Skip to content

Get-S1Agent

SYNOPSIS

Retrieve SentinelOne agent information based on specified filters.

SYNTAX

Get-S1Agent [[-Name] <String>] [[-ScanStatus] <String[]>] [[-MachineType] <String[]>] [[-OSType] <String[]>]
 [[-MitigationMode] <String>] [[-Infected] <String>] [[-AppVulnerabilityStatus] <String[]>]
 [[-IsPendingUninstall] <String>] [[-IsUninstalled] <String>] [[-IsDecommissioned] <String>]
 [[-ADQuery] <String[]>] [[-Domain] <String[]>] [[-LocalIP] <String[]>] [[-AgentID] <String[]>]
 [[-GroupID] <String[]>] [[-SiteID] <String[]>] [[-AccountID] <String[]>] [[-MaxCount] <UInt32>]
 [-ProblematicAgent] [[-agentVersionsNin] <String[]>] [-isActive] [[-LastScanMoreThanDays] <Int32>]
 [[-LastScanLessThanDays] <Int32>] [<CommonParameters>]

DESCRIPTION

This function retrieves SentinelOne agent information using various filters such as name, operating system type, machine type, scan status, and more. The results can be further refined by specifying additional parameters like agent IDs, group IDs, site IDs, and account IDs.

EXAMPLES

EXAMPLE 1

Get-S1Agent -Name "Agent1" -OSType "windows"

Retrieves information for the agent named "Agent1" running on Windows.

EXAMPLE 2

Get-S1Agent -AgentID @("id1", "id2") -MaxCount 50

Retrieves up to 50 agents with the specified IDs.

EXAMPLE 3

Get-S1Agent -ProblematicAgent

Retrieves agents with operational issues such as "auto_partially_disabled" or "db_corruption".

EXAMPLE 4

Get-S1Agent -Domain "example.com" -isActive

Retrieves active agents in the specified domain.

PARAMETERS

-Name

Filter agents by name.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ScanStatus

Filter agents by scan status. Valid values are "none", "started", "aborted", or "finished".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MachineType

Filter agents by machine type. Valid values are "unknown", "desktop", "laptop", or "server".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OSType

Filter agents by operating system type. Valid values are "windows", "windows_legacy", "linux", or "macos".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MitigationMode

Filter agents by mitigation mode. Valid values are "detect" or "protect".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Infected

Filter agents by infection status. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AppVulnerabilityStatus

Filter agents by application vulnerability status. Valid values are "patch_required", "up_to_date", or "not_applicable".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsPendingUninstall

Filter agents that are pending uninstallation. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsUninstalled

Filter agents that are uninstalled. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 9
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IsDecommissioned

Filter agents that are decommissioned. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 10
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ADQuery

Filter agents by Active Directory query.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 11
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Domain

Filter agents by domain.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 12
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-LocalIP

Filter agents by local IP address.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 13
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AgentID

Filter agents by their IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 14
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

Filter agents by group IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 15
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

Filter agents by site IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 16
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

Filter agents by account IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 17
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MaxCount

Specify the maximum number of agents to retrieve. Defaults to 100.

Type: UInt32
Parameter Sets: (All)
Aliases:

Required: False
Position: 18
Default value: 100
Accept pipeline input: False
Accept wildcard characters: False

-ProblematicAgent

Filter agents with operational issues such as "auto_partially_disabled" or "db_corruption".

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-agentVersionsNin

Exclude agents with specific versions.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 19
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-isActive

Filter agents that are currently active.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-LastScanMoreThanDays

{{ Fill LastScanMoreThanDays Description }}

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: 20
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-LastScanLessThanDays

{{ Fill LastScanLessThanDays Description }}

Type: Int32
Parameter Sets: (All)
Aliases:

Required: False
Position: 21
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES