Skip to content

Invoke-S1AgentAction

SYNOPSIS

Perform actions on SentinelOne agents.

SYNTAX

Scan

Invoke-S1AgentAction -AgentID <String[]> [-Scan] [<CommonParameters>]

AbortScan

Invoke-S1AgentAction -AgentID <String[]> [-AbortScan] [<CommonParameters>]

Reload

Invoke-S1AgentAction -AgentID <String[]> -Reload <String> [<CommonParameters>]

StartRemoteProfiling

Invoke-S1AgentAction -AgentID <String[]> [-StartRemoteProfiling] -TimeoutInSeconds <UInt32>
 [<CommonParameters>]

StopRemoteProfiling

Invoke-S1AgentAction -AgentID <String[]> [-StopRemoteProfiling] [<CommonParameters>]

UpdateSoftware

Invoke-S1AgentAction -AgentID <String[]> [-UpdateSoftware] -PackageID <String> -UpdateTiming <String>
 [<CommonParameters>]

RandomizeUUID

Invoke-S1AgentAction -AgentID <String[]> [-RandomizeUUID] [<CommonParameters>]

SendMessage

Invoke-S1AgentAction -AgentID <String[]> -SendMessage <String> [<CommonParameters>]

SetExternalID

Invoke-S1AgentAction -AgentID <String[]> -SetExternalID <String> [<CommonParameters>]

MoveToSite

Invoke-S1AgentAction -AgentID <String[]> [-Move] -SiteID <String> [<CommonParameters>]

MoveToGroup

Invoke-S1AgentAction -AgentID <String[]> [-Move] -GroupID <String> [<CommonParameters>]

MoveToConsole

Invoke-S1AgentAction -AgentID <String[]> [-MoveToConsole] -ConsoleSiteToken <String> [<CommonParameters>]

FetchLogs

Invoke-S1AgentAction -AgentID <String[]> [-FetchLogs] [-PlatformLogs <Boolean>] [-AgentLogs <Boolean>]
 [-CustomerFacingLogs <Boolean>] [<CommonParameters>]

DisableAgent

Invoke-S1AgentAction -AgentID <String[]> [-DisableAgent] [<CommonParameters>]

EnableAgent

Invoke-S1AgentAction -AgentID <String[]> [-EnableAgent] [<CommonParameters>]

DisconnectFromNetwork

Invoke-S1AgentAction -AgentID <String[]> [-DisconnectFromNetwork] [<CommonParameters>]

ConnectToNetwork

Invoke-S1AgentAction -AgentID <String[]> [-ConnectToNetwork] [<CommonParameters>]

FetchFirewallLogs

Invoke-S1AgentAction -AgentID <String[]> [-FetchFirewallLogs] -ReportLocal <Boolean>
 -ReportManagement <Boolean> [<CommonParameters>]

FetchFirewallRules

Invoke-S1AgentAction -AgentID <String[]> [-FetchFirewallRules] [-FirewallRuleState <String>]
 [-FirewallRuleFormat <String>] [<CommonParameters>]

ResetLocalConfig

Invoke-S1AgentAction -AgentID <String[]> [-ResetLocalConfig] [<CommonParameters>]

ApproveUninstall

Invoke-S1AgentAction -AgentID <String[]> [-ApproveUninstall] [<CommonParameters>]

RejectUninstall

Invoke-S1AgentAction -AgentID <String[]> [-RejectUninstall] [<CommonParameters>]

Uninstall

Invoke-S1AgentAction -AgentID <String[]> [-Uninstall] [<CommonParameters>]

Decommission

Invoke-S1AgentAction -AgentID <String[]> [-Decommission] [<CommonParameters>]

DisableRanger

Invoke-S1AgentAction -AgentID <String[]> [-DisableRanger] [<CommonParameters>]

EnableRanger

Invoke-S1AgentAction -AgentID <String[]> [-EnableRanger] [<CommonParameters>]

CanRunRemoteShell

Invoke-S1AgentAction -AgentID <String[]> [-CanRunRemoteShell] [<CommonParameters>]

GetApplications

Invoke-S1AgentAction -AgentID <String[]> [-GetApplications] [<CommonParameters>]

MarkAsUpToDate

Invoke-S1AgentAction -AgentID <String[]> [-MarkAsUpToDate] [<CommonParameters>]

Restart

Invoke-S1AgentAction -AgentID <String[]> [-Restart] [<CommonParameters>]

Shutdown

Invoke-S1AgentAction -AgentID <String[]> [-Shutdown] [<CommonParameters>]

DESCRIPTION

This function allows you to perform various actions on SentinelOne agents, such as initiating scans, aborting scans, fetching logs, updating software, moving agents to groups or sites, and more. The action is determined by the specified parameter set.

EXAMPLES

EXAMPLE 1

Invoke-S1AgentAction -AgentID @("agent1", "agent2") -Scan

Initiates a scan on the specified agents.

EXAMPLE 2

Invoke-S1AgentAction -AgentID "agent1" -UpdateSoftware -PackageID "pkg123" -UpdateTiming "immediately"

Updates the software on the specified agent immediately using the specified package ID.

EXAMPLE 3

Invoke-S1AgentAction -AgentID "agent1" -Move -GroupID "group123"

Moves the specified agent to the specified group.

EXAMPLE 4

Invoke-S1AgentAction -AgentID "agent1" -FetchLogs -PlatformLogs $True -AgentLogs $False

Fetches platform logs for the specified agent.

PARAMETERS

-AgentID

The ID(s) of the agent(s) targeted for the action.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Scan

Initiates a scan on the targeted agents.

Type: SwitchParameter
Parameter Sets: Scan
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-AbortScan

Aborts a running scan for the targeted agents.

Type: SwitchParameter
Parameter Sets: AbortScan
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Reload

Initiates a service reload for the targeted agents. Valid values are "log", "static", "agent", or "monitor".

Type: String
Parameter Sets: Reload
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-StartRemoteProfiling

Starts the remote profiler for troubleshooting on the targeted agents.

Type: SwitchParameter
Parameter Sets: StartRemoteProfiling
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-TimeoutInSeconds

Sets the timeout for the remote profiler.

Type: UInt32
Parameter Sets: StartRemoteProfiling
Aliases:

Required: True
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False

-StopRemoteProfiling

Stops the remote profiler for the targeted agents.

Type: SwitchParameter
Parameter Sets: StopRemoteProfiling
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-UpdateSoftware

Initiates a software update for the targeted agents.

Type: SwitchParameter
Parameter Sets: UpdateSoftware
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-PackageID

The package ID for the update to be applied.

Type: String
Parameter Sets: UpdateSoftware
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-UpdateTiming

Specifies the timing for the update. Valid values are "immediately" or "by_update_schedule".

Type: String
Parameter Sets: UpdateSoftware
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RandomizeUUID

Randomizes the UUID for the targeted agents.

Type: SwitchParameter
Parameter Sets: RandomizeUUID
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-SendMessage

Sends a message to the targeted agents.

Type: String
Parameter Sets: SendMessage
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SetExternalID

Updates the external ID for the targeted agents.

Type: String
Parameter Sets: SetExternalID
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Move

Moves agents to a new group, site, or console.

Type: SwitchParameter
Parameter Sets: MoveToSite, MoveToGroup
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

The group ID to which the targeted agents should be moved.

Type: String
Parameter Sets: MoveToGroup
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

The site ID to which the targeted agents should be moved.

Type: String
Parameter Sets: MoveToSite
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MoveToConsole

Move agents to a new console

Type: SwitchParameter
Parameter Sets: MoveToConsole
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ConsoleSiteToken

The site token for the console to which the targeted agents should be moved.

Type: String
Parameter Sets: MoveToConsole
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FetchLogs

Fetches logs from the targeted agents.

Type: SwitchParameter
Parameter Sets: FetchLogs
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-PlatformLogs

Fetch platform logs. Defaults to `$True`.

Type: Boolean
Parameter Sets: FetchLogs
Aliases:

Required: False
Position: Named
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-AgentLogs

Fetch agent logs. Defaults to `$True`.

Type: Boolean
Parameter Sets: FetchLogs
Aliases:

Required: False
Position: Named
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-CustomerFacingLogs

Fetch customer-facing logs. Defaults to `$True`.

Type: Boolean
Parameter Sets: FetchLogs
Aliases:

Required: False
Position: Named
Default value: True
Accept pipeline input: False
Accept wildcard characters: False

-DisableAgent

Disables the agent software on the targeted agents.

Type: SwitchParameter
Parameter Sets: DisableAgent
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-EnableAgent

Re-enables the agent software on the targeted agents.

Type: SwitchParameter
Parameter Sets: EnableAgent
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-DisconnectFromNetwork

Disconnects the targeted agents from the network (network quarantine).

Type: SwitchParameter
Parameter Sets: DisconnectFromNetwork
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ConnectToNetwork

Connects the targeted agents back to the network (network unquarantine).

Type: SwitchParameter
Parameter Sets: ConnectToNetwork
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-FetchFirewallLogs

Fetches firewall logs from the targeted agents.

Type: SwitchParameter
Parameter Sets: FetchFirewallLogs
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ReportLocal

{{ Fill ReportLocal Description }}

Type: Boolean
Parameter Sets: FetchFirewallLogs
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ReportManagement

{{ Fill ReportManagement Description }}

Type: Boolean
Parameter Sets: FetchFirewallLogs
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-FetchFirewallRules

Fetches firewall rules from the targeted agents.

Type: SwitchParameter
Parameter Sets: FetchFirewallRules
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-FirewallRuleState

{{ Fill FirewallRuleState Description }}

Type: String
Parameter Sets: FetchFirewallRules
Aliases:

Required: False
Position: Named
Default value: Initial
Accept pipeline input: False
Accept wildcard characters: False

-FirewallRuleFormat

{{ Fill FirewallRuleFormat Description }}

Type: String
Parameter Sets: FetchFirewallRules
Aliases:

Required: False
Position: Named
Default value: Native
Accept pipeline input: False
Accept wildcard characters: False

-ResetLocalConfig

Resets the local configuration for the targeted agents.

Type: SwitchParameter
Parameter Sets: ResetLocalConfig
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-ApproveUninstall

Approves the uninstallation of the agent software.

Type: SwitchParameter
Parameter Sets: ApproveUninstall
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-RejectUninstall

Rejects the uninstallation of the agent software.

Type: SwitchParameter
Parameter Sets: RejectUninstall
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Uninstall

Initiates a remote uninstallation of the agent software.

Type: SwitchParameter
Parameter Sets: Uninstall
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Decommission

Decommissions the targeted agents.

Type: SwitchParameter
Parameter Sets: Decommission
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-DisableRanger

{{ Fill DisableRanger Description }}

Type: SwitchParameter
Parameter Sets: DisableRanger
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-EnableRanger

{{ Fill EnableRanger Description }}

Type: SwitchParameter
Parameter Sets: EnableRanger
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-CanRunRemoteShell

Check if a remote shell can be opened to the targeted agents

Type: SwitchParameter
Parameter Sets: CanRunRemoteShell
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-GetApplications

Request the agent to update the application list for the targeted agents

Type: SwitchParameter
Parameter Sets: GetApplications
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-MarkAsUpToDate

{{ Fill MarkAsUpToDate Description }}

Type: SwitchParameter
Parameter Sets: MarkAsUpToDate
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Restart

Initiate a remote restart

Type: SwitchParameter
Parameter Sets: Restart
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Shutdown

Initiate a remote shutdown

Type: SwitchParameter
Parameter Sets: Shutdown
Aliases:

Required: True
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES