Get-S1Application

SYNOPSIS

Retrieve SentinelOne application information based on specified filters.

SYNTAX

All (Default)

Get-S1Application [-ApplicationName <String[]>] [-ApplicationID <String[]>] [-GroupID <String[]>]
 [-SiteID <String[]>] [-AccountID <String[]>] [-RiskLevel <String[]>] [-ApplicationType <String[]>]
 [-OS <String[]>] [-MachineType <String[]>] [-Decommissioned <String>] [-Count <Object>] [<CommonParameters>]

Agent

Get-S1Application -AgentID <String[]> [<CommonParameters>]

CVEs

Get-S1Application [-CVEs] [-CVEIDs <String[]>] [-ApplicationID <String[]>] [-GroupID <String[]>]
 [-SiteID <String[]>] [-AccountID <String[]>] [<CommonParameters>]

DESCRIPTION

This function retrieves SentinelOne application information using various filters such as application name, risk level, application type, and more. It supports filtering by agent IDs, CVEs, group IDs, site IDs, and account IDs. The results can be limited or retrieved recursively.

EXAMPLES

EXAMPLE 1

Get-S1Application -AgentID @("agent1", "agent2")

Retrieves applications installed on the specified agents.

EXAMPLE 2

Get-S1Application -CVEs -CVEIDs @("CVE-2023-1234", "CVE-2023-5678")

Retrieves applications associated with the specified CVEs.

EXAMPLE 3

Get-S1Application -ApplicationName "ExampleApp" -RiskLevel "high"

Retrieves high-risk applications with the name "ExampleApp".

EXAMPLE 4

Get-S1Application -SiteID "site1" -Count 50

Retrieves up to 50 applications for the specified site.

PARAMETERS

-AgentID

Filter applications by agent IDs.

Type: String[]
Parameter Sets: Agent
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CVEs

A switch to retrieve CVE information for applications.

Type: SwitchParameter
Parameter Sets: CVEs
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-CVEIDs

Filter applications by specific CVE IDs.

Type: String[]
Parameter Sets: CVEs
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApplicationName

Filter applications by name.

Type: String[]
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApplicationID

Filter applications by application IDs.

Type: String[]
Parameter Sets: All, CVEs
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

Filter applications by group IDs.

Type: String[]
Parameter Sets: All, CVEs
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

Filter applications by site IDs.

Type: String[]
Parameter Sets: All, CVEs
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

Filter applications by account IDs.

Type: String[]
Parameter Sets: All, CVEs
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RiskLevel

Filter applications by risk level. Valid values are "none", "low", "medium", "high", or "critical".

Type: String[]
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApplicationType

Filter applications by type. Valid values are "app", "kb", "patch", "chromeExtension", "edgeExtension", "firefoxExtension", or "safariExtension".

Type: String[]
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OS

Filter applications by operating system type. Valid values are "windows", "windows_legacy", "linux", or "macos".

Type: String[]
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MachineType

Filter applications by machine type. Valid values are "unknown", "desktop", "laptop", or "server".

Type: String[]
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Decommissioned

Filter applications by decommissioned status. Valid values are "true" or "false".

Type: String
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Count

Limit the number of retrieved applications.

Type: Object
Parameter Sets: All
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-S1Application

SYNOPSIS

SYNTAX

All (Default)

Agent

CVEs

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

EXAMPLE 4

PARAMETERS

-AgentID

-CVEs

-CVEIDs

-ApplicationName

-ApplicationID

-GroupID

-SiteID

-AccountID

-RiskLevel

-ApplicationType

-OS

-MachineType

-Decommissioned

-Count

CommonParameters

INPUTS

OUTPUTS

NOTES

Get-S1Application

SYNOPSIS

SYNTAX

All (Default)

Agent

CVEs

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

EXAMPLE 4

PARAMETERS

-AgentID

-CVEs

-CVEIDs

-ApplicationName

-ApplicationID

-GroupID

-SiteID

-AccountID

-RiskLevel

-ApplicationType

-OS

-MachineType

-Decommissioned

-Count

CommonParameters

INPUTS

OUTPUTS

NOTES

RELATED LINKS