between

Date range for creation time (format: <from_timestamp>-<to_timestamp>, inclusive).

Example: “1514978890136-1514978650130”.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-lastSeen__gt

Returns rangers lastSeen after this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-lastSeen__gte

Returns rangers lastSeen after or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-lastSeen__lt

Returns rangers lastSeen before this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-lastSeen__lte

Returns rangers lastSeen before or at this timestamp.

Inputted data is converted to UTC time

Example: yyyy-MM-ddTHH:mm:ss.ffffffZ 2018-02-27T04:49:26.257525Z

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-limit

Limit number of returned items (1-1000).

Example: “10”.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-localIp

Search using local IP

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-localIp__contains

Free-text filter by IP Address

Example: “192.168.0.1/24,10.1”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-macAddress

A mac address to search for

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-macAddress__contains

Free-text filter by mac address.

Example: “aa:ee:b1”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-managedState

Is the device managed

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-managedStates

Is the device managed

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-manufacturer

Manufacturer of the device or network interface

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-manufacturer__contains

Free-text filter by manufacturer

Example: “Company”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-networkName

Search using network name

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-networkName__contains

Free-text filter by network name

Example: “Office”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osName

Os name

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osType

OS type

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osTypes

Included OS types

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osVersion

Os version

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-osVersion__contains

Free-text filter by OS full name and version

Example: “Service Pack 1”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-period

Period.

Allowed values: ‘last12h’, ‘last24h’, ‘last3d’, ‘last7d’, ‘latest’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-query

Free text query

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-siteIds

List of Site IDs to filter by.

Example: “225494730938493804,225494730938493915”.

Type: Int64[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-siteNames

Included site names.

Example: “Office,Test”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-skip

Skip first number of items (0-1000). To iterate over more than 1000 items, use “cursor”.

Example: “150”.

Type: Int64
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-skipCount

If true, total number of items will not be calculated, which speeds up execution time.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-sortBy

Sorts the returned results by a defined value

Allowed values: ‘archived’, ‘deviceReview’, ‘deviceType’, ‘domain’, ‘externalIp’, ‘firstSeen’, ‘gatewayMacAddress’, ‘hasUserLabel’, ‘id’, ‘lastSeen’, ‘localIp’, ‘macAddress’, ‘managedState’, ‘manufacturer’, ‘networkName’, ‘osName’, ‘osType’, ‘osVersion’, ‘subnetAddress’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-sortOrder

Sort direction

Allowed values: ‘asc’, ‘desc’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-subnetAddress__contains

Free-text filter by Subnet Address

Example: “192.168.0.1/24,10.1”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tagName__contains

Free-text filter by tag name

Example: “iot”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-tcpPorts__contains

Free-text filter by tcp port

Example: “80,24”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-udpPorts__contains

Free-text filter by udp port

Example: “137,2002”.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

As of 2022-11 Cannot fully validate due to permissions and licensing

https://celerium.github.io/SentinelOne-PowerShellWrapper/site/Ranger/Get-SentinelOneRangerTables.html