Export-SentinelOneThreatFiles

SYNOPSIS

Exports a threat file from cloud.

SYNTAX

Export-SentinelOneThreatFiles -threat_id <String> [-fileName <String>] [-filePath <String>] [-showReport]
 [<CommonParameters>]

DESCRIPTION

The Export-SentinelOneThreatFiles cmdlet exports a threat file from cloud.

EXAMPLES

EXAMPLE 1

Export-SentinelOneThreatFiles -threat_id 225494730938493804

Returns a threat file using the defined Ids and saves the results to a in the current working directory

fileName: threatFile-225494730938493804-2022-10-29_105845

EXAMPLE 2

Export-SentinelOneThreatFiles -threat_id 225494730938493804 -fileName MyCustomFile -filePath C:\Logs -showReport

Returns a threat file using the defined Ids and saves the results in the defined directory with the defined name and opens the location to were the file is saved.

fileName: MyCustomFile

PARAMETERS

-threat_id

Threat ID.

Example: “225494730938493804”.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-fileName

Name of the file

Example: ‘MyAgents-2022’

The default name format is ‘threatFile-$threat_id-yyyy-MM-dd_HHmmss’

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: "threatFile-$threat_id-$( Get-date -Format 'yyyy-MM-dd_HHmmss' )"
Accept pipeline input: False
Accept wildcard characters: False

-filePath

The location to save the file to

Example: ‘C:\Logs’

The default save location is the current working directory

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: $( (Get-Location).Path )
Accept pipeline input: False
Accept wildcard characters: False

-showReport

Open the location where the file was saved to

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

As of 2022-11 Cannot fully validate due to permissions

RELATED LINKS

https://celerium.github.io/SentinelOne-PowerShellWrapper/site/Threats/Export-SentinelOneThreatFiles.html