Skip to content

New-S1Blacklist

SYNOPSIS

Create a new blacklist entry in SentinelOne.

SYNTAX

GroupLevel

New-S1Blacklist -Hash <String> [-Description <String>] -OSType <String> -GroupID <String> [<CommonParameters>]

SiteLevel

New-S1Blacklist -Hash <String> [-Description <String>] -OSType <String> -SiteID <String> [<CommonParameters>]

AccountLevel

New-S1Blacklist -Hash <String> [-Description <String>] -OSType <String> -AccountID <String>
 [<CommonParameters>]

DESCRIPTION

This function creates a new blacklist entry in SentinelOne by specifying the hash, operating system type, and an optional description. The blacklist entry can be applied at the group, site, or account level based on the provided parameters.

EXAMPLES

EXAMPLE 1

New-S1Blacklist -Hash "abc123" -OSType "windows" -GroupID "group1"

Creates a blacklist entry for the hash "abc123" on Windows systems at the group level.

EXAMPLE 2

New-S1Blacklist -Hash "abc123" -OSType "macos" -SiteID "site1" -Description "Block malicious hash"

Creates a blacklist entry for the hash "abc123" on macOS systems at the site level with a description.

EXAMPLE 3

New-S1Blacklist -Hash "abc123" -OSType "linux" -AccountID "account1"

Creates a blacklist entry for the hash "abc123" on Linux systems at the account level.

PARAMETERS

-Hash

The hash value to be blacklisted.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Description

An optional description for the blacklist entry.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OSType

The operating system type for the blacklist entry. Valid values are "windows", "macos", or "linux".

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

The group ID where the blacklist entry will be applied. Mandatory for the "GroupLevel" parameter set.

Type: String
Parameter Sets: GroupLevel
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

The site ID where the blacklist entry will be applied. Mandatory for the "SiteLevel" parameter set.

Type: String
Parameter Sets: SiteLevel
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

The account ID where the blacklist entry will be applied. Mandatory for the "AccountLevel" parameter set.

Type: String
Parameter Sets: AccountLevel
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES