Invoke-S1Query
SYNOPSIS
Handles the request/response aspect of interacting with the SentinelOne API.
SYNTAX
Default (Default)
Invoke-S1Query -URI <String> [-Parameters <Hashtable>] [-ContentType <String>] [-Method <String>]
[-MaxCount <UInt32>] [-Body <Object>] [<CommonParameters>]
Count
Invoke-S1Query -URI <String> [-Parameters <Hashtable>] [-ContentType <String>] [-Method <String>]
[-Count <UInt32>] [-MaxCount <UInt32>] [-Body <Object>] [<CommonParameters>]
Recurse
Invoke-S1Query -URI <String> [-Parameters <Hashtable>] [-ContentType <String>] [-Method <String>]
[-MaxCount <UInt32>] [-Recurse] [-Body <Object>] [<CommonParameters>]
DESCRIPTION
This function handles the request/response aspect of interacting with the SentinelOne API, including pagination and error handling. It supports various HTTP methods, query parameters, and body content for flexible API interactions.
EXAMPLES
EXAMPLE 1
Invoke-S1Query -URI "/web/api/v2.1/agents" -Parameters @{computerName__contains = "hostname"} -Method Get
Sends a GET request to retrieve agents with computer names containing "hostname".
EXAMPLE 2
Sends a POST request to retrieve active threats.
EXAMPLE 3
Retrieves all agents by following the pagination cursor.
PARAMETERS
-URI
The API URI from the SentinelOne API Documentation, e.g., "/web/api/v2.1/agents".
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Parameters
A hashtable containing query string parameters used for filtering the results or pushing data along with a filter.
Type: Hashtable
Parameter Sets: (All)
Aliases: Filter
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ContentType
The content type of the body, if necessary, e.g., "application/json".
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Method
The REST method for the query. Valid values are "Get", "Post", "Put", or "Delete". Defaults to "Get".
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: Get
Accept pipeline input: False
Accept wildcard characters: False
-Count
Limits the number of results in the response, if supported by the specific API.
Type: UInt32
Parameter Sets: Count
Aliases:
Required: False
Position: Named
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
-MaxCount
Specifies the maximum number of results allowed by the API. Defaults to 100.
Type: UInt32
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: 100
Accept pipeline input: False
Accept wildcard characters: False
-Recurse
Follows the cursor in paginated requests to retrieve all possible results.
Type: SwitchParameter
Parameter Sets: Recurse
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Body
The body value for a POST or PUT request.
Type: Object
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.