From 98c438e5de8fbc1fe525f6c4b3932cfef125fe26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jan 2021 19:46:11 +0000 Subject: [PATCH 01/28] Bump System.Text.Json from 5.0.0 to 5.0.1 in /src Bumps [System.Text.Json](https://github.com/dotnet/runtime) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/compare/v5.0.0...v5.0.1) Signed-off-by: dependabot[bot] --- src/mdatp-pwsh.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh.csproj b/src/mdatp-pwsh.csproj index fbfe36a..78f1fa8 100644 --- a/src/mdatp-pwsh.csproj +++ b/src/mdatp-pwsh.csproj @@ -10,7 +10,7 @@ All - + From efdc11fbb7e105ddb31711cc6e91cc793946e1ee Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 20 Jan 2021 11:28:22 -0500 Subject: [PATCH 02/28] Added EndProcessing() --- .../powershell-cmdlets/machine/GetDatpMachineAction.cs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs index 266e8d4..ca60385 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs @@ -70,7 +70,11 @@ protected override void ProcessRecord() } break; } + } + protected override void EndProcessing() + { + base.EndProcessing(); } } } \ No newline at end of file From c01cab4abd08c49cbf0a33ad2377365614897f86 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 20 Jan 2021 11:29:48 -0500 Subject: [PATCH 03/28] Fixed bug for cancelling MSAL authentication. - Sending a close/break signal (ctrl+c or ctrl+break) when authenticating has been fixed and will no longer deadlock the console. - This is a very rudimentary implementation, but tests are working and is throwing the error properly when sending the signal to the async task. --- src/mdatp-pwsh/helpers/mdatp-connect-graph.cs | 32 ++++++++++++++---- .../core/ConnectDatpGraph.cs | 33 ++++++++++++++++--- 2 files changed, 53 insertions(+), 12 deletions(-) diff --git a/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs b/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs index 14951a2..87e5094 100644 --- a/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs +++ b/src/mdatp-pwsh/helpers/mdatp-connect-graph.cs @@ -1,7 +1,9 @@ using System; using System.Linq; +using System.Threading; using System.Threading.Tasks; using System.Collections.Generic; + using Microsoft.Identity.Client; namespace MdatpPwsh @@ -14,7 +16,7 @@ public PublicAuthenticationHelper(IPublicClientApplication app) } private IPublicClientApplication App { get; set; } - public async Task StartAcquire(IEnumerable scopes) + public async Task StartAcquire(IEnumerable scopes, CancellationToken token) { AuthenticationResult result = null; @@ -26,29 +28,45 @@ public async Task StartAcquire(IEnumerable scopes) } else { - result = await GetDeviceCode(scopes); + result = await GetDeviceCode(scopes, token); } return result; } - public async Task GetDeviceCode(IEnumerable scopes) + public async Task GetDeviceCode(IEnumerable scopes, CancellationToken token) { AuthenticationResult result = null; - try { - result = await App.AcquireTokenWithDeviceCode(scopes, + result = await App.AcquireTokenWithDeviceCode( + scopes, deviceCodeCallback => { Console.WriteLine(deviceCodeCallback.Message); - return Task.FromResult(0); - }).ExecuteAsync(); + + Task resultFromTask = null; + if (token.IsCancellationRequested) + { + token.ThrowIfCancellationRequested(); + } + else + { + resultFromTask = Task.FromResult(0); + } + + return resultFromTask; + } + ).ExecuteAsync(token); } catch (MsalServiceException e) { throw e; } + catch (OperationCanceledException e) + { + throw e; + } catch (MsalClientException e) { throw e; diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs index 4b44cb5..1303a19 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.IO; using System.Management.Automation; +using System.Runtime.CompilerServices; using System.Threading; using System.Threading.Tasks; @@ -16,6 +17,8 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommunications.Connect, "DatpGraph")] public class ConnectDatpGraph : DatpCmdlet { + + private CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); protected override void BeginProcessing() { base.BeginProcessing(); @@ -68,17 +71,31 @@ protected override void ProcessRecord() }; AuthenticationResult result = null; - CancellationTokenSource cancellationTokenSource = new CancellationTokenSource(); try { - result = TokenFlow.StartAcquire(scopes).GetAwaiter().GetResult(); + Console.CancelKeyPress += new ConsoleCancelEventHandler(cancelHandler); + CancellationToken token = cancellationTokenSource.Token; + + result = TokenFlow.GetDeviceCode(scopes, token).GetAwaiter().GetResult(); } - catch (System.Exception e) + catch (TaskCanceledException e) { - throw e; + cancellationTokenSource.Dispose(); + + ErrorRecord psErrorRecordObj = new ErrorRecord( + e, + "LoginCancelled", + ErrorCategory.CloseError, + result + ); + + ThrowTerminatingError(psErrorRecordObj); + } + finally + { + cancellationTokenSource.Dispose(); } - cancellationTokenSource = null; DatpSessionClient sessionClient = new DatpSessionClient(new Uri("https://api.securitycenter.microsoft.com/api/v1.0/"), result, app); @@ -90,5 +107,11 @@ protected override void EndProcessing() { base.EndProcessing(); } + + protected void cancelHandler(object sender, ConsoleCancelEventArgs args) + { + cancellationTokenSource.Cancel(); + args.Cancel = true; + } } } \ No newline at end of file From 89afcccb24597b70a843c193787c46a358272d45 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 20 Jan 2021 11:42:11 -0500 Subject: [PATCH 04/28] Updated branding for successful auth. - When successfully authenticating into the API, it will now read 'Defender for Endpoint' instead of 'Defender ATP'. --- src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs index 1303a19..5271f6d 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs @@ -100,7 +100,7 @@ protected override void ProcessRecord() DatpSessionClient sessionClient = new DatpSessionClient(new Uri("https://api.securitycenter.microsoft.com/api/v1.0/"), result, app); SessionState.PSVariable.Set(new PSVariable("DatpSessionClient", sessionClient, ScopedItemOptions.Private)); - WriteObject("You are now connected to the Defender ATP API."); + WriteObject("You are now connected to the Defender for Endpoint API."); } protected override void EndProcessing() From 852d4de5a45cadf92d02a8c4e50ad49d1077be36 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 20 Jan 2021 11:58:16 -0500 Subject: [PATCH 05/28] Removed cancelEventHandler after execution - The CancelEventHandler for when the cancel key is pressed is removed when either an exception is thrown or when the task gracefully exits. --- src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs index 5271f6d..a221cf6 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/ConnectDatpGraph.cs @@ -71,16 +71,18 @@ protected override void ProcessRecord() }; AuthenticationResult result = null; + ConsoleCancelEventHandler cancelEventHandler = new ConsoleCancelEventHandler(cancelHandler); try { - Console.CancelKeyPress += new ConsoleCancelEventHandler(cancelHandler); + Console.CancelKeyPress += cancelEventHandler; CancellationToken token = cancellationTokenSource.Token; result = TokenFlow.GetDeviceCode(scopes, token).GetAwaiter().GetResult(); } catch (TaskCanceledException e) { + Console.CancelKeyPress -= cancelEventHandler; cancellationTokenSource.Dispose(); ErrorRecord psErrorRecordObj = new ErrorRecord( @@ -94,6 +96,7 @@ protected override void ProcessRecord() } finally { + Console.CancelKeyPress -= cancelEventHandler; cancellationTokenSource.Dispose(); } From a1c7cca5571db0d8f93554807789776794439158 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Jan 2021 05:39:02 +0000 Subject: [PATCH 06/28] Bump Microsoft.Identity.Client from 4.24.0 to 4.25.0 in /src Bumps [Microsoft.Identity.Client](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) from 4.24.0 to 4.25.0. - [Release notes](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases) - [Changelog](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/changelog.txt) - [Commits](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/compare/4.24.0...4.25.0) Signed-off-by: dependabot[bot] --- src/mdatp-pwsh.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh.csproj b/src/mdatp-pwsh.csproj index 78f1fa8..ea05770 100644 --- a/src/mdatp-pwsh.csproj +++ b/src/mdatp-pwsh.csproj @@ -6,7 +6,7 @@ - + All From 51fd9f1e330d0b2dae3fc91f10e5e8a47f6d8f21 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 11:35:23 -0500 Subject: [PATCH 07/28] Changed parameter input type - Changed parameter inputs from using List to T[]. --- src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs | 4 ++-- .../powershell-cmdlets/machine/AddDatpMachineTag.cs | 4 ++-- src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs | 4 ++-- .../powershell-cmdlets/machine/GetDatpMachineAlerts.cs | 4 ++-- .../powershell-cmdlets/machine/GetDatpMachineByIp.cs | 4 ++-- .../powershell-cmdlets/machine/GetDatpMachineUsers.cs | 4 ++-- .../powershell-cmdlets/machine/RemoveDatpMachineTag.cs | 4 ++-- .../powershell-cmdlets/machine/SetDatpMachineIsolation.cs | 4 ++-- .../machine/StartDatpInvestigationPkgCollection.cs | 4 ++-- .../powershell-cmdlets/machine/StartDatpMachineScan.cs | 4 ++-- src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs | 4 ++-- src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs | 4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs index ed093c1..6f7144e 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs @@ -17,13 +17,13 @@ public class GetDatpFile : DatpCmdlet Position = 0, Mandatory = true )] - public List FileIdentifier + public string[] FileIdentifier { get { return fileIdentifier; } set { fileIdentifier = value; } } - private List fileIdentifier; + private string[] fileIdentifier; protected override void BeginProcessing() { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs index f8d27b4..8506325 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs @@ -19,12 +19,12 @@ public class AddDatpMachineTag : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs index 0719452..ff572c2 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs @@ -20,12 +20,12 @@ public class GetDatpMachine : DatpCmdlet ParameterSetName = "SingleMachine", ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs index 33a595e..d283b93 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs @@ -18,12 +18,12 @@ public class GetDatpMachineAlerts : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; protected override void BeginProcessing() diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs index 6105e67..bb634e6 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs @@ -17,12 +17,12 @@ public class GetDatpMachineByIp : DatpCmdlet Position = 0, ValueFromPipelineByPropertyName = true )] - public List IpAddress + public string[] IpAddress { get { return ipAddress; } set { ipAddress = value; } } - private List ipAddress; + private string[] ipAddress; public DateTime TimeStamp { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs index 35e0a8b..c3e8246 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs @@ -18,12 +18,12 @@ public class GetDatpMachineUsers : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; protected override void BeginProcessing() { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs index 10f30a1..df86bc7 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs @@ -18,12 +18,12 @@ public class RemoveDatpMachineTag : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs index 1ce1f4d..c1ba45f 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs @@ -18,12 +18,12 @@ public class SetDatpMachineIsolation : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs index e584132..e8fe3ec 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs @@ -18,12 +18,12 @@ public class StartDatpInvestigationPkgCollection : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1, diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs index 9249614..f1e6fac 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs @@ -18,12 +18,12 @@ public class StartDatpMachineScan : DatpCmdlet Mandatory = true, ValueFromPipelineByPropertyName = true )] - public List MachineId + public string[] MachineId { get { return machineId; } set { machineId = value; } } - private List machineId; + private string[] machineId; [Parameter( Position = 1 diff --git a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs index 1b3ba4d..0a9ccd1 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs @@ -17,12 +17,12 @@ public class GetDatpUserAlerts : DatpCmdlet Position = 0, Mandatory = true )] - public List UserName + public string[] UserName { get { return userName; } set { userName = value; } } - private List userName; + private string[] userName; protected override void BeginProcessing() { diff --git a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs index 229d518..97ef054 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs @@ -17,12 +17,12 @@ public class GetDatpUserMachines : DatpCmdlet Position = 0, Mandatory = true )] - public List UserName + public string[] UserName { get { return userName; } set { userName = value; } } - private List userName; + private string[] userName; protected override void BeginProcessing() { From 6ae4c5f96fdc7d8c6b9333a2a0eac4416581eadb Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 11:55:40 -0500 Subject: [PATCH 08/28] Initial commit of auto-generated help --- help-docs/locale/en-us/Add-DatpMachineTag.md | 75 ++++++++++ help-docs/locale/en-us/Connect-DatpGraph.md | 45 ++++++ help-docs/locale/en-us/Get-DatpAlert.md | 82 ++++++++++ .../locale/en-us/Get-DatpDomainRelated.md | 76 ++++++++++ help-docs/locale/en-us/Get-DatpDomainStats.md | 60 ++++++++ help-docs/locale/en-us/Get-DatpFile.md | 60 ++++++++ help-docs/locale/en-us/Get-DatpFileAlerts.md | 60 ++++++++ .../locale/en-us/Get-DatpFileMachines.md | 60 ++++++++ help-docs/locale/en-us/Get-DatpFileStats.md | 60 ++++++++ help-docs/locale/en-us/Get-DatpMachine.md | 81 ++++++++++ .../locale/en-us/Get-DatpMachineAction.md | 81 ++++++++++ .../locale/en-us/Get-DatpMachineAlerts.md | 60 ++++++++ help-docs/locale/en-us/Get-DatpMachineByIp.md | 60 ++++++++ .../locale/en-us/Get-DatpMachineUsers.md | 60 ++++++++ .../locale/en-us/Get-DatpSessionClient.md | 45 ++++++ help-docs/locale/en-us/Get-DatpUserAlerts.md | 60 ++++++++ .../locale/en-us/Get-DatpUserMachines.md | 60 ++++++++ .../locale/en-us/Out-DatpInvestigationPkg.md | 75 ++++++++++ .../locale/en-us/Remove-DatpMachineTag.md | 75 ++++++++++ .../locale/en-us/Set-DatpMachineIsolation.md | 92 ++++++++++++ .../locale/en-us/Set-DatpModuleConfig.md | 75 ++++++++++ .../Start-DatpInvestigationPkgCollection.md | 75 ++++++++++ .../locale/en-us/Start-DatpMachineScan.md | 91 ++++++++++++ help-docs/locale/en-us/Update-DatpAlert.md | 140 ++++++++++++++++++ 24 files changed, 1708 insertions(+) create mode 100644 help-docs/locale/en-us/Add-DatpMachineTag.md create mode 100644 help-docs/locale/en-us/Connect-DatpGraph.md create mode 100644 help-docs/locale/en-us/Get-DatpAlert.md create mode 100644 help-docs/locale/en-us/Get-DatpDomainRelated.md create mode 100644 help-docs/locale/en-us/Get-DatpDomainStats.md create mode 100644 help-docs/locale/en-us/Get-DatpFile.md create mode 100644 help-docs/locale/en-us/Get-DatpFileAlerts.md create mode 100644 help-docs/locale/en-us/Get-DatpFileMachines.md create mode 100644 help-docs/locale/en-us/Get-DatpFileStats.md create mode 100644 help-docs/locale/en-us/Get-DatpMachine.md create mode 100644 help-docs/locale/en-us/Get-DatpMachineAction.md create mode 100644 help-docs/locale/en-us/Get-DatpMachineAlerts.md create mode 100644 help-docs/locale/en-us/Get-DatpMachineByIp.md create mode 100644 help-docs/locale/en-us/Get-DatpMachineUsers.md create mode 100644 help-docs/locale/en-us/Get-DatpSessionClient.md create mode 100644 help-docs/locale/en-us/Get-DatpUserAlerts.md create mode 100644 help-docs/locale/en-us/Get-DatpUserMachines.md create mode 100644 help-docs/locale/en-us/Out-DatpInvestigationPkg.md create mode 100644 help-docs/locale/en-us/Remove-DatpMachineTag.md create mode 100644 help-docs/locale/en-us/Set-DatpMachineIsolation.md create mode 100644 help-docs/locale/en-us/Set-DatpModuleConfig.md create mode 100644 help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md create mode 100644 help-docs/locale/en-us/Start-DatpMachineScan.md create mode 100644 help-docs/locale/en-us/Update-DatpAlert.md diff --git a/help-docs/locale/en-us/Add-DatpMachineTag.md b/help-docs/locale/en-us/Add-DatpMachineTag.md new file mode 100644 index 0000000..aa50cf8 --- /dev/null +++ b/help-docs/locale/en-us/Add-DatpMachineTag.md @@ -0,0 +1,75 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Add-DatpMachineTag + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Add-DatpMachineTag [-MachineId] [-TagName] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TagName +{{ Fill TagName Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Connect-DatpGraph.md b/help-docs/locale/en-us/Connect-DatpGraph.md new file mode 100644 index 0000000..e0b10a8 --- /dev/null +++ b/help-docs/locale/en-us/Connect-DatpGraph.md @@ -0,0 +1,45 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Connect-DatpGraph + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Connect-DatpGraph [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpAlert.md b/help-docs/locale/en-us/Get-DatpAlert.md new file mode 100644 index 0000000..fc926c9 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpAlert.md @@ -0,0 +1,82 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpAlert + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### ListAlerts +``` +Get-DatpAlert [[-AlertStatus] ] [] +``` + +### GetAlert +``` +Get-DatpAlert [[-AlertId] ] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -AlertId +{{ Fill AlertId Description }} + +```yaml +Type: String +Parameter Sets: GetAlert +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AlertStatus +{{ Fill AlertStatus Description }} + +```yaml +Type: AlertStatus +Parameter Sets: ListAlerts +Aliases: +Accepted values: InProgress, New, Resolved, Unknown + +Required: False +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainRelated.md b/help-docs/locale/en-us/Get-DatpDomainRelated.md new file mode 100644 index 0000000..859c679 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpDomainRelated.md @@ -0,0 +1,76 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpDomainRelated + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpDomainRelated [-DomainName] [[-Type] ] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DomainName +{{ Fill DomainName Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Type +{{ Fill Type Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Alerts, Machines + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainStats.md b/help-docs/locale/en-us/Get-DatpDomainStats.md new file mode 100644 index 0000000..eb8823d --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpDomainStats.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpDomainStats + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpDomainStats [-DomainName] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -DomainName +{{ Fill DomainName Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md new file mode 100644 index 0000000..0f2396a --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFile + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpFile [-FileIdentifier] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -FileIdentifier +{{ Fill FileIdentifier Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md new file mode 100644 index 0000000..097c064 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFileAlerts + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpFileAlerts [-FileIdentifier] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -FileIdentifier +{{ Fill FileIdentifier Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md new file mode 100644 index 0000000..11f5b8c --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFileMachines + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpFileMachines [-FileIdentifier] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -FileIdentifier +{{ Fill FileIdentifier Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md new file mode 100644 index 0000000..b29a36f --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpFileStats + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpFileStats [-FileIdentifier] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -FileIdentifier +{{ Fill FileIdentifier Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md new file mode 100644 index 0000000..1e2f403 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -0,0 +1,81 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachine + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### SingleMachine +``` +Get-DatpMachine [[-MachineId] ] [] +``` + +### AllMachines +``` +Get-DatpMachine [-AllMachines] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -AllMachines +{{ Fill AllMachines Description }} + +```yaml +Type: SwitchParameter +Parameter Sets: AllMachines +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: SingleMachine +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md new file mode 100644 index 0000000..9813e61 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -0,0 +1,81 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineAction + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +### SingleActivity +``` +Get-DatpMachineAction [[-ActivityId] ] [] +``` + +### AllActivities +``` +Get-DatpMachineAction [-AllActivities] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -ActivityId +{{ Fill ActivityId Description }} + +```yaml +Type: String +Parameter Sets: SingleActivity +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -AllActivities +{{ Fill AllActivities Description }} + +```yaml +Type: SwitchParameter +Parameter Sets: AllActivities +Aliases: + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md new file mode 100644 index 0000000..60041ae --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineAlerts + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpMachineAlerts [-MachineId] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineByIp.md b/help-docs/locale/en-us/Get-DatpMachineByIp.md new file mode 100644 index 0000000..bacce74 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineByIp.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineByIp + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpMachineByIp [[-IpAddress] ] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -IpAddress +{{ Fill IpAddress Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md new file mode 100644 index 0000000..bc10537 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpMachineUsers + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpMachineUsers [-MachineId] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpSessionClient.md b/help-docs/locale/en-us/Get-DatpSessionClient.md new file mode 100644 index 0000000..39003fe --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpSessionClient.md @@ -0,0 +1,45 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpSessionClient + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpSessionClient [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md new file mode 100644 index 0000000..9982519 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpUserAlerts + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpUserAlerts [-UserName] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -UserName +{{ Fill UserName Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md new file mode 100644 index 0000000..cc1b8b8 --- /dev/null +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -0,0 +1,60 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Get-DatpUserMachines + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Get-DatpUserMachines [-UserName] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -UserName +{{ Fill UserName Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md new file mode 100644 index 0000000..cd4d44d --- /dev/null +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -0,0 +1,75 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Out-DatpInvestigationPkg + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Out-DatpInvestigationPkg [-ActivityId] [-FolderPath] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -ActivityId +{{ Fill ActivityId Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -FolderPath +{{ Fill FolderPath Description }} + +```yaml +Type: DirectoryInfo +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md new file mode 100644 index 0000000..efd264c --- /dev/null +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -0,0 +1,75 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Remove-DatpMachineTag + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Remove-DatpMachineTag [-MachineId] [-TagName] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -TagName +{{ Fill TagName Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpMachineIsolation.md b/help-docs/locale/en-us/Set-DatpMachineIsolation.md new file mode 100644 index 0000000..b6afa61 --- /dev/null +++ b/help-docs/locale/en-us/Set-DatpMachineIsolation.md @@ -0,0 +1,92 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Set-DatpMachineIsolation + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Set-DatpMachineIsolation [-MachineId] [-Comment] [-IsolationType] + [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -Comment +{{ Fill Comment Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IsolationType +{{ Fill IsolationType Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Full Isolation, Selective Isolation, Release Isolation + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md new file mode 100644 index 0000000..7257af8 --- /dev/null +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -0,0 +1,75 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Set-DatpModuleConfig + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Set-DatpModuleConfig [-PublicClientAppId] [-TenantId] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -PublicClientAppId +{{ Fill PublicClientAppId Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -TenantId +{{ Fill TenantId Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md new file mode 100644 index 0000000..a25fccb --- /dev/null +++ b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md @@ -0,0 +1,75 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Start-DatpInvestigationPkgCollection + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Start-DatpInvestigationPkgCollection [-MachineId] [-Comment] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -Comment +{{ Fill Comment Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md new file mode 100644 index 0000000..cc7acf9 --- /dev/null +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -0,0 +1,91 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Start-DatpMachineScan + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Start-DatpMachineScan [-MachineId] [[-ScanType] ] [-Comment] [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -Comment +{{ Fill Comment Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -MachineId +{{ Fill MachineId Description }} + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ScanType +{{ Fill ScanType Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: +Accepted values: Quick, Full + +Required: False +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String[] + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS diff --git a/help-docs/locale/en-us/Update-DatpAlert.md b/help-docs/locale/en-us/Update-DatpAlert.md new file mode 100644 index 0000000..65e9b65 --- /dev/null +++ b/help-docs/locale/en-us/Update-DatpAlert.md @@ -0,0 +1,140 @@ +--- +external help file: MdatpPwsh.dll-Help.xml +Module Name: mdatp-pwsh +online version: +schema: 2.0.0 +--- + +# Update-DatpAlert + +## SYNOPSIS +{{ Fill in the Synopsis }} + +## SYNTAX + +``` +Update-DatpAlert [-AlertId] [-Status] [-AssignedTo] + [-Classification] [-Determination] [-Comment] + [] +``` + +## DESCRIPTION +{{ Fill in the Description }} + +## EXAMPLES + +### Example 1 +```powershell +PS C:\> {{ Add example code here }} +``` + +{{ Add example description here }} + +## PARAMETERS + +### -AlertId +{{ Fill AlertId Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -AssignedTo +{{ Fill AssignedTo Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 2 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Classification +{{ Fill Classification Description }} + +```yaml +Type: AlertClassification +Parameter Sets: (All) +Aliases: +Accepted values: Unknown, FalsePositive, TruePositive + +Required: True +Position: 3 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Comment +{{ Fill Comment Description }} + +```yaml +Type: String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 5 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Determination +{{ Fill Determination Description }} + +```yaml +Type: AlertDetermination +Parameter Sets: (All) +Aliases: +Accepted values: NotAvailable, Apt, Malware, SecurityPersonnel, SecurityTesting, UnwantedSoftware, Other + +Required: True +Position: 4 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Status +{{ Fill Status Description }} + +```yaml +Type: AlertStatus +Parameter Sets: (All) +Aliases: +Accepted values: InProgress, New, Resolved, Unknown + +Required: True +Position: 1 +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### None + +## OUTPUTS + +### System.Object +## NOTES + +## RELATED LINKS From 6d8e6b6055976dc9b8050514b96cbe64e98fe070 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 12:32:25 -0500 Subject: [PATCH 09/28] Added basic information about the parameters --- help-docs/compiled/MdatpPwsh.dll-Help.xml | 2319 +++++++++++++++++ help-docs/locale/en-us/Add-DatpMachineTag.md | 12 +- help-docs/locale/en-us/Connect-DatpGraph.md | 13 +- help-docs/locale/en-us/Get-DatpAlert.md | 8 +- help-docs/locale/en-us/Get-DatpDomainStats.md | 6 +- help-docs/locale/en-us/Get-DatpFile.md | 6 +- help-docs/locale/en-us/Get-DatpFileAlerts.md | 2 +- .../locale/en-us/Get-DatpFileMachines.md | 2 +- help-docs/locale/en-us/Get-DatpFileStats.md | 2 +- help-docs/locale/en-us/Get-DatpMachine.md | 4 +- .../locale/en-us/Get-DatpMachineAction.md | 4 +- .../locale/en-us/Get-DatpMachineAlerts.md | 2 +- help-docs/locale/en-us/Get-DatpMachineByIp.md | 2 +- .../locale/en-us/Get-DatpMachineUsers.md | 2 +- help-docs/locale/en-us/Get-DatpUserAlerts.md | 2 +- .../locale/en-us/Get-DatpUserMachines.md | 2 +- .../locale/en-us/Out-DatpInvestigationPkg.md | 2 +- .../locale/en-us/Remove-DatpMachineTag.md | 4 +- .../locale/en-us/Set-DatpMachineIsolation.md | 6 +- .../locale/en-us/Set-DatpModuleConfig.md | 4 +- .../Start-DatpInvestigationPkgCollection.md | 4 +- .../locale/en-us/Start-DatpMachineScan.md | 6 +- 22 files changed, 2362 insertions(+), 52 deletions(-) create mode 100644 help-docs/compiled/MdatpPwsh.dll-Help.xml diff --git a/help-docs/compiled/MdatpPwsh.dll-Help.xml b/help-docs/compiled/MdatpPwsh.dll-Help.xml new file mode 100644 index 0000000..fcb0e42 --- /dev/null +++ b/help-docs/compiled/MdatpPwsh.dll-Help.xml @@ -0,0 +1,2319 @@ + + + + + Add-DatpMachineTag + Add + DatpMachineTag + + Add a tag to a machine. + + + + Add a tag to a machine in Defender for Endpoint. + + + + Add-DatpMachineTag + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + TagName + + The name of the tag to add. + + String + + String + + + None + + + + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + TagName + + The name of the tag to add. + + String + + String + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> Add-DatpMachineTag -MachineId "comp-01.contoso.com" -TagName "TestTag-01" + + Add a tag to the machine 'comp-01.contoso.com' with the name 'TestTag-01'. + + + + + + + + Connect-DatpGraph + Connect + DatpGraph + + Connect to the Defender for Endpoint API. + + + + Initiates the authentication process to connect to the Defender for Endpoint API. + + + + Connect-DatpGraph + + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + + + + Get-DatpAlert + Get + DatpAlert + + Get an alert or alerts from Defender for Endpoint. + + + + Get an alert or all alerts of a specific status from the Defender for Endpoint API. + + + + Get-DatpAlert + + AlertId + + The ID of an alert generated by Defender for Endpoint. + + String + + String + + + None + + + + Get-DatpAlert + + AlertStatus + + The current status of the alerts to get. + + + InProgress + New + Resolved + Unknown + + AlertStatus + + AlertStatus + + + None + + + + + + AlertId + + The ID of an alert generated by Defender for Endpoint. + + String + + String + + + None + + + AlertStatus + + The current status of the alerts to get. + + AlertStatus + + AlertStatus + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpDomainRelated + Get + DatpDomainRelated + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpDomainRelated + + DomainName + + {{ Fill DomainName Description }} + + String + + String + + + None + + + Type + + {{ Fill Type Description }} + + + Alerts + Machines + + String + + String + + + None + + + + + + DomainName + + {{ Fill DomainName Description }} + + String + + String + + + None + + + Type + + {{ Fill Type Description }} + + String + + String + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpDomainStats + Get + DatpDomainStats + + Get the stats of a domain in Defender for Endpoint. + + + + Get the stats of a domain in Defender for Endpoint with how often it has been seen in your organization and worldwide. + + + + Get-DatpDomainStats + + DomainName + + The domain name to get stats for. + + String + + String + + + None + + + + + + DomainName + + The domain name to get stats for. + + String + + String + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpFile + Get + DatpFile + + Get a file seen by Defender for Endpoint. + + + + Get information about a file that has been by Defender for Endpoint. + + + + Get-DatpFile + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String[] + + String[] + + + None + + + + + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String[] + + String[] + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpFileAlerts + Get + DatpFileAlerts + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpFileAlerts + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String + + String + + + None + + + + + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String + + String + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpFileMachines + Get + DatpFileMachines + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpFileMachines + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String + + String + + + None + + + + + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String + + String + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpFileStats + Get + DatpFileStats + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpFileStats + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String + + String + + + None + + + + + + FileIdentifier + + The SHA1 or SHA256 hash of the file. + + String + + String + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpMachine + Get + DatpMachine + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpMachine + + AllMachines + + Get all machines. + + + SwitchParameter + + + False + + + + Get-DatpMachine + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + AllMachines + + Get all machines. + + SwitchParameter + + SwitchParameter + + + False + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpMachineAction + Get + DatpMachineAction + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpMachineAction + + ActivityId + + The Activity ID for the action. + + String + + String + + + None + + + + Get-DatpMachineAction + + AllActivities + + Get all activities created. + + + SwitchParameter + + + False + + + + + + ActivityId + + The Activity ID for the action. + + String + + String + + + None + + + AllActivities + + Get all activities created. + + SwitchParameter + + SwitchParameter + + + False + + + + + + System.String + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpMachineAlerts + Get + DatpMachineAlerts + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpMachineAlerts + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpMachineByIp + Get + DatpMachineByIp + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpMachineByIp + + IpAddress + + The IP address to search for. + + String[] + + String[] + + + None + + + + + + IpAddress + + The IP address to search for. + + String[] + + String[] + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpMachineUsers + Get + DatpMachineUsers + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpMachineUsers + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpSessionClient + Get + DatpSessionClient + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpSessionClient + + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpUserAlerts + Get + DatpUserAlerts + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpUserAlerts + + UserName + + The username to search for. + + String[] + + String[] + + + None + + + + + + UserName + + The username to search for. + + String[] + + String[] + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Get-DatpUserMachines + Get + DatpUserMachines + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Get-DatpUserMachines + + UserName + + The username to search for. + + String[] + + String[] + + + None + + + + + + UserName + + The username to search for. + + String[] + + String[] + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Out-DatpInvestigationPkg + Out + DatpInvestigationPkg + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Out-DatpInvestigationPkg + + ActivityId + + The Activity ID for the "Collect investigation package" action. + + String + + String + + + None + + + FolderPath + + {{ Fill FolderPath Description }} + + DirectoryInfo + + DirectoryInfo + + + None + + + + + + ActivityId + + The Activity ID for the "Collect investigation package" action. + + String + + String + + + None + + + FolderPath + + {{ Fill FolderPath Description }} + + DirectoryInfo + + DirectoryInfo + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Remove-DatpMachineTag + Remove + DatpMachineTag + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Remove-DatpMachineTag + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + TagName + + The name of the tag to remove. + + String + + String + + + None + + + + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + TagName + + The name of the tag to remove. + + String + + String + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Set-DatpMachineIsolation + Set + DatpMachineIsolation + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Set-DatpMachineIsolation + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + Comment + + A message explaining why the action must be done. + + String + + String + + + None + + + IsolationType + + The type of isolation to perform on the machine. + + + Full Isolation + Selective Isolation + Release Isolation + + String + + String + + + None + + + + + + Comment + + A message explaining why the action must be done. + + String + + String + + + None + + + IsolationType + + The type of isolation to perform on the machine. + + String + + String + + + None + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Set-DatpModuleConfig + Set + DatpModuleConfig + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Set-DatpModuleConfig + + PublicClientAppId + + The ClientID for the registered Azure AD app in your tenant. + + String + + String + + + None + + + TenantId + + The ID for your Azure AD tenant. + + String + + String + + + None + + + + + + PublicClientAppId + + The ClientID for the registered Azure AD app in your tenant. + + String + + String + + + None + + + TenantId + + The ID for your Azure AD tenant. + + String + + String + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Start-DatpInvestigationPkgCollection + Start + DatpInvestigationPkgCollection + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Start-DatpInvestigationPkgCollection + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + Comment + + A message explaining why the action must be done. + + String + + String + + + None + + + + + + Comment + + A message explaining why the action must be done. + + String + + String + + + None + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Start-DatpMachineScan + Start + DatpMachineScan + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Start-DatpMachineScan + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + ScanType + + The type of scan to perform. + + + Quick + Full + + String + + String + + + None + + + Comment + + A message explaining why the action must be done. + + String + + String + + + None + + + + + + Comment + + A message explaining why the action must be done. + + String + + String + + + None + + + MachineId + + The ID or the FQDN of the machine. + + String[] + + String[] + + + None + + + ScanType + + The type of scan to perform. + + String + + String + + + None + + + + + + System.String[] + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + + + Update-DatpAlert + Update + DatpAlert + + {{ Fill in the Synopsis }} + + + + {{ Fill in the Description }} + + + + Update-DatpAlert + + AlertId + + {{ Fill AlertId Description }} + + String + + String + + + None + + + Status + + {{ Fill Status Description }} + + + InProgress + New + Resolved + Unknown + + AlertStatus + + AlertStatus + + + None + + + AssignedTo + + {{ Fill AssignedTo Description }} + + String + + String + + + None + + + Classification + + {{ Fill Classification Description }} + + + Unknown + FalsePositive + TruePositive + + AlertClassification + + AlertClassification + + + None + + + Determination + + {{ Fill Determination Description }} + + + NotAvailable + Apt + Malware + SecurityPersonnel + SecurityTesting + UnwantedSoftware + Other + + AlertDetermination + + AlertDetermination + + + None + + + Comment + + {{ Fill Comment Description }} + + String + + String + + + None + + + + + + AlertId + + {{ Fill AlertId Description }} + + String + + String + + + None + + + AssignedTo + + {{ Fill AssignedTo Description }} + + String + + String + + + None + + + Classification + + {{ Fill Classification Description }} + + AlertClassification + + AlertClassification + + + None + + + Comment + + {{ Fill Comment Description }} + + String + + String + + + None + + + Determination + + {{ Fill Determination Description }} + + AlertDetermination + + AlertDetermination + + + None + + + Status + + {{ Fill Status Description }} + + AlertStatus + + AlertStatus + + + None + + + + + + None + + + + + + + + + + System.Object + + + + + + + + + + + + + + -------------------------- Example 1 -------------------------- + PS C:\> {{ Add example code here }} + + {{ Add example description here }} + + + + + + \ No newline at end of file diff --git a/help-docs/locale/en-us/Add-DatpMachineTag.md b/help-docs/locale/en-us/Add-DatpMachineTag.md index aa50cf8..42540f5 100644 --- a/help-docs/locale/en-us/Add-DatpMachineTag.md +++ b/help-docs/locale/en-us/Add-DatpMachineTag.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Add-DatpMachineTag ## SYNOPSIS -{{ Fill in the Synopsis }} +Add a tag to a machine. ## SYNTAX @@ -17,21 +17,21 @@ Add-DatpMachineTag [-MachineId] [-TagName] [ {{ Add example code here }} +PS C:\> Add-DatpMachineTag -MachineId "comp-01.contoso.com" -TagName "TestTag-01" ``` -{{ Add example description here }} +Add a tag to the machine 'comp-01.contoso.com' with the name 'TestTag-01'. ## PARAMETERS ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] @@ -46,7 +46,7 @@ Accept wildcard characters: False ``` ### -TagName -{{ Fill TagName Description }} +The name of the tag to add. ```yaml Type: String diff --git a/help-docs/locale/en-us/Connect-DatpGraph.md b/help-docs/locale/en-us/Connect-DatpGraph.md index e0b10a8..7ba6e63 100644 --- a/help-docs/locale/en-us/Connect-DatpGraph.md +++ b/help-docs/locale/en-us/Connect-DatpGraph.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Connect-DatpGraph ## SYNOPSIS -{{ Fill in the Synopsis }} +Connect to the Defender for Endpoint API. ## SYNTAX @@ -17,16 +17,7 @@ Connect-DatpGraph [] ``` ## DESCRIPTION -{{ Fill in the Description }} - -## EXAMPLES - -### Example 1 -```powershell -PS C:\> {{ Add example code here }} -``` - -{{ Add example description here }} +Initiates the authentication process to connect to the Defender for Endpoint API. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpAlert.md b/help-docs/locale/en-us/Get-DatpAlert.md index fc926c9..7c9f469 100644 --- a/help-docs/locale/en-us/Get-DatpAlert.md +++ b/help-docs/locale/en-us/Get-DatpAlert.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpAlert ## SYNOPSIS -{{ Fill in the Synopsis }} +Get an alert or alerts from Defender for Endpoint. ## SYNTAX @@ -23,7 +23,7 @@ Get-DatpAlert [[-AlertId] ] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get an alert or all alerts of a specific status from the Defender for Endpoint API. ## EXAMPLES @@ -37,7 +37,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -AlertId -{{ Fill AlertId Description }} +The ID of an alert generated by Defender for Endpoint. ```yaml Type: String @@ -52,7 +52,7 @@ Accept wildcard characters: False ``` ### -AlertStatus -{{ Fill AlertStatus Description }} +The current status of the alerts to get. ```yaml Type: AlertStatus diff --git a/help-docs/locale/en-us/Get-DatpDomainStats.md b/help-docs/locale/en-us/Get-DatpDomainStats.md index eb8823d..99fb039 100644 --- a/help-docs/locale/en-us/Get-DatpDomainStats.md +++ b/help-docs/locale/en-us/Get-DatpDomainStats.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpDomainStats ## SYNOPSIS -{{ Fill in the Synopsis }} +Get the stats of a domain in Defender for Endpoint. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpDomainStats [-DomainName] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get the stats of a domain in Defender for Endpoint with how often it has been seen in your organization and worldwide. ## EXAMPLES @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -DomainName -{{ Fill DomainName Description }} +The domain name to get stats for. ```yaml Type: String diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md index 0f2396a..d406b95 100644 --- a/help-docs/locale/en-us/Get-DatpFile.md +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpFile ## SYNOPSIS -{{ Fill in the Synopsis }} +Get a file seen by Defender for Endpoint. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpFile [-FileIdentifier] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get information about a file that has been by Defender for Endpoint. ## EXAMPLES @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -FileIdentifier -{{ Fill FileIdentifier Description }} +The SHA1 or SHA256 hash of the file. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md index 097c064..12138aa 100644 --- a/help-docs/locale/en-us/Get-DatpFileAlerts.md +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -FileIdentifier -{{ Fill FileIdentifier Description }} +The SHA1 or SHA256 hash of the file. ```yaml Type: String diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md index 11f5b8c..3b0d4ed 100644 --- a/help-docs/locale/en-us/Get-DatpFileMachines.md +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -FileIdentifier -{{ Fill FileIdentifier Description }} +The SHA1 or SHA256 hash of the file. ```yaml Type: String diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md index b29a36f..6139877 100644 --- a/help-docs/locale/en-us/Get-DatpFileStats.md +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -FileIdentifier -{{ Fill FileIdentifier Description }} +The SHA1 or SHA256 hash of the file. ```yaml Type: String diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md index 1e2f403..c1d1e06 100644 --- a/help-docs/locale/en-us/Get-DatpMachine.md +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -37,7 +37,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -AllMachines -{{ Fill AllMachines Description }} +Get all machines. ```yaml Type: SwitchParameter @@ -52,7 +52,7 @@ Accept wildcard characters: False ``` ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md index 9813e61..a4aedb4 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAction.md +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -37,7 +37,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -ActivityId -{{ Fill ActivityId Description }} +The Activity ID for the action. ```yaml Type: String @@ -52,7 +52,7 @@ Accept wildcard characters: False ``` ### -AllActivities -{{ Fill AllActivities Description }} +Get all activities created. ```yaml Type: SwitchParameter diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md index 60041ae..3f77dd9 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAlerts.md +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Get-DatpMachineByIp.md b/help-docs/locale/en-us/Get-DatpMachineByIp.md index bacce74..f83a3c1 100644 --- a/help-docs/locale/en-us/Get-DatpMachineByIp.md +++ b/help-docs/locale/en-us/Get-DatpMachineByIp.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -IpAddress -{{ Fill IpAddress Description }} +The IP address to search for. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md index bc10537..e0865af 100644 --- a/help-docs/locale/en-us/Get-DatpMachineUsers.md +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md index 9982519..ca9f307 100644 --- a/help-docs/locale/en-us/Get-DatpUserAlerts.md +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -UserName -{{ Fill UserName Description }} +The username to search for. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md index cc1b8b8..ea3f2fd 100644 --- a/help-docs/locale/en-us/Get-DatpUserMachines.md +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -UserName -{{ Fill UserName Description }} +The username to search for. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md index cd4d44d..c38660a 100644 --- a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -ActivityId -{{ Fill ActivityId Description }} +The Activity ID for the "Collect investigation package" action. ```yaml Type: String diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md index efd264c..8fc6986 100644 --- a/help-docs/locale/en-us/Remove-DatpMachineTag.md +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] @@ -46,7 +46,7 @@ Accept wildcard characters: False ``` ### -TagName -{{ Fill TagName Description }} +The name of the tag to remove. ```yaml Type: String diff --git a/help-docs/locale/en-us/Set-DatpMachineIsolation.md b/help-docs/locale/en-us/Set-DatpMachineIsolation.md index b6afa61..65b6fb9 100644 --- a/help-docs/locale/en-us/Set-DatpMachineIsolation.md +++ b/help-docs/locale/en-us/Set-DatpMachineIsolation.md @@ -32,7 +32,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -Comment -{{ Fill Comment Description }} +A message explaining why the action must be done. ```yaml Type: String @@ -47,7 +47,7 @@ Accept wildcard characters: False ``` ### -IsolationType -{{ Fill IsolationType Description }} +The type of isolation to perform on the machine. ```yaml Type: String @@ -63,7 +63,7 @@ Accept wildcard characters: False ``` ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md index 7257af8..158441f 100644 --- a/help-docs/locale/en-us/Set-DatpModuleConfig.md +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -PublicClientAppId -{{ Fill PublicClientAppId Description }} +The ClientID for the registered Azure AD app in your tenant. ```yaml Type: String @@ -46,7 +46,7 @@ Accept wildcard characters: False ``` ### -TenantId -{{ Fill TenantId Description }} +The ID for your Azure AD tenant. ```yaml Type: String diff --git a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md index a25fccb..33e1fa0 100644 --- a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md +++ b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -Comment -{{ Fill Comment Description }} +A message explaining why the action must be done. ```yaml Type: String @@ -46,7 +46,7 @@ Accept wildcard characters: False ``` ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md index cc7acf9..9852997 100644 --- a/help-docs/locale/en-us/Start-DatpMachineScan.md +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -31,7 +31,7 @@ PS C:\> {{ Add example code here }} ## PARAMETERS ### -Comment -{{ Fill Comment Description }} +A message explaining why the action must be done. ```yaml Type: String @@ -46,7 +46,7 @@ Accept wildcard characters: False ``` ### -MachineId -{{ Fill MachineId Description }} +The ID or the FQDN of the machine. ```yaml Type: String[] @@ -61,7 +61,7 @@ Accept wildcard characters: False ``` ### -ScanType -{{ Fill ScanType Description }} +The type of scan to perform. ```yaml Type: String From 0e99f611add635ef14a4158b49e93dbf979b2273 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 12:43:10 -0500 Subject: [PATCH 10/28] Fixed missing "EXAMPLES" section --- help-docs/locale/en-us/Connect-DatpGraph.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/help-docs/locale/en-us/Connect-DatpGraph.md b/help-docs/locale/en-us/Connect-DatpGraph.md index 7ba6e63..96809ec 100644 --- a/help-docs/locale/en-us/Connect-DatpGraph.md +++ b/help-docs/locale/en-us/Connect-DatpGraph.md @@ -19,6 +19,8 @@ Connect-DatpGraph [] ## DESCRIPTION Initiates the authentication process to connect to the Defender for Endpoint API. +## EXAMPLES + ## PARAMETERS ### CommonParameters From 2e9da552c33b876e06cb58a882ce469dcd5325a3 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 12:43:49 -0500 Subject: [PATCH 11/28] Added help file compilation to build --- BuildModule.ps1 | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/BuildModule.ps1 b/BuildModule.ps1 index 0f5d0af..cc2a727 100644 --- a/BuildModule.ps1 +++ b/BuildModule.ps1 @@ -8,6 +8,14 @@ $ScriptLocation = $PSScriptRoot $csProjectDir = [System.IO.Path]::Combine($ScriptLocation, "src\") $csProjectPublishDir = [System.IO.Path]::Combine($csProjectDir, "bin\", "Debug\", "netstandard2.1\", "publish\") +$helpDocsDir = [System.IO.Path]::Combine($ScriptLocation, "help-docs\") +$enusHelpDocs = [System.IO.Path]::Combine($helpDocsDir, "locale\", "en-us\") +$compiledHelpDir = [System.IO.Path]::Combine($helpDocsDir, "compiled\") +$compiledHelpFile = [System.IO.Path]::Combine($compiledHelpDir, "MdatpPwsh.dll-Help.xml") + +Import-Module -Name "platyPS" +New-ExternalHelp -Path $enusHelpDocs -OutputPath $compiledHelpDir -Force + $buildDir = [System.IO.Path]::Combine($ScriptLocation, "build\") $buildModuleDir = [System.IO.Path]::Combine($buildDir, "mdatp-pwsh\") @@ -18,7 +26,8 @@ $filesToCopy = [System.Collections.Generic.List[string[]]]@( ([System.IO.Path]::Combine($ScriptLocation, "module-manifest\", "mdatp-pwsh.psd1")), ([System.IO.Path]::Combine($csProjectPublishDir, "MdatpPwsh.dll")), ([System.IO.Path]::Combine($csProjectPublishDir, "Microsoft.Identity.Client.dll")), - ([System.IO.Path]::Combine($csProjectPublishDir, "System.Text.Json.dll")) + ([System.IO.Path]::Combine($csProjectPublishDir, "System.Text.Json.dll")), + $compiledHelpFile ) Push-Location -Path $csProjectDir From 31b9aaeb37c255bc13e74cd2383d1f823d519497 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 12:58:10 -0500 Subject: [PATCH 12/28] Added basic synopsis/description to help --- help-docs/locale/en-us/Get-DatpFileAlerts.md | 4 ++-- help-docs/locale/en-us/Get-DatpFileMachines.md | 4 ++-- help-docs/locale/en-us/Get-DatpFileStats.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachine.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachineAction.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachineAlerts.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachineByIp.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachineUsers.md | 4 ++-- help-docs/locale/en-us/Get-DatpSessionClient.md | 4 ++-- help-docs/locale/en-us/Get-DatpUserAlerts.md | 4 ++-- help-docs/locale/en-us/Get-DatpUserMachines.md | 4 ++-- help-docs/locale/en-us/Out-DatpInvestigationPkg.md | 4 ++-- help-docs/locale/en-us/Remove-DatpMachineTag.md | 4 ++-- help-docs/locale/en-us/Set-DatpMachineIsolation.md | 4 ++-- help-docs/locale/en-us/Set-DatpModuleConfig.md | 4 ++-- .../locale/en-us/Start-DatpInvestigationPkgCollection.md | 4 ++-- help-docs/locale/en-us/Start-DatpMachineScan.md | 4 ++-- 17 files changed, 34 insertions(+), 34 deletions(-) diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md index 12138aa..31458af 100644 --- a/help-docs/locale/en-us/Get-DatpFileAlerts.md +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpFileAlerts ## SYNOPSIS -{{ Fill in the Synopsis }} +Get alerts related to a file identifier. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpFileAlerts [-FileIdentifier] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get alerts seen in your organization related to a file's SHA1 or SHA256 hash. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md index 3b0d4ed..c96a7b1 100644 --- a/help-docs/locale/en-us/Get-DatpFileMachines.md +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpFileMachines ## SYNOPSIS -{{ Fill in the Synopsis }} +Get machines that have seen a file. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpFileMachines [-FileIdentifier] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get machines that have been registered to have seen a file's SHA1 or SHA256 hash. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md index 6139877..8529a99 100644 --- a/help-docs/locale/en-us/Get-DatpFileStats.md +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpFileStats ## SYNOPSIS -{{ Fill in the Synopsis }} +Get the stats of a file. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpFileStats [-FileIdentifier] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get stats on a file with how much it has been seen in your organization and worldwide. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md index c1d1e06..b11c7db 100644 --- a/help-docs/locale/en-us/Get-DatpMachine.md +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpMachine ## SYNOPSIS -{{ Fill in the Synopsis }} +Get a machine from Defender for Endpoint. ## SYNTAX @@ -23,7 +23,7 @@ Get-DatpMachine [-AllMachines] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get a machine or all machines that have been onboarded to Defender for Endpoint. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md index a4aedb4..f86216f 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAction.md +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpMachineAction ## SYNOPSIS -{{ Fill in the Synopsis }} +Get the status of an action performed on a machine. ## SYNTAX @@ -23,7 +23,7 @@ Get-DatpMachineAction [-AllActivities] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get the status and details about an action that was performed on a machine through Defender for Endpoint. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md index 3f77dd9..796ce32 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAlerts.md +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpMachineAlerts ## SYNOPSIS -{{ Fill in the Synopsis }} +Get alerts triggered by a machine. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpMachineAlerts [-MachineId] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get alerts triggered by a machine. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpMachineByIp.md b/help-docs/locale/en-us/Get-DatpMachineByIp.md index f83a3c1..f2fc817 100644 --- a/help-docs/locale/en-us/Get-DatpMachineByIp.md +++ b/help-docs/locale/en-us/Get-DatpMachineByIp.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpMachineByIp ## SYNOPSIS -{{ Fill in the Synopsis }} +Get a machine by their last IP address. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpMachineByIp [[-IpAddress] ] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get a machine by their last IP address. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md index e0865af..3f330a7 100644 --- a/help-docs/locale/en-us/Get-DatpMachineUsers.md +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpMachineUsers ## SYNOPSIS -{{ Fill in the Synopsis }} +Get users that have logged onto a machine. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpMachineUsers [-MachineId] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get all of the user who have logged onto a machine interactively or through the network. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpSessionClient.md b/help-docs/locale/en-us/Get-DatpSessionClient.md index 39003fe..05f0935 100644 --- a/help-docs/locale/en-us/Get-DatpSessionClient.md +++ b/help-docs/locale/en-us/Get-DatpSessionClient.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpSessionClient ## SYNOPSIS -{{ Fill in the Synopsis }} +Get the raw client used for sending API calls. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpSessionClient [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get the client that has been stored in your session for sending API calls. This client can be used to send custom API calls and can also be used for troubleshooting issues with the cmdlets. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md index ca9f307..13929c8 100644 --- a/help-docs/locale/en-us/Get-DatpUserAlerts.md +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpUserAlerts ## SYNOPSIS -{{ Fill in the Synopsis }} +Get alerts triggered by a user. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpUserAlerts [-UserName] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get alerts triggered by a user. ## EXAMPLES diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md index ea3f2fd..7b975a1 100644 --- a/help-docs/locale/en-us/Get-DatpUserMachines.md +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpUserMachines ## SYNOPSIS -{{ Fill in the Synopsis }} +Get machines a user has logged into. ## SYNTAX @@ -17,7 +17,7 @@ Get-DatpUserMachines [-UserName] [] ``` ## DESCRIPTION -{{ Fill in the Description }} +Get machines a user has logged into. ## EXAMPLES diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md index c38660a..a7648c3 100644 --- a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Out-DatpInvestigationPkg ## SYNOPSIS -{{ Fill in the Synopsis }} +Save an investigation package. ## SYNTAX @@ -17,7 +17,7 @@ Out-DatpInvestigationPkg [-ActivityId] [-FolderPath] [< ``` ## DESCRIPTION -{{ Fill in the Description }} +Save an investigation package that has been collected through Defender for Endpoint. ## EXAMPLES diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md index 8fc6986..29261f0 100644 --- a/help-docs/locale/en-us/Remove-DatpMachineTag.md +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Remove-DatpMachineTag ## SYNOPSIS -{{ Fill in the Synopsis }} +Remove a tag from a machine. ## SYNTAX @@ -17,7 +17,7 @@ Remove-DatpMachineTag [-MachineId] [-TagName] [ [-Comment] [-Isolation ``` ## DESCRIPTION -{{ Fill in the Description }} +Set a machine to be isolated with a full or selective isolation or release a machine from isolation. ## EXAMPLES diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md index 158441f..96f888b 100644 --- a/help-docs/locale/en-us/Set-DatpModuleConfig.md +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Set-DatpModuleConfig ## SYNOPSIS -{{ Fill in the Synopsis }} +Set the configuration for the module to use for authentication. ## SYNTAX @@ -17,7 +17,7 @@ Set-DatpModuleConfig [-PublicClientAppId] [-TenantId] [ [-Comment] ``` ## DESCRIPTION -{{ Fill in the Description }} +Start the investigation package collection process on a machine. ## EXAMPLES diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md index 9852997..19a1d33 100644 --- a/help-docs/locale/en-us/Start-DatpMachineScan.md +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Start-DatpMachineScan ## SYNOPSIS -{{ Fill in the Synopsis }} +Start a scan on a machine. ## SYNTAX @@ -17,7 +17,7 @@ Start-DatpMachineScan [-MachineId] [[-ScanType] ] [-Comment] ``` ## DESCRIPTION -{{ Fill in the Description }} +Start a quick or full scan on a machine. ## EXAMPLES From fc7b7c799748bf802403484ba83eea4cf864e552 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 13:16:09 -0500 Subject: [PATCH 13/28] Added output types to all cmdlets. --- help-docs/compiled/MdatpPwsh.dll-Help.xml | 160 ++++++++++++------ help-docs/locale/en-us/Add-DatpMachineTag.md | 3 +- help-docs/locale/en-us/Get-DatpAlert.md | 3 +- .../locale/en-us/Get-DatpDomainRelated.md | 3 +- help-docs/locale/en-us/Get-DatpDomainStats.md | 3 +- help-docs/locale/en-us/Get-DatpFile.md | 3 +- help-docs/locale/en-us/Get-DatpFileAlerts.md | 3 +- .../locale/en-us/Get-DatpFileMachines.md | 3 +- help-docs/locale/en-us/Get-DatpFileStats.md | 3 +- help-docs/locale/en-us/Get-DatpMachine.md | 5 +- .../locale/en-us/Get-DatpMachineAction.md | 5 +- .../locale/en-us/Get-DatpMachineAlerts.md | 5 +- help-docs/locale/en-us/Get-DatpMachineByIp.md | 5 +- .../locale/en-us/Get-DatpMachineUsers.md | 5 +- .../locale/en-us/Get-DatpSessionClient.md | 3 +- help-docs/locale/en-us/Get-DatpUserAlerts.md | 5 +- .../locale/en-us/Get-DatpUserMachines.md | 3 +- .../locale/en-us/Out-DatpInvestigationPkg.md | 3 +- .../locale/en-us/Remove-DatpMachineTag.md | 3 +- .../locale/en-us/Set-DatpMachineIsolation.md | 3 +- .../locale/en-us/Set-DatpModuleConfig.md | 3 +- .../Start-DatpInvestigationPkgCollection.md | 3 +- .../locale/en-us/Start-DatpMachineScan.md | 3 +- .../powershell-cmdlets/alerts/GetDatpAlert.cs | 1 + .../core/GetDatpSessionClient.cs | 1 + .../core/SetDatpModuleConfig.cs | 1 + .../domain/GetDatpDomainRelated.cs | 1 + .../domain/GetDatpDomainStats.cs | 1 + .../powershell-cmdlets/files/GetDatpFile.cs | 1 + .../files/GetDatpFileAlerts.cs | 1 + .../files/GetDatpFileMachines.cs | 1 + .../files/GetDatpFileStats.cs | 1 + .../machine/AddDatpMachineTag.cs | 1 + .../machine/GetDatpMachine.cs | 4 + .../machine/GetDatpMachineAction.cs | 4 + .../machine/GetDatpMachineAlerts.cs | 4 + .../machine/GetDatpMachineByIp.cs | 4 + .../machine/GetDatpMachineUsers.cs | 4 + .../machine/Out-DatpInvestigationPkg.cs | 1 + .../machine/RemoveDatpMachineTag.cs | 1 + .../machine/SetDatpMachineIsolation.cs | 1 + .../StartDatpInvestigationPkgCollection.cs | 1 + .../machine/StartDatpMachineScan.cs | 1 + .../user/GetDatpUserAlerts.cs | 4 + .../user/GetDatpUserMachines.cs | 1 + 45 files changed, 200 insertions(+), 78 deletions(-) diff --git a/help-docs/compiled/MdatpPwsh.dll-Help.xml b/help-docs/compiled/MdatpPwsh.dll-Help.xml index fcb0e42..99a3a1e 100644 --- a/help-docs/compiled/MdatpPwsh.dll-Help.xml +++ b/help-docs/compiled/MdatpPwsh.dll-Help.xml @@ -80,7 +80,7 @@ - System.Object + MdatpPwsh.Models.Machine @@ -238,7 +238,7 @@ - System.Object + MdatpPwsh.Models.Alert[] @@ -345,7 +345,7 @@ - System.Object + MdatpPwsh.Models.Machine[] @@ -424,7 +424,7 @@ - System.Object + MdatpPwsh.Models.DomainStats @@ -503,7 +503,7 @@ - System.Object + MdatpPwsh.Models.FileProperties @@ -532,11 +532,11 @@ Get DatpFileAlerts - {{ Fill in the Synopsis }} + Get alerts related to a file identifier. - {{ Fill in the Description }} + Get alerts seen in your organization related to a file's SHA1 or SHA256 hash. @@ -582,7 +582,7 @@ - System.Object + MdatpPwsh.Models.Alert[] @@ -611,11 +611,11 @@ Get DatpFileMachines - {{ Fill in the Synopsis }} + Get machines that have seen a file. - {{ Fill in the Description }} + Get machines that have been registered to have seen a file's SHA1 or SHA256 hash. @@ -661,7 +661,7 @@ - System.Object + MdatpPwsh.Models.Machine[] @@ -690,11 +690,11 @@ Get DatpFileStats - {{ Fill in the Synopsis }} + Get the stats of a file. - {{ Fill in the Description }} + Get stats on a file with how much it has been seen in your organization and worldwide. @@ -740,7 +740,7 @@ - System.Object + MdatpPwsh.Models.FileStats @@ -769,11 +769,11 @@ Get DatpMachine - {{ Fill in the Synopsis }} + Get a machine from Defender for Endpoint. - {{ Fill in the Description }} + Get a machine or all machines that have been onboarded to Defender for Endpoint. @@ -845,7 +845,15 @@ - System.Object + MdatpPwsh.Models.Machine + + + + + + + + MdatpPwsh.Models.Machine[] @@ -874,11 +882,11 @@ Get DatpMachineAction - {{ Fill in the Synopsis }} + Get the status of an action performed on a machine. - {{ Fill in the Description }} + Get the status and details about an action that was performed on a machine through Defender for Endpoint. @@ -950,7 +958,15 @@ - System.Object + MdatpPwsh.Models.ActivityResponse + + + + + + + + MdatpPwsh.Models.ActivityResponse[] @@ -979,11 +995,11 @@ Get DatpMachineAlerts - {{ Fill in the Synopsis }} + Get alerts triggered by a machine. - {{ Fill in the Description }} + Get alerts triggered by a machine. @@ -1029,7 +1045,15 @@ - System.Object + MdatpPwsh.Models.Alert + + + + + + + + MdatpPwsh.Models.Alert[] @@ -1058,11 +1082,11 @@ Get DatpMachineByIp - {{ Fill in the Synopsis }} + Get a machine by their last IP address. - {{ Fill in the Description }} + Get a machine by their last IP address. @@ -1108,7 +1132,15 @@ - System.Object + MdatpPwsh.Models.Machine + + + + + + + + MdatpPwsh.Models.Machine[] @@ -1137,11 +1169,11 @@ Get DatpMachineUsers - {{ Fill in the Synopsis }} + Get users that have logged onto a machine. - {{ Fill in the Description }} + Get all of the user who have logged onto a machine interactively or through the network. @@ -1187,7 +1219,15 @@ - System.Object + MdatpPwsh.Models.User + + + + + + + + MdatpPwsh.Models.User[] @@ -1216,11 +1256,11 @@ Get DatpSessionClient - {{ Fill in the Synopsis }} + Get the raw client used for sending API calls. - {{ Fill in the Description }} + Get the client that has been stored in your session for sending API calls. This client can be used to send custom API calls and can also be used for troubleshooting issues with the cmdlets. @@ -1241,7 +1281,7 @@ - System.Object + MdatpPwsh.Session.DatpSessionClient @@ -1270,11 +1310,11 @@ Get DatpUserAlerts - {{ Fill in the Synopsis }} + Get alerts triggered by a user. - {{ Fill in the Description }} + Get alerts triggered by a user. @@ -1320,7 +1360,15 @@ - System.Object + MdatpPwsh.Models.Alert + + + + + + + + MdatpPwsh.Models.Alert[] @@ -1349,11 +1397,11 @@ Get DatpUserMachines - {{ Fill in the Synopsis }} + Get machines a user has logged into. - {{ Fill in the Description }} + Get machines a user has logged into. @@ -1399,7 +1447,7 @@ - System.Object + MdatpPwsh.Models.Machine[] @@ -1428,11 +1476,11 @@ Out DatpInvestigationPkg - {{ Fill in the Synopsis }} + Save an investigation package. - {{ Fill in the Description }} + Save an investigation package that has been collected through Defender for Endpoint. @@ -1502,7 +1550,7 @@ - System.Object + System.IO.FileInfo @@ -1531,11 +1579,11 @@ Remove DatpMachineTag - {{ Fill in the Synopsis }} + Remove a tag from a machine. - {{ Fill in the Description }} + Remove a tag from a machine. @@ -1605,7 +1653,7 @@ - System.Object + MdatpPwsh.Models.Machine @@ -1634,11 +1682,11 @@ Set DatpMachineIsolation - {{ Fill in the Synopsis }} + Set a machine to be isolated or to be released from isolation. - {{ Fill in the Description }} + Set a machine to be isolated with a full or selective isolation or release a machine from isolation. @@ -1737,7 +1785,7 @@ - System.Object + MdatpPwsh.Models.ActivityResponse @@ -1766,11 +1814,11 @@ Set DatpModuleConfig - {{ Fill in the Synopsis }} + Set the configuration for the module to use for authentication. - {{ Fill in the Description }} + Set the configuration for the module to use for authentication. This will require information related to your Azure AD tenant. @@ -1840,7 +1888,7 @@ - System.Object + MdatpPwsh.Models.Core.DatpModuleConfig @@ -1869,11 +1917,11 @@ Start DatpInvestigationPkgCollection - {{ Fill in the Synopsis }} + Start the investigation package collection process on a machine. - {{ Fill in the Description }} + Start the investigation package collection process on a machine. @@ -1943,7 +1991,7 @@ - System.Object + MdatpPwsh.Models.ActivityResponse @@ -1972,11 +2020,11 @@ Start DatpMachineScan - {{ Fill in the Synopsis }} + Start a scan on a machine. - {{ Fill in the Description }} + Start a quick or full scan on a machine. @@ -2074,7 +2122,7 @@ - System.Object + MdatpPwsh.Models.ActivityResponse diff --git a/help-docs/locale/en-us/Add-DatpMachineTag.md b/help-docs/locale/en-us/Add-DatpMachineTag.md index 42540f5..2885cbd 100644 --- a/help-docs/locale/en-us/Add-DatpMachineTag.md +++ b/help-docs/locale/en-us/Add-DatpMachineTag.md @@ -69,7 +69,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpAlert.md b/help-docs/locale/en-us/Get-DatpAlert.md index 7c9f469..114f9de 100644 --- a/help-docs/locale/en-us/Get-DatpAlert.md +++ b/help-docs/locale/en-us/Get-DatpAlert.md @@ -76,7 +76,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Alert[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainRelated.md b/help-docs/locale/en-us/Get-DatpDomainRelated.md index 859c679..16c5cd4 100644 --- a/help-docs/locale/en-us/Get-DatpDomainRelated.md +++ b/help-docs/locale/en-us/Get-DatpDomainRelated.md @@ -70,7 +70,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainStats.md b/help-docs/locale/en-us/Get-DatpDomainStats.md index 99fb039..4b5d427 100644 --- a/help-docs/locale/en-us/Get-DatpDomainStats.md +++ b/help-docs/locale/en-us/Get-DatpDomainStats.md @@ -54,7 +54,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.DomainStats + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md index d406b95..567a16a 100644 --- a/help-docs/locale/en-us/Get-DatpFile.md +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -54,7 +54,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.FileProperties + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md index 31458af..5d9da81 100644 --- a/help-docs/locale/en-us/Get-DatpFileAlerts.md +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -54,7 +54,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Alert[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md index c96a7b1..299f604 100644 --- a/help-docs/locale/en-us/Get-DatpFileMachines.md +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -54,7 +54,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md index 8529a99..e196884 100644 --- a/help-docs/locale/en-us/Get-DatpFileStats.md +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -54,7 +54,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.FileStats + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md index b11c7db..0b2a605 100644 --- a/help-docs/locale/en-us/Get-DatpMachine.md +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -75,7 +75,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine + +### MdatpPwsh.Models.Machine[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md index f86216f..e456b20 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAction.md +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -75,7 +75,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.ActivityResponse + +### MdatpPwsh.Models.ActivityResponse[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md index 796ce32..772e5b2 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAlerts.md +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -54,7 +54,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Alert + +### MdatpPwsh.Models.Alert[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineByIp.md b/help-docs/locale/en-us/Get-DatpMachineByIp.md index f2fc817..151291a 100644 --- a/help-docs/locale/en-us/Get-DatpMachineByIp.md +++ b/help-docs/locale/en-us/Get-DatpMachineByIp.md @@ -54,7 +54,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine + +### MdatpPwsh.Models.Machine[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md index 3f330a7..35d9e59 100644 --- a/help-docs/locale/en-us/Get-DatpMachineUsers.md +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -54,7 +54,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.User + +### MdatpPwsh.Models.User[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpSessionClient.md b/help-docs/locale/en-us/Get-DatpSessionClient.md index 05f0935..6d9cb5d 100644 --- a/help-docs/locale/en-us/Get-DatpSessionClient.md +++ b/help-docs/locale/en-us/Get-DatpSessionClient.md @@ -39,7 +39,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Session.DatpSessionClient + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md index 13929c8..6cd3d4b 100644 --- a/help-docs/locale/en-us/Get-DatpUserAlerts.md +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -54,7 +54,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Alert + +### MdatpPwsh.Models.Alert[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md index 7b975a1..245c984 100644 --- a/help-docs/locale/en-us/Get-DatpUserMachines.md +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -54,7 +54,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine[] + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md index a7648c3..8a1d550 100644 --- a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -69,7 +69,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### System.IO.FileInfo + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md index 29261f0..c49f735 100644 --- a/help-docs/locale/en-us/Remove-DatpMachineTag.md +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -69,7 +69,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Machine + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpMachineIsolation.md b/help-docs/locale/en-us/Set-DatpMachineIsolation.md index e7752e6..6a1e56c 100644 --- a/help-docs/locale/en-us/Set-DatpMachineIsolation.md +++ b/help-docs/locale/en-us/Set-DatpMachineIsolation.md @@ -86,7 +86,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.ActivityResponse + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md index 96f888b..122e36c 100644 --- a/help-docs/locale/en-us/Set-DatpModuleConfig.md +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -69,7 +69,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.Core.DatpModuleConfig + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md index 6a38d8f..268358b 100644 --- a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md +++ b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md @@ -69,7 +69,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.ActivityResponse + ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md index 19a1d33..808e91d 100644 --- a/help-docs/locale/en-us/Start-DatpMachineScan.md +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -85,7 +85,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### MdatpPwsh.Models.ActivityResponse + ## NOTES ## RELATED LINKS diff --git a/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs b/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs index 6c51309..a3b2aee 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs @@ -12,6 +12,7 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommon.Get, "DatpAlert")] [CmdletBinding(DefaultParameterSetName = "ListAlerts")] + [OutputType(typeof(Alert[]))] public class GetDatpAlert : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs b/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs index f764959..867b453 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/GetDatpSessionClient.cs @@ -6,6 +6,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Session; [Cmdlet(VerbsCommon.Get, "DatpSessionClient")] + [OutputType(typeof(DatpSessionClient))] public class GetDatpSessionClient : DatpCmdlet { protected override void BeginProcessing() diff --git a/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs b/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs index 5c2386b..58da993 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/core/SetDatpModuleConfig.cs @@ -8,6 +8,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Models.Core; [Cmdlet(VerbsCommon.Set, "DatpModuleConfig")] + [OutputType(typeof(DatpModuleConfig))] public class SetDatpModuleConfig : PSCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs index 834f013..f407831 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpDomainRelated")] + [OutputType(typeof(Machine[]))] public class GetDatpDomainRelated : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs index 2b5a49c..d90848e 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainStats.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpDomainStats")] + [OutputType(typeof(DomainStats))] public class GetDatpDomainStats : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs index 6f7144e..bbfa44f 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFile.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFile")] + [OutputType(typeof(FileProperties))] public class GetDatpFile : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs index 39df887..a95c482 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileAlerts.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFileAlerts")] + [OutputType(typeof(Alert[]))] public class GetDatpFileAlerts : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs index 1707a01..6607449 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileMachines.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFileMachines")] + [OutputType(typeof(Machine[]))] public class GetDatpFileMachines : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs index a6ffad9..86f5ad4 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/files/GetDatpFileStats.cs @@ -10,6 +10,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpFileStats")] + [OutputType(typeof(FileStats))] public class GetDatpFileStats : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs index 8506325..a51b7cb 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/AddDatpMachineTag.cs @@ -12,6 +12,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Add, "DatpMachineTag")] + [OutputType(typeof(Machine))] public class AddDatpMachineTag : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs index ff572c2..2853617 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachine.cs @@ -13,6 +13,10 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommon.Get, "DatpMachine")] [CmdletBinding(DefaultParameterSetName = "AllMachines")] + [OutputType( + typeof(Machine), + typeof(Machine[]) + )] public class GetDatpMachine : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs index ca60385..ccb9859 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAction.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets [Cmdlet(VerbsCommon.Get, "DatpMachineAction")] [CmdletBinding(DefaultParameterSetName = "AllActivities")] + [OutputType( + typeof(ActivityResponse), + typeof(ActivityResponse[]) + )] public class GetDatpMachineAction : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs index d283b93..0e306ef 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineAlerts.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpMachineAlerts")] + [OutputType( + typeof(Alert), + typeof(Alert[]) + )] public class GetDatpMachineAlerts : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs index bb634e6..d2f0f43 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineByIp.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpMachineByIp")] + [OutputType( + typeof(Machine), + typeof(Machine[]) + )] public class GetDatpMachineByIp : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs index c3e8246..fcba162 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/GetDatpMachineUsers.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpMachineUsers")] + [OutputType( + typeof(User), + typeof(User[]) + )] public class GetDatpMachineUsers : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs index 6895ec5..d17436d 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/Out-DatpInvestigationPkg.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsData.Out, "DatpInvestigationPkg")] + [OutputType(typeof(FileInfo))] public class OutDatpInvestigationPkg : DatpCmdlet { diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs index df86bc7..47d34a1 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/RemoveDatpMachineTag.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Remove, "DatpMachineTag")] + [OutputType(typeof(Machine))] public class RemoveDatpMachineTag : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs index c1ba45f..99c774c 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/SetDatpMachineIsolation.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Set, "DatpMachineIsolation")] + [OutputType(typeof(ActivityResponse))] public class SetDatpMachineIsolation : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs index e8fe3ec..a282824 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpInvestigationPkgCollection.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsLifecycle.Start, "DatpInvestigationPkgCollection")] + [OutputType(typeof(ActivityResponse))] public class StartDatpInvestigationPkgCollection : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs index f1e6fac..09156c0 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/machine/StartDatpMachineScan.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsLifecycle.Start, "DatpMachineScan")] + [OutputType(typeof(ActivityResponse))] public class StartDatpMachineScan : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs index 0a9ccd1..b84c237 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserAlerts.cs @@ -11,6 +11,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpUserAlerts")] + [OutputType( + typeof(Alert), + typeof(Alert[]) + )] public class GetDatpUserAlerts : DatpCmdlet { [Parameter( diff --git a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs index 97ef054..128f313 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/user/GetDatpUserMachines.cs @@ -11,6 +11,7 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpUserMachines")] + [OutputType(typeof(Machine[]))] public class GetDatpUserMachines : DatpCmdlet { [Parameter( From 5c3fe22e16ba68841b0f269b37a30802897bfd31 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 14:01:25 -0500 Subject: [PATCH 14/28] Added some examples to help docs. --- help-docs/locale/en-us/Get-DatpAlert.md | 11 +++++++++-- help-docs/locale/en-us/Get-DatpFile.md | 2 +- help-docs/locale/en-us/Get-DatpFileAlerts.md | 4 ++-- help-docs/locale/en-us/Get-DatpFileMachines.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachine.md | 11 +++++++++-- help-docs/locale/en-us/Get-DatpMachineAction.md | 11 +++++++++-- help-docs/locale/en-us/Get-DatpMachineAlerts.md | 4 ++-- help-docs/locale/en-us/Get-DatpMachineUsers.md | 4 ++-- help-docs/locale/en-us/Get-DatpUserAlerts.md | 4 ++-- help-docs/locale/en-us/Get-DatpUserMachines.md | 4 ++-- 10 files changed, 40 insertions(+), 19 deletions(-) diff --git a/help-docs/locale/en-us/Get-DatpAlert.md b/help-docs/locale/en-us/Get-DatpAlert.md index 114f9de..64a8ca7 100644 --- a/help-docs/locale/en-us/Get-DatpAlert.md +++ b/help-docs/locale/en-us/Get-DatpAlert.md @@ -29,10 +29,17 @@ Get an alert or all alerts of a specific status from the Defender for Endpoint A ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpAlert -AlertId "da123456789123456_1234567890" ``` -{{ Add example description here }} +Get an alert by a specific AlertID. + +### Example 2 +```powershell +PS C:\> Get-DatpAlert -AlertStatus "New" +``` + +Get all alerts with the status of "New". ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md index 567a16a..847ff50 100644 --- a/help-docs/locale/en-us/Get-DatpFile.md +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -23,7 +23,7 @@ Get information about a file that has been by Defender for Endpoint. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpFile -FileIdentifier "36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2" ``` {{ Add example description here }} diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md index 5d9da81..485282a 100644 --- a/help-docs/locale/en-us/Get-DatpFileAlerts.md +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -23,10 +23,10 @@ Get alerts seen in your organization related to a file's SHA1 or SHA256 hash. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpFileAlerts -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" ``` -{{ Add example description here }} +Getting alerts triggered by the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md index 299f604..b820d78 100644 --- a/help-docs/locale/en-us/Get-DatpFileMachines.md +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -23,10 +23,10 @@ Get machines that have been registered to have seen a file's SHA1 or SHA256 hash ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpFileMachines -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" ``` -{{ Add example description here }} +Get machines that have seen the file with the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md index 0b2a605..d9b97ba 100644 --- a/help-docs/locale/en-us/Get-DatpMachine.md +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -29,10 +29,17 @@ Get a machine or all machines that have been onboarded to Defender for Endpoint. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpMachine -MachineId "comp-01.contoso.com" ``` -{{ Add example description here }} +Get a machine by using it's fully qualified domain name (FQDN). + +### Example 2 +```powershell +PS C:\> Get-DatpMachine -AllMachines +``` + +Get all machines onboarded to your environment. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md index e456b20..1edf3f8 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAction.md +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -29,10 +29,17 @@ Get the status and details about an action that was performed on a machine throu ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpMachineAction -ActivityId "460e2875-7f91-4c32-8add-4a7b78f13254" ``` -{{ Add example description here }} +Get details of a specific action performed on a machine. + +### Example 2 +```powershell +PS C:\> Get-DatpMachineAction -AllActivities +``` + +Get all machine actions performed. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md index 772e5b2..a6f45e1 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAlerts.md +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -23,10 +23,10 @@ Get alerts triggered by a machine. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpMachineAlerts -MachineId "comp-01.contoso.edu" ``` -{{ Add example description here }} +Get alerts triggered on a specific machine. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md index 35d9e59..1bf4efe 100644 --- a/help-docs/locale/en-us/Get-DatpMachineUsers.md +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -23,10 +23,10 @@ Get all of the user who have logged onto a machine interactively or through the ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpMachineUsers -MachineId "comp-01.contoso.com" ``` -{{ Add example description here }} +Get all of the users for a specific machine. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md index 6cd3d4b..57dfed6 100644 --- a/help-docs/locale/en-us/Get-DatpUserAlerts.md +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -23,10 +23,10 @@ Get alerts triggered by a user. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpUserAlerts -UserName "contoso\jwinger01" ``` -{{ Add example description here }} +Get all alerts that were triggered by a specific user. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md index 245c984..fdfdfab 100644 --- a/help-docs/locale/en-us/Get-DatpUserMachines.md +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -23,10 +23,10 @@ Get machines a user has logged into. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpUserMachines -UserName "contoso\jwinger01" ``` -{{ Add example description here }} +Get all of the machines a specific user has logged into. ## PARAMETERS From 31146086fce96838c7b7d38937f48204f688fafe Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 14:36:26 -0500 Subject: [PATCH 15/28] Fixed JSON conversion failure --- src/mdatp-pwsh/models/files/FileProperties.cs | 40 +------------------ 1 file changed, 2 insertions(+), 38 deletions(-) diff --git a/src/mdatp-pwsh/models/files/FileProperties.cs b/src/mdatp-pwsh/models/files/FileProperties.cs index ac3a8cd..f20e177 100644 --- a/src/mdatp-pwsh/models/files/FileProperties.cs +++ b/src/mdatp-pwsh/models/files/FileProperties.cs @@ -28,25 +28,7 @@ public class FileProperties public string FileType { get; set; } [JsonPropertyName("isPeFile")] - public dynamic IsPeFile - { - get { return isPeFile; } - set - { - switch (null == value) - { - case true: - isPeFile = false; - break; - - default: - isPeFile = true; - break; - - } - } - } - private dynamic isPeFile; + public bool IsPeFile { get; set; } [JsonPropertyName("globalPrevalence")] public Int64 GlobalPrevalence { get; set; } @@ -67,24 +49,6 @@ public dynamic IsPeFile public string SignerHash { get; set; } [JsonPropertyName("isValidCertificate")] - public dynamic IsValidCertificate - { - get { return isValidCertificate; } - set - { - switch (null == value) - { - case true: - isValidCertificate = false; - break; - - default: - isValidCertificate = true; - break; - - } - } - } - private dynamic isValidCertificate; + public Nullable IsValidCertificate { get; set; } } } \ No newline at end of file From 54a629ab3eaf1053de47c6caa867ce19761e99d2 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Wed, 3 Feb 2021 14:38:28 -0500 Subject: [PATCH 16/28] Compiled help --- help-docs/compiled/MdatpPwsh.dll-Help.xml | 59 +++++++++++++++-------- 1 file changed, 40 insertions(+), 19 deletions(-) diff --git a/help-docs/compiled/MdatpPwsh.dll-Help.xml b/help-docs/compiled/MdatpPwsh.dll-Help.xml index 99a3a1e..970288a 100644 --- a/help-docs/compiled/MdatpPwsh.dll-Help.xml +++ b/help-docs/compiled/MdatpPwsh.dll-Help.xml @@ -253,9 +253,16 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpAlert -AlertId "da123456789123456_1234567890" - {{ Add example description here }} + Get an alert by a specific AlertID. + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-DatpAlert -AlertStatus "New" + + Get all alerts with the status of "New". @@ -518,7 +525,7 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpFile -FileIdentifier "36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2" {{ Add example description here }} @@ -597,9 +604,9 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpFileAlerts -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" - {{ Add example description here }} + Getting alerts triggered by the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". @@ -676,9 +683,9 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpFileMachines -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" - {{ Add example description here }} + Get machines that have seen the file with the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". @@ -868,9 +875,16 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpMachine -MachineId "comp-01.contoso.com" - {{ Add example description here }} + Get a machine by using it's fully qualified domain name (FQDN). + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-DatpMachine -AllMachines + + Get all machines onboarded to your environment. @@ -981,9 +995,16 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpMachineAction -ActivityId "460e2875-7f91-4c32-8add-4a7b78f13254" - {{ Add example description here }} + Get details of a specific action performed on a machine. + + + + -------------------------- Example 2 -------------------------- + PS C:\> Get-DatpMachineAction -AllActivities + + Get all machine actions performed. @@ -1068,9 +1089,9 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpMachineAlerts -MachineId "comp-01.contoso.edu" - {{ Add example description here }} + Get alerts triggered on a specific machine. @@ -1242,9 +1263,9 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpMachineUsers -MachineId "comp-01.contoso.com" - {{ Add example description here }} + Get all of the users for a specific machine. @@ -1383,9 +1404,9 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpUserAlerts -UserName "contoso\jwinger01" - {{ Add example description here }} + Get all alerts that were triggered by a specific user. @@ -1462,9 +1483,9 @@ -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} + PS C:\> Get-DatpUserMachines -UserName "contoso\jwinger01" - {{ Add example description here }} + Get all of the machines a specific user has logged into. From fd15c2b91e6aa7b7819d62a00d807c9b3f5ea1dc Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 11:39:43 -0500 Subject: [PATCH 17/28] Fixed JSON conversion error. - Instead of trying to convert 'orgPrevalence' to int32, just read it as a string for now. --- src/mdatp-pwsh/models/domains/DomainStats.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/models/domains/DomainStats.cs b/src/mdatp-pwsh/models/domains/DomainStats.cs index 0dd7f9f..bb79512 100644 --- a/src/mdatp-pwsh/models/domains/DomainStats.cs +++ b/src/mdatp-pwsh/models/domains/DomainStats.cs @@ -10,7 +10,7 @@ public class DomainStats public string DomainHost { get; set; } [JsonPropertyName("orgPrevalence")] - public Nullable OrgPrevalence { get; set; } + public string OrgPrevalence { get; set; } [JsonPropertyName("orgFirstSeen")] public Nullable OrgFirstSeen { get; set; } From ff99baefe17cbd293bacc372e00f6e54c75373fa Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 11:41:52 -0500 Subject: [PATCH 18/28] Fixed JSON conversion error - Instead of converting 'orgPrevalence' and 'globalPrevalence' to int32, just convert it to string for now. --- src/mdatp-pwsh/models/files/FileStats.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/models/files/FileStats.cs b/src/mdatp-pwsh/models/files/FileStats.cs index af81c28..db9fff0 100644 --- a/src/mdatp-pwsh/models/files/FileStats.cs +++ b/src/mdatp-pwsh/models/files/FileStats.cs @@ -20,7 +20,7 @@ public class FileStats public Nullable OrgLastSeen { get; set; } [JsonPropertyName("globalPrevalence")] - public int GlobalPrevalence { get; set; } + public string GlobalPrevalence { get; set; } [JsonPropertyName("globalFirstObserved")] public Nullable GlobalFirstObserved { get; set; } From 8a14ac9a441e5e990a0bb85598a0d816f6ad861d Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 11:42:53 -0500 Subject: [PATCH 19/28] Fixed output error - There was a syntax error during the loop to write the objects to the console. --- .../powershell-cmdlets/domain/GetDatpDomainRelated.cs | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs index f407831..0db3c5b 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs @@ -10,7 +10,10 @@ namespace MdatpPwsh.Cmdlets using MdatpPwsh.Helpers; [Cmdlet(VerbsCommon.Get, "DatpDomainRelated")] - [OutputType(typeof(Machine[]))] + [OutputType( + typeof(Machine[]), + typeof(Alert[]) + )] public class GetDatpDomainRelated : DatpCmdlet { [Parameter( @@ -64,7 +67,7 @@ protected override void ProcessRecord() } - foreach (dynamic obj in apiResult.value) + foreach (dynamic obj in apiResult) { WriteObject(obj); } From 25fee6c09e5065067936b44ef4df653b0b541e24 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:04:31 -0500 Subject: [PATCH 20/28] Added pipeline support --- src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs b/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs index c35f714..098cc10 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/alerts/UpdateDatpAlert.cs @@ -15,7 +15,8 @@ public class UpdateDatpAlert : DatpCmdlet { [Parameter( Position = 0, - Mandatory = true + Mandatory = true, + ValueFromPipelineByPropertyName = true )] public string AlertId { From b5ff6668cfa0e61ae9d327ac33373f1bda7eab74 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:07:27 -0500 Subject: [PATCH 21/28] Changed parameter position. - Since both parameters are in a unique parameter set, both parameters are set to position 0 now. --- src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs b/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs index a3b2aee..b71c26d 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/alerts/GetDatpAlert.cs @@ -27,7 +27,7 @@ public AlertStatus AlertStatus private AlertStatus alertStatus = AlertStatus.New; [Parameter( - Position = 1, + Position = 0, ParameterSetName = "GetAlert" )] public string AlertId From 23193ecff2fc808fb4d0962422d57ec67018ae29 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:19:25 -0500 Subject: [PATCH 22/28] Fixed OrgPrevalence - Meant to change from int to string in a previous commit. --- src/mdatp-pwsh/models/files/FileStats.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mdatp-pwsh/models/files/FileStats.cs b/src/mdatp-pwsh/models/files/FileStats.cs index db9fff0..81aac86 100644 --- a/src/mdatp-pwsh/models/files/FileStats.cs +++ b/src/mdatp-pwsh/models/files/FileStats.cs @@ -11,7 +11,7 @@ public class FileStats public string SHA1 { get; set; } [JsonPropertyName("orgPrevalence")] - public int OrgPrevalence { get; set; } + public string OrgPrevalence { get; set; } [JsonPropertyName("orgFirstSeen")] public Nullable OrgFirstSeen { get; set; } From a35d2a5e590cff5f5c2d0fb58aca5c2ae0f71414 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:24:00 -0500 Subject: [PATCH 23/28] Remove 'Get-DatpMachineByIp' - This API call is not working as expected and is being removed from production for the time being. --- help-docs/locale/en-us/Get-DatpMachineByIp.md | 63 ------------------- module-manifest/mdatp-pwsh.psd1 | 1 - 2 files changed, 64 deletions(-) delete mode 100644 help-docs/locale/en-us/Get-DatpMachineByIp.md diff --git a/help-docs/locale/en-us/Get-DatpMachineByIp.md b/help-docs/locale/en-us/Get-DatpMachineByIp.md deleted file mode 100644 index 151291a..0000000 --- a/help-docs/locale/en-us/Get-DatpMachineByIp.md +++ /dev/null @@ -1,63 +0,0 @@ ---- -external help file: MdatpPwsh.dll-Help.xml -Module Name: mdatp-pwsh -online version: -schema: 2.0.0 ---- - -# Get-DatpMachineByIp - -## SYNOPSIS -Get a machine by their last IP address. - -## SYNTAX - -``` -Get-DatpMachineByIp [[-IpAddress] ] [] -``` - -## DESCRIPTION -Get a machine by their last IP address. - -## EXAMPLES - -### Example 1 -```powershell -PS C:\> {{ Add example code here }} -``` - -{{ Add example description here }} - -## PARAMETERS - -### -IpAddress -The IP address to search for. - -```yaml -Type: String[] -Parameter Sets: (All) -Aliases: - -Required: False -Position: 0 -Default value: None -Accept pipeline input: True (ByPropertyName) -Accept wildcard characters: False -``` - -### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). - -## INPUTS - -### System.String[] - -## OUTPUTS - -### MdatpPwsh.Models.Machine - -### MdatpPwsh.Models.Machine[] - -## NOTES - -## RELATED LINKS diff --git a/module-manifest/mdatp-pwsh.psd1 b/module-manifest/mdatp-pwsh.psd1 index 3c1d807..f1255da 100644 --- a/module-manifest/mdatp-pwsh.psd1 +++ b/module-manifest/mdatp-pwsh.psd1 @@ -40,7 +40,6 @@ "Get-DatpMachine", "Get-DatpMachineAlerts", "Get-DatpMachineUsers", - "Get-DatpMachineByIp", "Set-DatpMachineIsolation", "Add-DatpMachineTag", "Remove-DatpMachineTag", From cbcf457d3eef5a824f93bb96b78a7adcf5705eee Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:48:36 -0500 Subject: [PATCH 24/28] Updated help docs with more info --- help-docs/locale/en-us/Connect-DatpGraph.md | 2 +- .../locale/en-us/Get-DatpDomainRelated.md | 12 +++++----- help-docs/locale/en-us/Get-DatpDomainStats.md | 4 ++-- help-docs/locale/en-us/Get-DatpFile.md | 2 +- help-docs/locale/en-us/Get-DatpFileAlerts.md | 6 +++-- .../locale/en-us/Get-DatpFileMachines.md | 6 +++-- help-docs/locale/en-us/Get-DatpFileStats.md | 8 ++++--- .../locale/en-us/Get-DatpSessionClient.md | 7 ------ .../locale/en-us/Get-DatpUserMachines.md | 2 +- .../locale/en-us/Out-DatpInvestigationPkg.md | 8 ++++--- .../locale/en-us/Remove-DatpMachineTag.md | 4 ++-- .../locale/en-us/Set-DatpMachineIsolation.md | 11 ++++++++-- .../locale/en-us/Set-DatpModuleConfig.md | 4 ++-- .../Start-DatpInvestigationPkgCollection.md | 4 ++-- .../locale/en-us/Start-DatpMachineScan.md | 13 +++++++++-- help-docs/locale/en-us/Update-DatpAlert.md | 22 ++++++++++--------- 16 files changed, 67 insertions(+), 48 deletions(-) diff --git a/help-docs/locale/en-us/Connect-DatpGraph.md b/help-docs/locale/en-us/Connect-DatpGraph.md index 96809ec..410cfa7 100644 --- a/help-docs/locale/en-us/Connect-DatpGraph.md +++ b/help-docs/locale/en-us/Connect-DatpGraph.md @@ -32,7 +32,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### System.Object +### None ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainRelated.md b/help-docs/locale/en-us/Get-DatpDomainRelated.md index 16c5cd4..3e465d0 100644 --- a/help-docs/locale/en-us/Get-DatpDomainRelated.md +++ b/help-docs/locale/en-us/Get-DatpDomainRelated.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Get-DatpDomainRelated ## SYNOPSIS -{{ Fill in the Synopsis }} +Get machines or alerts that have interacted with a web domain. ## SYNTAX @@ -17,21 +17,21 @@ Get-DatpDomainRelated [-DomainName] [[-Type] ] [ {{ Add example code here }} +PS C:\> Get-DatpDomainRelated -DomainName "www.reddit.com" -Type Machines ``` -{{ Add example description here }} +Get all machines that have made contact with 'www.reddit.com'. ## PARAMETERS ### -DomainName -{{ Fill DomainName Description }} +The web domain name to search for. ```yaml Type: String @@ -46,7 +46,7 @@ Accept wildcard characters: False ``` ### -Type -{{ Fill Type Description }} +The type of objects to return. ```yaml Type: String diff --git a/help-docs/locale/en-us/Get-DatpDomainStats.md b/help-docs/locale/en-us/Get-DatpDomainStats.md index 4b5d427..04ffc41 100644 --- a/help-docs/locale/en-us/Get-DatpDomainStats.md +++ b/help-docs/locale/en-us/Get-DatpDomainStats.md @@ -23,10 +23,10 @@ Get the stats of a domain in Defender for Endpoint with how often it has been se ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpDomainStats -DomainName "www.reddit.com" ``` -{{ Add example description here }} +Get the stats of how prevalent 'www.reddit.com' is. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md index 847ff50..43ff9db 100644 --- a/help-docs/locale/en-us/Get-DatpFile.md +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -26,7 +26,7 @@ Get information about a file that has been by Defender for Endpoint. PS C:\> Get-DatpFile -FileIdentifier "36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2" ``` -{{ Add example description here }} +Get information about a file with a SHA256 hash of '36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2'. ## PARAMETERS diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md index 485282a..b4593f6 100644 --- a/help-docs/locale/en-us/Get-DatpFileAlerts.md +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -17,7 +17,7 @@ Get-DatpFileAlerts [-FileIdentifier] [] ``` ## DESCRIPTION -Get alerts seen in your organization related to a file's SHA1 or SHA256 hash. +Get alerts seen in your organization related to a file's SHA1 hash. ## EXAMPLES @@ -31,7 +31,7 @@ Getting alerts triggered by the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b ## PARAMETERS ### -FileIdentifier -The SHA1 or SHA256 hash of the file. +The SHA1 hash of the file. ```yaml Type: String @@ -58,4 +58,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES +SHA256 hashes are not supported in the 'FileIdentifier' parameter. + ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md index b820d78..00d82d3 100644 --- a/help-docs/locale/en-us/Get-DatpFileMachines.md +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -17,7 +17,7 @@ Get-DatpFileMachines [-FileIdentifier] [] ``` ## DESCRIPTION -Get machines that have been registered to have seen a file's SHA1 or SHA256 hash. +Get machines that have been registered to have seen a file's SHA1 hash. ## EXAMPLES @@ -31,7 +31,7 @@ Get machines that have seen the file with the SHA1 file hash of "eec6ebcbd8f725c ## PARAMETERS ### -FileIdentifier -The SHA1 or SHA256 hash of the file. +The SHA1 hash of the file. ```yaml Type: String @@ -58,4 +58,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES +SHA256 hashes are not supported in the 'FileIdentifier' parameter. + ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md index e196884..18e2094 100644 --- a/help-docs/locale/en-us/Get-DatpFileStats.md +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -23,15 +23,15 @@ Get stats on a file with how much it has been seen in your organization and worl ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Get-DatpFileStats -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" ``` -{{ Add example description here }} +Get stats about a file with a SHA1 hash of 'eec6ebcbd8f725cfbd38240197f6b8e03d9d6139'. ## PARAMETERS ### -FileIdentifier -The SHA1 or SHA256 hash of the file. +The SHA1 hash of the file. ```yaml Type: String @@ -58,4 +58,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES +SHA256 hashes are not supported in the 'FileIdentifier' parameter. + ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpSessionClient.md b/help-docs/locale/en-us/Get-DatpSessionClient.md index 6d9cb5d..dee8b91 100644 --- a/help-docs/locale/en-us/Get-DatpSessionClient.md +++ b/help-docs/locale/en-us/Get-DatpSessionClient.md @@ -21,13 +21,6 @@ Get the client that has been stored in your session for sending API calls. This ## EXAMPLES -### Example 1 -```powershell -PS C:\> {{ Add example code here }} -``` - -{{ Add example description here }} - ## PARAMETERS ### CommonParameters diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md index fdfdfab..e3a053d 100644 --- a/help-docs/locale/en-us/Get-DatpUserMachines.md +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -23,7 +23,7 @@ Get machines a user has logged into. ### Example 1 ```powershell -PS C:\> Get-DatpUserMachines -UserName "contoso\jwinger01" +PS C:\> Get-DatpUserMachines -UserName "jwinger01" ``` Get all of the machines a specific user has logged into. diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md index 8a1d550..aaef855 100644 --- a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -23,10 +23,12 @@ Save an investigation package that has been collected through Defender for Endpo ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> $pkgCollection = Start-DatpInvestigationPkgCollection -MachineId "comp-01.contoso.com" -Comment "Collecting investigation package." + +PS C:\> Out-DatpInvestigationPkg -ActivityId $pkgCollection.ActivityId -FolderPath ".\" ``` -{{ Add example description here }} +Start a package collection on a machine and then save it to your local machine. ## PARAMETERS @@ -46,7 +48,7 @@ Accept wildcard characters: False ``` ### -FolderPath -{{ Fill FolderPath Description }} +The folder path to save the package to. ```yaml Type: DirectoryInfo diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md index c49f735..9c6f3ad 100644 --- a/help-docs/locale/en-us/Remove-DatpMachineTag.md +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -23,10 +23,10 @@ Remove a tag from a machine. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Remove-DatpMachineTag -MachineId "comp-01.contoso.com" -TagName "TestTag-01" ``` -{{ Add example description here }} +Remove a tag from the machine 'comp-01.contoso.com' with the name 'TestTag-01'. ## PARAMETERS diff --git a/help-docs/locale/en-us/Set-DatpMachineIsolation.md b/help-docs/locale/en-us/Set-DatpMachineIsolation.md index 6a1e56c..1227e91 100644 --- a/help-docs/locale/en-us/Set-DatpMachineIsolation.md +++ b/help-docs/locale/en-us/Set-DatpMachineIsolation.md @@ -24,10 +24,17 @@ Set a machine to be isolated with a full or selective isolation or release a mac ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Set-DatpMachineIsolation -MachineId "comp-01.contoso.com" -IsolationType "Full Isolation" -Comment "Laterally moving malware was found on this machine." ``` -{{ Add example description here }} +Set the machine 'comp-01.contoso.com' to be in a "Full Isolation" mode. + +### Example 2 +```powershell +PS C:\> Set-DatpMachineIsolation -MachineId "employee-comp-00.contoso.com" -IsolationType "Release Isolation" -Comment "Machine has been fully investigated. No malicious indicators were found." +``` + +Set the machine 'employee-comp-00.contoso.com' to be released from isolation. ## PARAMETERS diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md index 122e36c..2a7d7a0 100644 --- a/help-docs/locale/en-us/Set-DatpModuleConfig.md +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -23,10 +23,10 @@ Set the configuration for the module to use for authentication. This will requir ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Set-DatpModuleConfig -PublicClientAppID "02f0f9c2-73a5-4952-895b-86e518c14dbf" -TenantId "e51020fe-9fbc-4a4b-9e8d-16dac9fcd6b4" ``` -{{ Add example description here }} +Set the module config to use the specified app and tenant ID for Azure AD. ## PARAMETERS diff --git a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md index 268358b..4df678a 100644 --- a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md +++ b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md @@ -23,10 +23,10 @@ Start the investigation package collection process on a machine. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Start-DatpInvestigationPkgCollection -MachineId "comp-01.contoso.com" -Comment "Collecting investigation package." ``` -{{ Add example description here }} +Start a package collection on a machine. ## PARAMETERS diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md index 808e91d..c988cae 100644 --- a/help-docs/locale/en-us/Start-DatpMachineScan.md +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -23,10 +23,19 @@ Start a quick or full scan on a machine. ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\> Start-DatpMachineScan -MachineId "comp-01.constoso.com" -ScanType Quick -Comment "Running quick scan on machine" ``` -{{ Add example description here }} +Start a quick scan on a machine. + +### Example 2 +```powershell +PS C:\> $scanAction = Start-DatpMachineScan -MachineId "comp-01.constoso.com" -ScanType Full -Comment "Running a full scan on machine" + +PS C:\> $scanAction | Get-DatpMachineAction +``` + +Start a full scan on a machine and save the action object to a variable. Then use that action object as a pipeline input to 'Get-DatpMachineAction' to monitor the progress of the scan. ## PARAMETERS diff --git a/help-docs/locale/en-us/Update-DatpAlert.md b/help-docs/locale/en-us/Update-DatpAlert.md index 65e9b65..07ef907 100644 --- a/help-docs/locale/en-us/Update-DatpAlert.md +++ b/help-docs/locale/en-us/Update-DatpAlert.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-DatpAlert ## SYNOPSIS -{{ Fill in the Synopsis }} +Update an alert. ## SYNTAX @@ -19,21 +19,23 @@ Update-DatpAlert [-AlertId] [-Status] [-AssignedTo] {{ Add example code here }} +PS C:\> $alert = Get-DatpAlert -AlertId "da123456789123456_1234567890" + +PS C:\> $alert | Update-DatpAlert -Status Resolved -AssignedTo "bperry@contoso.com" -Classification FalsePositive -Determination Other -Comment "Blaming A Bridge Collapse On A School Is Like Me Blaming Owls For How Much I Suck At Analogies." ``` -{{ Add example description here }} +Get an alert and pipe it into 'Update-DatpAlert' to set the status to resolved, assign it to 'bperry@contoso.com', classify it as a false positive, set the determination to other, and add a comment to the alert. ## PARAMETERS ### -AlertId -{{ Fill AlertId Description }} +The ID of the alert. ```yaml Type: String @@ -48,7 +50,7 @@ Accept wildcard characters: False ``` ### -AssignedTo -{{ Fill AssignedTo Description }} +The UserPrincipalName (UPN) of the security personnel assigned to the alert. ```yaml Type: String @@ -63,7 +65,7 @@ Accept wildcard characters: False ``` ### -Classification -{{ Fill Classification Description }} +The classification of the alert. ```yaml Type: AlertClassification @@ -79,7 +81,7 @@ Accept wildcard characters: False ``` ### -Comment -{{ Fill Comment Description }} +A message describing why the alert was updated. ```yaml Type: String @@ -94,7 +96,7 @@ Accept wildcard characters: False ``` ### -Determination -{{ Fill Determination Description }} +The determination reason for why an alert was updated. ```yaml Type: AlertDetermination @@ -110,7 +112,7 @@ Accept wildcard characters: False ``` ### -Status -{{ Fill Status Description }} +The status of the alert. ```yaml Type: AlertStatus From b539b0732f125963e9b78cb0f5fcef83d7e8720e Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:49:07 -0500 Subject: [PATCH 25/28] Fixed looping issue with object type. --- .../domain/GetDatpDomainRelated.cs | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs index 0db3c5b..b7a1263 100644 --- a/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs +++ b/src/mdatp-pwsh/powershell-cmdlets/domain/GetDatpDomainRelated.cs @@ -54,24 +54,27 @@ protected override void ProcessRecord() WriteVerbose($"Getting related info for domain '{domainName}'."); string apiJson = SendApiCall(apiUri, null, HttpMethod.Get); - dynamic apiResult = null; switch (searchType) { case "Alerts": - apiResult = new JsonConverter>(apiJson).Value; + ResponseCollection apiResultAlerts = new JsonConverter>(apiJson).Value; + + foreach (Alert obj in apiResultAlerts.Value) + { + WriteObject(obj); + } break; case "Machines": - apiResult = new JsonConverter>(apiJson).Value; - break; + ResponseCollection apiResultMachines = new JsonConverter>(apiJson).Value; - } + foreach (Machine obj in apiResultMachines.Value) + { + WriteObject(obj); + } + break; - foreach (dynamic obj in apiResult) - { - WriteObject(obj); } - } } } \ No newline at end of file From fc504633ab375e3b98b18d66a72269ddcd66ebd2 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:50:59 -0500 Subject: [PATCH 26/28] Added compiled help file --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index b3313ca..ad6aa91 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ build/ tests/ +MdatpPwsh.dll-Help.xml + .DS_Store # User-specific files From b01dfff4346d5fa4bbcff42091ce9b9a9dd67e88 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:51:33 -0500 Subject: [PATCH 27/28] Removed leftover compiled help --- help-docs/compiled/MdatpPwsh.dll-Help.xml | 2388 --------------------- 1 file changed, 2388 deletions(-) delete mode 100644 help-docs/compiled/MdatpPwsh.dll-Help.xml diff --git a/help-docs/compiled/MdatpPwsh.dll-Help.xml b/help-docs/compiled/MdatpPwsh.dll-Help.xml deleted file mode 100644 index 970288a..0000000 --- a/help-docs/compiled/MdatpPwsh.dll-Help.xml +++ /dev/null @@ -1,2388 +0,0 @@ - - - - - Add-DatpMachineTag - Add - DatpMachineTag - - Add a tag to a machine. - - - - Add a tag to a machine in Defender for Endpoint. - - - - Add-DatpMachineTag - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - TagName - - The name of the tag to add. - - String - - String - - - None - - - - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - TagName - - The name of the tag to add. - - String - - String - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.Machine - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Add-DatpMachineTag -MachineId "comp-01.contoso.com" -TagName "TestTag-01" - - Add a tag to the machine 'comp-01.contoso.com' with the name 'TestTag-01'. - - - - - - - - Connect-DatpGraph - Connect - DatpGraph - - Connect to the Defender for Endpoint API. - - - - Initiates the authentication process to connect to the Defender for Endpoint API. - - - - Connect-DatpGraph - - - - - - - None - - - - - - - - - - System.Object - - - - - - - - - - - - - - - - - Get-DatpAlert - Get - DatpAlert - - Get an alert or alerts from Defender for Endpoint. - - - - Get an alert or all alerts of a specific status from the Defender for Endpoint API. - - - - Get-DatpAlert - - AlertId - - The ID of an alert generated by Defender for Endpoint. - - String - - String - - - None - - - - Get-DatpAlert - - AlertStatus - - The current status of the alerts to get. - - - InProgress - New - Resolved - Unknown - - AlertStatus - - AlertStatus - - - None - - - - - - AlertId - - The ID of an alert generated by Defender for Endpoint. - - String - - String - - - None - - - AlertStatus - - The current status of the alerts to get. - - AlertStatus - - AlertStatus - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Alert[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpAlert -AlertId "da123456789123456_1234567890" - - Get an alert by a specific AlertID. - - - - -------------------------- Example 2 -------------------------- - PS C:\> Get-DatpAlert -AlertStatus "New" - - Get all alerts with the status of "New". - - - - - - - - Get-DatpDomainRelated - Get - DatpDomainRelated - - {{ Fill in the Synopsis }} - - - - {{ Fill in the Description }} - - - - Get-DatpDomainRelated - - DomainName - - {{ Fill DomainName Description }} - - String - - String - - - None - - - Type - - {{ Fill Type Description }} - - - Alerts - Machines - - String - - String - - - None - - - - - - DomainName - - {{ Fill DomainName Description }} - - String - - String - - - None - - - Type - - {{ Fill Type Description }} - - String - - String - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Machine[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Get-DatpDomainStats - Get - DatpDomainStats - - Get the stats of a domain in Defender for Endpoint. - - - - Get the stats of a domain in Defender for Endpoint with how often it has been seen in your organization and worldwide. - - - - Get-DatpDomainStats - - DomainName - - The domain name to get stats for. - - String - - String - - - None - - - - - - DomainName - - The domain name to get stats for. - - String - - String - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.DomainStats - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Get-DatpFile - Get - DatpFile - - Get a file seen by Defender for Endpoint. - - - - Get information about a file that has been by Defender for Endpoint. - - - - Get-DatpFile - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String[] - - String[] - - - None - - - - - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String[] - - String[] - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.FileProperties - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpFile -FileIdentifier "36A4CC191027E30EC32618FF454F33B87F5C46A765C6AC3F151165AD7508DCD2" - - {{ Add example description here }} - - - - - - - - Get-DatpFileAlerts - Get - DatpFileAlerts - - Get alerts related to a file identifier. - - - - Get alerts seen in your organization related to a file's SHA1 or SHA256 hash. - - - - Get-DatpFileAlerts - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String - - String - - - None - - - - - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String - - String - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Alert[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpFileAlerts -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" - - Getting alerts triggered by the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". - - - - - - - - Get-DatpFileMachines - Get - DatpFileMachines - - Get machines that have seen a file. - - - - Get machines that have been registered to have seen a file's SHA1 or SHA256 hash. - - - - Get-DatpFileMachines - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String - - String - - - None - - - - - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String - - String - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Machine[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpFileMachines -FileIdentifier "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139" - - Get machines that have seen the file with the SHA1 file hash of "eec6ebcbd8f725cfbd38240197f6b8e03d9d6139". - - - - - - - - Get-DatpFileStats - Get - DatpFileStats - - Get the stats of a file. - - - - Get stats on a file with how much it has been seen in your organization and worldwide. - - - - Get-DatpFileStats - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String - - String - - - None - - - - - - FileIdentifier - - The SHA1 or SHA256 hash of the file. - - String - - String - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.FileStats - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Get-DatpMachine - Get - DatpMachine - - Get a machine from Defender for Endpoint. - - - - Get a machine or all machines that have been onboarded to Defender for Endpoint. - - - - Get-DatpMachine - - AllMachines - - Get all machines. - - - SwitchParameter - - - False - - - - Get-DatpMachine - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - AllMachines - - Get all machines. - - SwitchParameter - - SwitchParameter - - - False - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.Machine - - - - - - - - MdatpPwsh.Models.Machine[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpMachine -MachineId "comp-01.contoso.com" - - Get a machine by using it's fully qualified domain name (FQDN). - - - - -------------------------- Example 2 -------------------------- - PS C:\> Get-DatpMachine -AllMachines - - Get all machines onboarded to your environment. - - - - - - - - Get-DatpMachineAction - Get - DatpMachineAction - - Get the status of an action performed on a machine. - - - - Get the status and details about an action that was performed on a machine through Defender for Endpoint. - - - - Get-DatpMachineAction - - ActivityId - - The Activity ID for the action. - - String - - String - - - None - - - - Get-DatpMachineAction - - AllActivities - - Get all activities created. - - - SwitchParameter - - - False - - - - - - ActivityId - - The Activity ID for the action. - - String - - String - - - None - - - AllActivities - - Get all activities created. - - SwitchParameter - - SwitchParameter - - - False - - - - - - System.String - - - - - - - - - - MdatpPwsh.Models.ActivityResponse - - - - - - - - MdatpPwsh.Models.ActivityResponse[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpMachineAction -ActivityId "460e2875-7f91-4c32-8add-4a7b78f13254" - - Get details of a specific action performed on a machine. - - - - -------------------------- Example 2 -------------------------- - PS C:\> Get-DatpMachineAction -AllActivities - - Get all machine actions performed. - - - - - - - - Get-DatpMachineAlerts - Get - DatpMachineAlerts - - Get alerts triggered by a machine. - - - - Get alerts triggered by a machine. - - - - Get-DatpMachineAlerts - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.Alert - - - - - - - - MdatpPwsh.Models.Alert[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpMachineAlerts -MachineId "comp-01.contoso.edu" - - Get alerts triggered on a specific machine. - - - - - - - - Get-DatpMachineByIp - Get - DatpMachineByIp - - Get a machine by their last IP address. - - - - Get a machine by their last IP address. - - - - Get-DatpMachineByIp - - IpAddress - - The IP address to search for. - - String[] - - String[] - - - None - - - - - - IpAddress - - The IP address to search for. - - String[] - - String[] - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.Machine - - - - - - - - MdatpPwsh.Models.Machine[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Get-DatpMachineUsers - Get - DatpMachineUsers - - Get users that have logged onto a machine. - - - - Get all of the user who have logged onto a machine interactively or through the network. - - - - Get-DatpMachineUsers - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.User - - - - - - - - MdatpPwsh.Models.User[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpMachineUsers -MachineId "comp-01.contoso.com" - - Get all of the users for a specific machine. - - - - - - - - Get-DatpSessionClient - Get - DatpSessionClient - - Get the raw client used for sending API calls. - - - - Get the client that has been stored in your session for sending API calls. This client can be used to send custom API calls and can also be used for troubleshooting issues with the cmdlets. - - - - Get-DatpSessionClient - - - - - - - None - - - - - - - - - - MdatpPwsh.Session.DatpSessionClient - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Get-DatpUserAlerts - Get - DatpUserAlerts - - Get alerts triggered by a user. - - - - Get alerts triggered by a user. - - - - Get-DatpUserAlerts - - UserName - - The username to search for. - - String[] - - String[] - - - None - - - - - - UserName - - The username to search for. - - String[] - - String[] - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Alert - - - - - - - - MdatpPwsh.Models.Alert[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpUserAlerts -UserName "contoso\jwinger01" - - Get all alerts that were triggered by a specific user. - - - - - - - - Get-DatpUserMachines - Get - DatpUserMachines - - Get machines a user has logged into. - - - - Get machines a user has logged into. - - - - Get-DatpUserMachines - - UserName - - The username to search for. - - String[] - - String[] - - - None - - - - - - UserName - - The username to search for. - - String[] - - String[] - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Machine[] - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> Get-DatpUserMachines -UserName "contoso\jwinger01" - - Get all of the machines a specific user has logged into. - - - - - - - - Out-DatpInvestigationPkg - Out - DatpInvestigationPkg - - Save an investigation package. - - - - Save an investigation package that has been collected through Defender for Endpoint. - - - - Out-DatpInvestigationPkg - - ActivityId - - The Activity ID for the "Collect investigation package" action. - - String - - String - - - None - - - FolderPath - - {{ Fill FolderPath Description }} - - DirectoryInfo - - DirectoryInfo - - - None - - - - - - ActivityId - - The Activity ID for the "Collect investigation package" action. - - String - - String - - - None - - - FolderPath - - {{ Fill FolderPath Description }} - - DirectoryInfo - - DirectoryInfo - - - None - - - - - - None - - - - - - - - - - System.IO.FileInfo - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Remove-DatpMachineTag - Remove - DatpMachineTag - - Remove a tag from a machine. - - - - Remove a tag from a machine. - - - - Remove-DatpMachineTag - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - TagName - - The name of the tag to remove. - - String - - String - - - None - - - - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - TagName - - The name of the tag to remove. - - String - - String - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.Machine - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Set-DatpMachineIsolation - Set - DatpMachineIsolation - - Set a machine to be isolated or to be released from isolation. - - - - Set a machine to be isolated with a full or selective isolation or release a machine from isolation. - - - - Set-DatpMachineIsolation - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - Comment - - A message explaining why the action must be done. - - String - - String - - - None - - - IsolationType - - The type of isolation to perform on the machine. - - - Full Isolation - Selective Isolation - Release Isolation - - String - - String - - - None - - - - - - Comment - - A message explaining why the action must be done. - - String - - String - - - None - - - IsolationType - - The type of isolation to perform on the machine. - - String - - String - - - None - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.ActivityResponse - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Set-DatpModuleConfig - Set - DatpModuleConfig - - Set the configuration for the module to use for authentication. - - - - Set the configuration for the module to use for authentication. This will require information related to your Azure AD tenant. - - - - Set-DatpModuleConfig - - PublicClientAppId - - The ClientID for the registered Azure AD app in your tenant. - - String - - String - - - None - - - TenantId - - The ID for your Azure AD tenant. - - String - - String - - - None - - - - - - PublicClientAppId - - The ClientID for the registered Azure AD app in your tenant. - - String - - String - - - None - - - TenantId - - The ID for your Azure AD tenant. - - String - - String - - - None - - - - - - None - - - - - - - - - - MdatpPwsh.Models.Core.DatpModuleConfig - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Start-DatpInvestigationPkgCollection - Start - DatpInvestigationPkgCollection - - Start the investigation package collection process on a machine. - - - - Start the investigation package collection process on a machine. - - - - Start-DatpInvestigationPkgCollection - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - Comment - - A message explaining why the action must be done. - - String - - String - - - None - - - - - - Comment - - A message explaining why the action must be done. - - String - - String - - - None - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.ActivityResponse - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Start-DatpMachineScan - Start - DatpMachineScan - - Start a scan on a machine. - - - - Start a quick or full scan on a machine. - - - - Start-DatpMachineScan - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - ScanType - - The type of scan to perform. - - - Quick - Full - - String - - String - - - None - - - Comment - - A message explaining why the action must be done. - - String - - String - - - None - - - - - - Comment - - A message explaining why the action must be done. - - String - - String - - - None - - - MachineId - - The ID or the FQDN of the machine. - - String[] - - String[] - - - None - - - ScanType - - The type of scan to perform. - - String - - String - - - None - - - - - - System.String[] - - - - - - - - - - MdatpPwsh.Models.ActivityResponse - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - - - Update-DatpAlert - Update - DatpAlert - - {{ Fill in the Synopsis }} - - - - {{ Fill in the Description }} - - - - Update-DatpAlert - - AlertId - - {{ Fill AlertId Description }} - - String - - String - - - None - - - Status - - {{ Fill Status Description }} - - - InProgress - New - Resolved - Unknown - - AlertStatus - - AlertStatus - - - None - - - AssignedTo - - {{ Fill AssignedTo Description }} - - String - - String - - - None - - - Classification - - {{ Fill Classification Description }} - - - Unknown - FalsePositive - TruePositive - - AlertClassification - - AlertClassification - - - None - - - Determination - - {{ Fill Determination Description }} - - - NotAvailable - Apt - Malware - SecurityPersonnel - SecurityTesting - UnwantedSoftware - Other - - AlertDetermination - - AlertDetermination - - - None - - - Comment - - {{ Fill Comment Description }} - - String - - String - - - None - - - - - - AlertId - - {{ Fill AlertId Description }} - - String - - String - - - None - - - AssignedTo - - {{ Fill AssignedTo Description }} - - String - - String - - - None - - - Classification - - {{ Fill Classification Description }} - - AlertClassification - - AlertClassification - - - None - - - Comment - - {{ Fill Comment Description }} - - String - - String - - - None - - - Determination - - {{ Fill Determination Description }} - - AlertDetermination - - AlertDetermination - - - None - - - Status - - {{ Fill Status Description }} - - AlertStatus - - AlertStatus - - - None - - - - - - None - - - - - - - - - - System.Object - - - - - - - - - - - - - - -------------------------- Example 1 -------------------------- - PS C:\> {{ Add example code here }} - - {{ Add example description here }} - - - - - - \ No newline at end of file From 1f960d55c50aacdb86391e62976aecfdb36f1f26 Mon Sep 17 00:00:00 2001 From: Timothy Small Date: Thu, 4 Feb 2021 12:55:19 -0500 Subject: [PATCH 28/28] Auto-updated help-docs. --- help-docs/locale/en-us/Add-DatpMachineTag.md | 2 -- help-docs/locale/en-us/Connect-DatpGraph.md | 1 - help-docs/locale/en-us/Get-DatpAlert.md | 2 -- help-docs/locale/en-us/Get-DatpDomainRelated.md | 2 -- help-docs/locale/en-us/Get-DatpDomainStats.md | 2 -- help-docs/locale/en-us/Get-DatpFile.md | 2 -- help-docs/locale/en-us/Get-DatpFileAlerts.md | 2 -- help-docs/locale/en-us/Get-DatpFileMachines.md | 2 -- help-docs/locale/en-us/Get-DatpFileStats.md | 2 -- help-docs/locale/en-us/Get-DatpMachine.md | 3 --- help-docs/locale/en-us/Get-DatpMachineAction.md | 3 --- help-docs/locale/en-us/Get-DatpMachineAlerts.md | 3 --- help-docs/locale/en-us/Get-DatpMachineUsers.md | 3 --- help-docs/locale/en-us/Get-DatpSessionClient.md | 2 -- help-docs/locale/en-us/Get-DatpUserAlerts.md | 3 --- help-docs/locale/en-us/Get-DatpUserMachines.md | 2 -- help-docs/locale/en-us/Out-DatpInvestigationPkg.md | 2 -- help-docs/locale/en-us/Remove-DatpMachineTag.md | 2 -- help-docs/locale/en-us/Set-DatpMachineIsolation.md | 2 -- help-docs/locale/en-us/Set-DatpModuleConfig.md | 2 -- help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md | 2 -- help-docs/locale/en-us/Start-DatpMachineScan.md | 2 -- help-docs/locale/en-us/Update-DatpAlert.md | 3 +-- 23 files changed, 1 insertion(+), 50 deletions(-) diff --git a/help-docs/locale/en-us/Add-DatpMachineTag.md b/help-docs/locale/en-us/Add-DatpMachineTag.md index 2885cbd..b836e7c 100644 --- a/help-docs/locale/en-us/Add-DatpMachineTag.md +++ b/help-docs/locale/en-us/Add-DatpMachineTag.md @@ -66,11 +66,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.Machine - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Connect-DatpGraph.md b/help-docs/locale/en-us/Connect-DatpGraph.md index 410cfa7..5b55d12 100644 --- a/help-docs/locale/en-us/Connect-DatpGraph.md +++ b/help-docs/locale/en-us/Connect-DatpGraph.md @@ -29,7 +29,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### None diff --git a/help-docs/locale/en-us/Get-DatpAlert.md b/help-docs/locale/en-us/Get-DatpAlert.md index 64a8ca7..2d5fdc2 100644 --- a/help-docs/locale/en-us/Get-DatpAlert.md +++ b/help-docs/locale/en-us/Get-DatpAlert.md @@ -80,11 +80,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Alert[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainRelated.md b/help-docs/locale/en-us/Get-DatpDomainRelated.md index 3e465d0..10f1248 100644 --- a/help-docs/locale/en-us/Get-DatpDomainRelated.md +++ b/help-docs/locale/en-us/Get-DatpDomainRelated.md @@ -67,11 +67,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Machine[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpDomainStats.md b/help-docs/locale/en-us/Get-DatpDomainStats.md index 04ffc41..455706c 100644 --- a/help-docs/locale/en-us/Get-DatpDomainStats.md +++ b/help-docs/locale/en-us/Get-DatpDomainStats.md @@ -51,11 +51,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.DomainStats - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFile.md b/help-docs/locale/en-us/Get-DatpFile.md index 43ff9db..da9cf3a 100644 --- a/help-docs/locale/en-us/Get-DatpFile.md +++ b/help-docs/locale/en-us/Get-DatpFile.md @@ -51,11 +51,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.FileProperties - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpFileAlerts.md b/help-docs/locale/en-us/Get-DatpFileAlerts.md index b4593f6..9672c4c 100644 --- a/help-docs/locale/en-us/Get-DatpFileAlerts.md +++ b/help-docs/locale/en-us/Get-DatpFileAlerts.md @@ -51,11 +51,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Alert[] - ## NOTES SHA256 hashes are not supported in the 'FileIdentifier' parameter. diff --git a/help-docs/locale/en-us/Get-DatpFileMachines.md b/help-docs/locale/en-us/Get-DatpFileMachines.md index 00d82d3..9b8724d 100644 --- a/help-docs/locale/en-us/Get-DatpFileMachines.md +++ b/help-docs/locale/en-us/Get-DatpFileMachines.md @@ -51,11 +51,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Machine[] - ## NOTES SHA256 hashes are not supported in the 'FileIdentifier' parameter. diff --git a/help-docs/locale/en-us/Get-DatpFileStats.md b/help-docs/locale/en-us/Get-DatpFileStats.md index 18e2094..7f1f13d 100644 --- a/help-docs/locale/en-us/Get-DatpFileStats.md +++ b/help-docs/locale/en-us/Get-DatpFileStats.md @@ -51,11 +51,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.FileStats - ## NOTES SHA256 hashes are not supported in the 'FileIdentifier' parameter. diff --git a/help-docs/locale/en-us/Get-DatpMachine.md b/help-docs/locale/en-us/Get-DatpMachine.md index d9b97ba..8b48706 100644 --- a/help-docs/locale/en-us/Get-DatpMachine.md +++ b/help-docs/locale/en-us/Get-DatpMachine.md @@ -79,13 +79,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.Machine - ### MdatpPwsh.Models.Machine[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAction.md b/help-docs/locale/en-us/Get-DatpMachineAction.md index 1edf3f8..15606c6 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAction.md +++ b/help-docs/locale/en-us/Get-DatpMachineAction.md @@ -79,13 +79,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String - ## OUTPUTS ### MdatpPwsh.Models.ActivityResponse - ### MdatpPwsh.Models.ActivityResponse[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineAlerts.md b/help-docs/locale/en-us/Get-DatpMachineAlerts.md index a6f45e1..308fb86 100644 --- a/help-docs/locale/en-us/Get-DatpMachineAlerts.md +++ b/help-docs/locale/en-us/Get-DatpMachineAlerts.md @@ -51,13 +51,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.Alert - ### MdatpPwsh.Models.Alert[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpMachineUsers.md b/help-docs/locale/en-us/Get-DatpMachineUsers.md index 1bf4efe..8f4d027 100644 --- a/help-docs/locale/en-us/Get-DatpMachineUsers.md +++ b/help-docs/locale/en-us/Get-DatpMachineUsers.md @@ -51,13 +51,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.User - ### MdatpPwsh.Models.User[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpSessionClient.md b/help-docs/locale/en-us/Get-DatpSessionClient.md index dee8b91..59ea35d 100644 --- a/help-docs/locale/en-us/Get-DatpSessionClient.md +++ b/help-docs/locale/en-us/Get-DatpSessionClient.md @@ -29,11 +29,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Session.DatpSessionClient - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserAlerts.md b/help-docs/locale/en-us/Get-DatpUserAlerts.md index 57dfed6..8104295 100644 --- a/help-docs/locale/en-us/Get-DatpUserAlerts.md +++ b/help-docs/locale/en-us/Get-DatpUserAlerts.md @@ -51,13 +51,10 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Alert - ### MdatpPwsh.Models.Alert[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Get-DatpUserMachines.md b/help-docs/locale/en-us/Get-DatpUserMachines.md index e3a053d..4396fdb 100644 --- a/help-docs/locale/en-us/Get-DatpUserMachines.md +++ b/help-docs/locale/en-us/Get-DatpUserMachines.md @@ -51,11 +51,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Machine[] - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md index aaef855..a64c706 100644 --- a/help-docs/locale/en-us/Out-DatpInvestigationPkg.md +++ b/help-docs/locale/en-us/Out-DatpInvestigationPkg.md @@ -68,11 +68,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### System.IO.FileInfo - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Remove-DatpMachineTag.md b/help-docs/locale/en-us/Remove-DatpMachineTag.md index 9c6f3ad..d8328a0 100644 --- a/help-docs/locale/en-us/Remove-DatpMachineTag.md +++ b/help-docs/locale/en-us/Remove-DatpMachineTag.md @@ -66,11 +66,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.Machine - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpMachineIsolation.md b/help-docs/locale/en-us/Set-DatpMachineIsolation.md index 1227e91..7c053ec 100644 --- a/help-docs/locale/en-us/Set-DatpMachineIsolation.md +++ b/help-docs/locale/en-us/Set-DatpMachineIsolation.md @@ -90,11 +90,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.ActivityResponse - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Set-DatpModuleConfig.md b/help-docs/locale/en-us/Set-DatpModuleConfig.md index 2a7d7a0..4ce81d9 100644 --- a/help-docs/locale/en-us/Set-DatpModuleConfig.md +++ b/help-docs/locale/en-us/Set-DatpModuleConfig.md @@ -66,11 +66,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### MdatpPwsh.Models.Core.DatpModuleConfig - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md index 4df678a..46dff16 100644 --- a/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md +++ b/help-docs/locale/en-us/Start-DatpInvestigationPkgCollection.md @@ -66,11 +66,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.ActivityResponse - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Start-DatpMachineScan.md b/help-docs/locale/en-us/Start-DatpMachineScan.md index c988cae..1db94ea 100644 --- a/help-docs/locale/en-us/Start-DatpMachineScan.md +++ b/help-docs/locale/en-us/Start-DatpMachineScan.md @@ -91,11 +91,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### System.String[] - ## OUTPUTS ### MdatpPwsh.Models.ActivityResponse - ## NOTES ## RELATED LINKS diff --git a/help-docs/locale/en-us/Update-DatpAlert.md b/help-docs/locale/en-us/Update-DatpAlert.md index 07ef907..a767a12 100644 --- a/help-docs/locale/en-us/Update-DatpAlert.md +++ b/help-docs/locale/en-us/Update-DatpAlert.md @@ -45,7 +45,7 @@ Aliases: Required: True Position: 0 Default value: None -Accept pipeline input: False +Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` @@ -133,7 +133,6 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS ### None - ## OUTPUTS ### System.Object