Get-S1DvEvents

SYNOPSIS

Retrieve SentinelOne Deep Visibility events based on a query.

SYNTAX

TimeFrame

Get-S1DvEvents -Query <Object> [-Limit <Object>] -TimeFrame <String> [<CommonParameters>]

CustomTime

Get-S1DvEvents -Query <Object> [-Limit <Object>] -ToDate <DateTime> -FromDate <DateTime> [<CommonParameters>]

DESCRIPTION

This function retrieves SentinelOne Deep Visibility events using a specified query. It supports predefined time frames or custom date ranges for filtering events. The results are returned after the query is executed and completed.

EXAMPLES

EXAMPLE 1

Get-S1DvEvents -Query "endpointName:Server01" -TimeFrame "Last 24 Hours"

Retrieves Deep Visibility events for the endpoint "Server01" from the last 24 hours.

EXAMPLE 2

Get-S1DvEvents -Query "processName:cmd.exe" -FromDate (Get-Date).AddDays(-7) -ToDate (Get-Date)

Retrieves Deep Visibility events for "cmd.exe" from the last 7 days.

EXAMPLE 3

Get-S1DvEvents -Query "ip:192.168.1.1" -Limit 5000 -TimeFrame "Last 7 Days"

Retrieves up to 5000 Deep Visibility events for the IP address "192.168.1.1" from the last 7 days.

PARAMETERS

-Query

The query string to filter Deep Visibility events.

Type: Object
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Limit

The maximum number of events to retrieve. Valid values are 1, 10, 100, 1000, 2000, 5000, 10000, or 20000. Defaults to 1000.

Type: Object
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 1000
Accept pipeline input: False
Accept wildcard characters: False

-TimeFrame

A predefined time frame to filter events. Valid values are "Last Hour", "Last 24 Hours", "Today", "Last 48 Hours", "Last 7 Days", "Last 30 Days", "This Month", "Last 2 Months", or "Last 3 Months".

Type: String
Parameter Sets: TimeFrame
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ToDate

The end date for a custom date range filter. Used with `FromDate`.

Type: DateTime
Parameter Sets: CustomTime
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FromDate

The start date for a custom date range filter. Used with `ToDate`.

Type: DateTime
Parameter Sets: CustomTime
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Get-S1DvEvents

SYNOPSIS

SYNTAX

TimeFrame

CustomTime

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

PARAMETERS

-Query

-Limit

-TimeFrame

-ToDate

-FromDate

CommonParameters

INPUTS

OUTPUTS

NOTES

Get-S1DvEvents

SYNOPSIS

SYNTAX

TimeFrame

CustomTime

DESCRIPTION

EXAMPLES

EXAMPLE 1

EXAMPLE 2

EXAMPLE 3

PARAMETERS

-Query

-Limit

-TimeFrame

-ToDate

-FromDate

CommonParameters

INPUTS

OUTPUTS

NOTES

RELATED LINKS