Get-S1Threat
SYNOPSIS
Get a list of threats from SentinelOne.
SYNTAX
Get-S1Threat [[-IncidentStatus] <String>] [[-MitigationStatus] <String>] [[-MitigatedPreEmptively] <String>]
[[-ActionFailed] <String>] [[-ActionPending] <String>] [[-Engine] <String[]>] [[-InitiatedBy] <String[]>]
[[-ConfidenceLevel] <String[]>] [[-AnalystVerdict] <String[]>] [[-ClassificationSource] <String[]>]
[[-FilePath] <String>] [[-ContentHash] <String[]>] [[-OSType] <String[]>] [[-MachineType] <String[]>]
[[-AgentName] <String>] [[-ThreatID] <String[]>] [[-CollectionID] <String[]>] [[-AgentID] <String>]
[[-GroupID] <String[]>] [[-SiteID] <String[]>] [[-AccountID] <String[]>] [[-ReportedTime] <String>]
[<CommonParameters>]
DESCRIPTION
This function retrieves a list of threats from SentinelOne based on various filtering criteria.
EXAMPLES
Example 1
{{ Add example description here }}
PARAMETERS
-IncidentStatus
The status of the incident (e.g., unresolved, in_progress, resolved).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-MitigationStatus
The status of the mitigation (e.g., not_mitigated, mitigated, marked_as_benign).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-MitigatedPreEmptively
Indicates if the threat was mitigated preemptively (true/false).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ActionFailed
Indicates if the action failed (true/false).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ActionPending
Indicates if the action is pending (true/false).
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 5
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Engine
The engine used for detection (e.g., reputation, sentinelone_cloud, user_blacklist, etc.).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 6
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-InitiatedBy
The method that initiated the detection (e.g., agent_policy, full_disk_scan, etc.).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 7
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ConfidenceLevel
The confidence level of the detection (e.g., malicious, suspicious, n/a).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 8
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-AnalystVerdict
The verdict given by the analyst (e.g., undefined, true_positive, false_positive, suspicious).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 9
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ClassificationSource
The source of classification (e.g., Cloud, Behavioral, Static, Engine).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 10
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-FilePath
The file path associated with the threat.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 11
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ContentHash
The content hash associated with the threat.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 12
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-OSType
The operating system type (e.g., windows, linux, macos).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 13
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-MachineType
The type of machine (e.g., unknown, desktop, laptop, server).
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 14
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-AgentName
The name of the agent associated with the threat.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 15
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ThreatID
The ID of the threat.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 16
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-CollectionID
The ID of the collection associated with the threat.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 17
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-AgentID
The ID of the agent associated with the threat.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 18
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-GroupID
The ID of the group associated with the threat.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 19
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SiteID
The ID of the site associated with the threat.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 20
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-AccountID
{{ Fill AccountID Description }}
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: 21
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ReportedTime
{{ Fill ReportedTime Description }}
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: 22
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.