Get-S1Exclusion
SYNOPSIS
Retrieve SentinelOne exclusion information.
SYNTAX
Get-S1Exclusion [-Type] <String> [[-IncludeInherited] <String>] [[-OSType] <String[]>] [[-Mode] <String[]>]
[[-Value] <String>] [[-Search] <String>] [[-ExclusionID] <String[]>] [[-UserID] <String[]>]
[[-GroupID] <String[]>] [[-SiteID] <String[]>] [[-AccountID] <String[]>] [<CommonParameters>]
DESCRIPTION
This function retrieves SentinelOne exclusion information using various filters such as type, operating system, mode, value, and more. It supports filtering by exclusion IDs, user IDs, group IDs, site IDs, and account IDs. The results can include inherited exclusions if specified.
EXAMPLES
EXAMPLE 1
Retrieves path exclusions for Windows operating systems.
EXAMPLE 2
Retrieves certificate exclusions, including inherited ones.
EXAMPLE 3
Retrieves exclusions with the specified exclusion IDs.
EXAMPLE 4
Retrieves exclusions for the specified site and account IDs.
PARAMETERS
-Type
The type of exclusion to retrieve. Valid values are "path", "certificate", "browser", "file_type", or "white_hash".
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-IncludeInherited
Include inherited exclusions in the results. Valid values are "true" or "false".
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-OSType
Filter exclusions by operating system type. Valid values are "windows", "windows_legacy", "macos", or "linux".
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Mode
Filter exclusions by mode. Valid values are "suppress", "suppress_dynamic_only", "suppress_dfi_only", "disable_in_process_monitor", "disable_in_process_monitor_deep", "disable_all_monitors", or "disable_all_monitors_deep".
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Value
Filter exclusions by a specific value.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Search
Search exclusions by a query string.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ExclusionID
Filter exclusions by specific exclusion IDs.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-UserID
Filter exclusions by user IDs.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-GroupID
Filter exclusions by group IDs.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 9
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SiteID
Filter exclusions by site IDs.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 10
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-AccountID
Filter exclusions by account IDs.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 11
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.