Skip to content

Export-S1Agent

SYNOPSIS

Export SentinelOne agent data based on specified filters.

SYNTAX

Export-S1Agent [[-Name] <String>] [[-FileName] <String>] [[-ScanStatus] <String[]>] [[-MachineType] <String[]>]
 [[-OSType] <String[]>] [[-MitigationMode] <String>] [[-Infected] <String>]
 [[-AppVulnerabilityStatus] <String[]>] [[-IsPendingUninstall] <String>] [[-IsUninstalled] <String>]
 [[-IsDecommissioned] <String>] [[-ADQuery] <String[]>] [[-Domain] <String[]>] [[-LocalIP] <String[]>]
 [[-AgentID] <String[]>] [[-GroupID] <String[]>] [[-SiteID] <String[]>] [[-AccountID] <String[]>]
 [-ProblematicAgent] [[-agentVersionsNin] <String[]>] [-isActive] [<CommonParameters>]

DESCRIPTION

This function exports SentinelOne agent data to a CSV file based on the provided filters. It allows filtering by agent properties such as name, operating system, machine type, scan status, and more. The exported data is saved to the specified file path.

EXAMPLES

EXAMPLE 1

Export-S1Agent -Name "Agent1" -FileName "AgentData.csv"

Exports data for the agent named "Agent1" to "AgentData.csv".

EXAMPLE 2

Export-S1Agent -OSType "windows" -MitigationMode "protect"

Exports data for Windows agents with "protect" mitigation mode.

EXAMPLE 3

@("uuid1", "uuid2") | Export-S1Agent -AgentID

Exports data for agents with the specified IDs provided through the pipeline.

PARAMETERS

-Name

Filter agents by name.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FileName

The name of the CSV file where the exported data will be saved. Defaults to "export-SentinelOne.csv".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: Export-SentinelOne.csv
Accept pipeline input: False
Accept wildcard characters: False

-ScanStatus

Filter agents by scan status. Valid values are "none", "started", "aborted", or "finished".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MachineType

Filter agents by machine type. Valid values are "unknown", "desktop", "laptop", or "server".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OSType

Filter agents by operating system type. Valid values are "windows", "windows_legacy", "linux", or "macos".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MitigationMode

Filter agents by mitigation mode. Valid values are "detect" or "protect".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Infected

Filter agents by infection status. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AppVulnerabilityStatus

Filter agents by application vulnerability status. Valid values are "patch_required", "up_to_date", or "not_applicable".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsPendingUninstall

Filter agents that are pending uninstallation. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 9
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsUninstalled

Filter agents that are uninstalled. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 10
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsDecommissioned

Filter agents that are decommissioned. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 11
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ADQuery

Filter agents by Active Directory query.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 12
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Domain

Filter agents by domain.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 13
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-LocalIP

Filter agents by local IP address.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 14
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AgentID

Filter agents by their IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 15
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

Filter agents by group IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 16
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

Filter agents by site IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 17
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

Filter agents by account IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 18
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ProblematicAgent

Filter agents with operational issues such as "auto_partially_disabled" or "db_corruption".

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-agentVersionsNin

Exclude agents with specific versions.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 19
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-isActive

Filter agents that are currently active.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES