Skip to content

Get-S1Blacklist

SYNOPSIS

Retrieve SentinelOne blacklist information.

SYNTAX

Get-S1Blacklist [[-Hash] <String>] [[-IncludeInherited] <String>] [[-OSType] <String[]>]
 [[-BlacklistID] <String[]>] [[-UserID] <String[]>] [[-GroupID] <String[]>] [[-SiteID] <String[]>]
 [[-AccountID] <String[]>] [<CommonParameters>]

DESCRIPTION

This function retrieves SentinelOne blacklist information using various filters such as hash, operating system type, blacklist ID, user ID, group ID, site ID, and account ID. It sends a GET request to the `/web/api/v2.1/restrictions` endpoint and returns the data.

EXAMPLES

EXAMPLE 1

Get-S1Blacklist -Hash "abc123"

Retrieves blacklist entries for the specified hash value.

EXAMPLE 2

Get-S1Blacklist -OSType "windows" -IncludeInherited "true"

Retrieves blacklist entries for Windows operating systems, including inherited entries.

EXAMPLE 3

Get-S1Blacklist -BlacklistID @("id1", "id2")

Retrieves blacklist entries for the specified blacklist IDs.

EXAMPLE 4

Get-S1Blacklist -SiteID "site1" -AccountID "account1"

Retrieves blacklist entries for the specified site and account IDs.

PARAMETERS

-Hash

Filter the blacklist by a specific hash value.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IncludeInherited

Include inherited blacklist entries. Valid values are "true" or "false".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OSType

Filter the blacklist by operating system type. Valid values are "windows", "windows_legacy", "macos", or "linux".

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-BlacklistID

Filter the blacklist by specific blacklist IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-UserID

Filter the blacklist by user IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

Filter the blacklist by group IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

Filter the blacklist by site IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

Filter the blacklist by account IDs.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES