Skip to content

New-S1DvQuery

SYNOPSIS

Initialize a new query for SentinelOne.

SYNTAX

TimeFrame

New-S1DvQuery [-QueryType <String>] -Query <Object> [-Limit <Object>] -TimeFrame <String> [-GroupID <String[]>]
 [-SiteID <String[]>] [-AccountID <String[]>] [<CommonParameters>]

CustomTime

New-S1DvQuery [-QueryType <String>] -Query <Object> [-Limit <Object>] -ToDate <DateTime> -FromDate <DateTime>
 [-GroupID <String[]>] [-SiteID <String[]>] [-AccountID <String[]>] [<CommonParameters>]

DESCRIPTION

This function initializes a new query for SentinelOne. It allows you to specify the query type, query string, time frame, and other parameters.

EXAMPLES

EXAMPLE 1

New-S1DvQuery -QueryType "events" -Query "malware" -Limit 100 -TimeFrame "Last Hour"

Initializes a new event query for malware in the last hour with a limit of 100 results.

EXAMPLE 2

New-S1DvQuery -QueryType "processes" -Query "suspicious.exe" -Limit 5000 -FromDate (Get-Date).AddDays(-7) -ToDate (Get-Date)

Initializes a new process query for suspicious.exe from the last week with a limit of 5000 results.

PARAMETERS

-QueryType

The type of query to be executed. Valid values are "events" or "processes". Default is "events".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: Events
Accept pipeline input: False
Accept wildcard characters: False

-Query

The query string to be executed.

Type: Object
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Limit

The maximum number of results to return. Valid values are 1, 10, 100, 1000, 2000, 5000, 10000, or 20000. Default is 1000.

Type: Object
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: 1000
Accept pipeline input: False
Accept wildcard characters: False

-TimeFrame

The time frame for the query. Valid values are "Last Hour", "Last 24 Hours", "Today", "Last 48 Hours", "Last 7 Days", "Last 30 Days", "This Month", "Last 2 Months", or "Last 3 Months".

Type: String
Parameter Sets: TimeFrame
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ToDate

The end date for the query. Mandatory when using the CustomTime parameter set.

Type: DateTime
Parameter Sets: CustomTime
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FromDate

The start date for the query. Mandatory when using the CustomTime parameter set.

Type: DateTime
Parameter Sets: CustomTime
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

The group ID to filter the query results.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

The site ID to filter the query results.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

The account ID to filter the query results.

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES