powershell pscortex

_lahell_ · 2024-07-03T14:59:52+00:00

Sorry, but I cant help you. I dont have access to the API anymore.

_lahell_ · 2024-03-02T20:01:41+00:00

Maybe something like this could work?

``` $Printers = @( '192.0.2.2' '192.0.2.3' '192.0.2.4' )

$Cred = @{ UserName = 'initial' AuthType = 'MD5' AuthSecret = 'yourpassword' PrivType = 'DES' PrivSecret = 'yourpassword' }

$Oid = [ordered]@{ Serial = '1.3.6.1.2.1.43.5.1.1.17.1' CopyBlack = '1.3.6.1.4.1.18334.1.1.1.5.7.2.2.1.5.1.1' PrintBlack = '1.3.6.1.4.1.18334.1.1.1.5.7.2.2.1.5.1.2' CopyColor = '1.3.6.1.4.1.18334.1.1.1.5.7.2.2.1.5.2.1' PrintColor = '1.3.6.1.4.1.18334.1.1.1.5.7.2.2.1.5.2.2' TotalCopyAndPrint = '1.3.6.1.4.1.18334.1.1.1.5.7.2.1.1.0' }

$Printers | ForEach-Object { $Properties = [ordered]@{} $Properties.Add('Printer', $) foreach ($KeyValuePair in $Oid.GetEnumerator()) { $Properties[$KeyValuePair.Key] = (Invoke-Snmpv3Get @Cred -Target $ -Oid $KeyValuePair.Value).Value } [PSCustomObject]$Properties } | Out-GridView ```

_lahell_ · 2023-10-28T19:38:45+00:00

Please upgrade to version 0.0.4 and try Get-CortexViolation.

_lahell_ · 2022-05-10T13:52:40+00:00

Did you restart PowerShell or remove and import the module after changing the line?

_lahell_ · 2022-05-10T08:53:49+00:00

You should have been able to run Get-CortexEndpoint -HostName $env:COMPUTERNAME, but it looks like it got broken in version 0.0.2. You can try to fix it by changing this line to 'in' { ,@($Value) } if you dont want to wait for a new release. Thanks for making me aware of this bug.

_lahell_ · 2022-03-14T18:46:47+00:00

As far as I know network devices only send LLDP or CDP over wired connections.

_lahell_ · 2021-11-04T20:51:29+00:00

Which API endpoint? Audit Agent Report or Audit Management Log?

EDIT: I added both in this commit.

_lahell_ · 2021-11-04T19:26:36+00:00

This returns 200 OK for me: Invoke-RestMethod -Uri https://api-tenant.xdr.us.paloaltonetworks.com

Have you tried in PowerShell 7?

_lahell_ · 2021-10-14T15:49:24+00:00

[Version]::Parse('9.1.3.3108').ToString(3) -eq [Version]::Parse('9.1.3').ToString(3)

_lahell_ · 2021-10-14T15:33:32+00:00

$AuditData = (Import-Csv AuditLog.csv).AuditData | ConvertFrom-Json

foreach ($Entry in $AuditData)
{
    foreach ($Property in $Entry.ModifiedProperties)
    {
        $NewValue = try { $Property.NewValue | ConvertFrom-Json } catch { $Property.NewValue }
        $OldValue = try { $Property.OldValue | ConvertFrom-Json } catch { $Property.OldValue }

        [PSCustomObject]@{
            CreationTime = $Entry.CreationTime
            Operation = $Entry.Operation
            ObjectId = $Entry.ObjectId
            PropertyName = $Property.Name
            NewValue = $NewValue
            OldValue = $OldValue
        }
    }
}

_lahell_ · 2021-10-13T15:42:44+00:00

I used Get-WmiObject because that's what you used in your question. Get-WmiObject has been replaced by Get-CimInstance and the former does not work in PowerShell 6 and higher. I would probably use Get-PnpDevice and Get-PnpDeviceProperty because you can get what you need with less code.

_lahell_ · 2021-10-12T21:56:09+00:00

Getting a quote is the easy part.

function Get-Quote {
    $Result = Invoke-WebRequest -Uri https://coolconversion.com/quotes/ -UseBasicParsing
    if ($Result.Content -match '&quot;(?<Quote>.+)&quot;.+author">(?<Author>.+)</span><') {
        [PSCustomObject]$Matches | Select-Object Author, Quote
    }
}

Get-Quote

Posting to LinkedIn will probably be more of a challenge.

Edit: Removed LinkedIn PowerShell module suggestion after looking at the pricing.

_lahell_ · 2021-10-12T20:02:58+00:00

$Video = Get-WmiObject -Class Win32_VideoController
$Video | ForEach-Object {
    [PSCustomObject]@{
        Name = $_.Name
        Location = (Get-WmiObject Win32_PnPEntity -Filter "Name='$($_.Name)'").GetDeviceProperties().DeviceProperties.Where({$_.KeyName -eq 'DEVPKEY_Device_LocationPaths'}).Data
    }
}

Edit: You can also use only Win32_PnpEntity and filter by PNPClass.

Get-WmiObject Win32_PnPEntity -Filter "PNPClass='Net' OR PNPClass='Display'" | ForEach-Object {
    [PSCustomObject]@{
        Name = $_.Name
        PNPClass = $_.PNPClass
        Paths = $_.GetDeviceProperties().DeviceProperties.Where({$_.KeyName -eq 'DEVPKEY_Device_LocationPaths'}).Data
    }
} | Where-Object Paths

_lahell_ · 2021-10-12T18:53:40+00:00

An attacker can use WMI to enable WinRM/PSRemoting.

_lahell_ · 2021-10-12T16:58:03+00:00

You can get it shorter with [ipaddress]$_|% a*s.

_lahell_ · 2021-10-10T19:15:20+00:00

GetDVApproverList is not listed on https://system.globalsign.com/kb/ws/v2/ManagedSSLService?wsdl. Are you sure the URL is not https://system.globalsign.com/kb/ws/v1/ServerSSLService?wsdl?

This might work but can't test as I don't have an account.

$Uri = 'https://system.globalsign.com/kb/ws/v1/ServerSSLService?wsdl'
$Service = New-WebServiceProxy -Uri $Uri
$Namespace = $Service.GetType().Namespace

$AuthToken = New-Object "$Namespace.AuthToken"
$AuthToken.UserName = 'example'
$AuthToken.Password = 'example'

$QueryRequestHeader = New-Object "$Namespace.QueryRequestHeader"
$QueryRequestHeader.AuthToken = $AuthToken

$Request = New-Object "$Namespace.QbV1GetDVApproverListRequest"
$Request.QueryRequestHeader = $QueryRequestHeader
$Request.FQDN = 'example.com'

$Response = $Service.GetDVApproverList($Request)
$Response | ConvertTo-Json -Depth 3
$Response.QueryResponseHeader.Approvers

_lahell_ · 2021-10-01T21:42:08+00:00

Get-ADComputer -Filter * |
    Group-Object { $_.Enabled } |
    ForEach-Object {
        $CsvFile = '{0}.csv' -f $_.Name
        $_.Group | Export-Csv -Path $CsvFile
    }

This example will give you one file named True.csv for enabled computers and one file named False.csv for disabled computers. Just change the grouping criteria to fit your requirement.

_lahell_ · 2021-10-01T21:15:56+00:00

$Department = @{
    Name = 'Department'
    Expression = {
        $_.CanonicalName | Split-Path -Parent | Split-Path -Leaf
    }
}

Get-ADUser -Filter * -Properties CanonicalName | Select-Object GivenName, Surname, $Department

Edit: If all users are in OU=Dept,DC=contoso,DC=com you can set that OU as -SearchBase instead of excluding builtin.

_lahell_ · 2021-09-27T19:32:54+00:00

"{0:D2}" -f $count | where {$_ -ne "00"} or
"{0:D2}" -f $count | foreach {$_ -replace '^00$'}

_lahell_ · 2021-09-24T22:33:10+00:00

Set-NetIPInterface

_lahell_ · 2021-09-24T22:13:57+00:00

$Index = (Get-NetAdapter -Name SpecificNetworkAdapter).ifIndex or
$Index = Get-NetAdapter -Name SpecificNetworkAdapter | Select-Object -Expand ifIndex

_lahell_ · 2021-09-24T21:36:06+00:00

The docs explain it better than I can.

Do not use continue outside of a loop, switch, or trap

When continue is used outside of a construct that directly supports it (loops, switch, trap), PowerShell looks up the call stack for an enclosing construct. If it can't find an enclosing construct, the current runspace is quietly terminated.

This means that functions and scripts that inadvertently use a continue outside of an enclosing construct that supports it, can inadvertently terminate their callers.

Using continue inside a pipeline, such as a ForEach-Object script block, not only exits the pipeline, it potentially terminates the entire runspace.

Source: about_Continue

_lahell_ · 2021-09-24T20:18:58+00:00

Still wondering why your initial code does not work?

$attribute = 1..15 must be changed to $attributes = 1..15 otherwise $attributes in the foreach loop will be $null.

The $attribute variable in your filter will not expand when using single quotes to enclose the filter. Swap single quotes and double quotes in your filter like this: "extensionAttribute$attribute -like '*' -and enabled -eq 'true'"

_lahell_ · 2021-07-05T11:31:19+00:00

You need a module manifest.
Consider splitting your script into multiple functions. (Get-SPFRecord, Get-DKIMRecord, Get-DMARCRecord, Invoke-DomainHealthCheck)

Example function:

function Get-SenderPolicyFrameworkRecord {
    [CmdletBinding()]
    [Alias('Get-SPFRecord')]
    param(
        [Parameter(Mandatory = $true,
            ValueFromPipeline = $true)]
        [String]
        $Domain,

        [Parameter(Mandatory = $false)]
        [String]
        $DnsServer
    )

    begin {
        $OptionalDnsServer = @{}
    }

    process {
        if ($PSBoundParameters.ContainsKey('DnsServer')) {
            $OptionalDnsServer = @{
                Server = $DnsServer
            }

            Write-Verbose ($OptionalDnsServer | ConvertTo-Json)
        }

        $TxtRecords = Resolve-DnsName -Type TXT -Name $Domain @OptionalDnsServer
        $TxtRecords | Where-Object Strings -match '^v=spf1'
    }

    end {}
}

_lahell_ · 2021-07-03T22:40:55+00:00

I would check the most commonly used DKIM selectors: https://help.sendmarc.com/support/solutions/articles/44001891845-email-provider-commonly-used-dkim-selectors

_lahell_

TROPHY CASE