Skip to content

New-S1Exclusion

SYNOPSIS

Create a new exclusion in SentinelOne.

SYNTAX

GroupHash

New-S1Exclusion -Hash <String> -OSType <String> [-Description <String>] -GroupID <String> [<CommonParameters>]

SiteHash

New-S1Exclusion -Hash <String> -OSType <String> [-Description <String>] -SiteID <String> [<CommonParameters>]

AccountHash

New-S1Exclusion -Hash <String> -OSType <String> [-Description <String>] -AccountID <String>
 [<CommonParameters>]

GroupPath

New-S1Exclusion -Path <String> [-PathExclusionType <String>] -ExclusionType <String> -OSType <String>
 [-Description <String>] -GroupID <String> [<CommonParameters>]

SitePath

New-S1Exclusion -Path <String> [-PathExclusionType <String>] -ExclusionType <String> -OSType <String>
 [-Description <String>] -SiteID <String> [<CommonParameters>]

AccountPath

New-S1Exclusion -Path <String> [-PathExclusionType <String>] -ExclusionType <String> -OSType <String>
 [-Description <String>] -AccountID <String> [<CommonParameters>]

GroupCertificate

New-S1Exclusion -Certificate <String> -OSType <String> [-Description <String>] -GroupID <String>
 [<CommonParameters>]

SiteCertificate

New-S1Exclusion -Certificate <String> -OSType <String> [-Description <String>] -SiteID <String>
 [<CommonParameters>]

AccountCertificate

New-S1Exclusion -Certificate <String> -OSType <String> [-Description <String>] -AccountID <String>
 [<CommonParameters>]

GroupBrowser

New-S1Exclusion -Browser <String> -OSType <String> [-Description <String>] -GroupID <String>
 [<CommonParameters>]

SiteBrowser

New-S1Exclusion -Browser <String> -OSType <String> [-Description <String>] -SiteID <String>
 [<CommonParameters>]

AccountBrowser

New-S1Exclusion -Browser <String> -OSType <String> [-Description <String>] -AccountID <String>
 [<CommonParameters>]

GroupFileType

New-S1Exclusion -FileType <String> -OSType <String> [-Description <String>] -GroupID <String>
 [<CommonParameters>]

SiteFileType

New-S1Exclusion -FileType <String> -OSType <String> [-Description <String>] -SiteID <String>
 [<CommonParameters>]

AccountFileType

New-S1Exclusion -FileType <String> -OSType <String> [-Description <String>] -AccountID <String>
 [<CommonParameters>]

DESCRIPTION

This function creates a new exclusion in SentinelOne by specifying parameters such as hash, path, certificate, browser, or file type. The exclusion can be applied at the group, site, or account level based on the provided parameters. Additional options include specifying the operating system type, exclusion type, and description.

EXAMPLES

EXAMPLE 1

New-S1Exclusion -Hash "abc123" -OSType "windows" -GroupID "group1"

Creates a hash exclusion for Windows systems at the group level.

EXAMPLE 2

New-S1Exclusion -Path "C:\Temp" -PathExclusionType "folder" -ExclusionType "suppress" -OSType "macos" -SiteID "site1"

Creates a folder exclusion for macOS systems at the site level with suppression.

EXAMPLE 3

New-S1Exclusion -Certificate "cert123" -OSType "linux" -AccountID "account1"

Creates a certificate exclusion for Linux systems at the account level.

EXAMPLE 4

New-S1Exclusion -Browser "chrome" -OSType "windows" -GroupID "group1"

Creates a browser exclusion for Chrome on Windows systems at the group level.

PARAMETERS

-Hash

The hash value to be excluded.

Type: String
Parameter Sets: GroupHash, SiteHash, AccountHash
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Path

The file or folder path to be excluded.

Type: String
Parameter Sets: GroupPath, SitePath, AccountPath
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PathExclusionType

The type of path exclusion. Valid values are "folder", "subfolder", or "file".

Type: String
Parameter Sets: GroupPath, SitePath, AccountPath
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ExclusionType

The type of exclusion. Valid values are "suppress", "suppress_dfi_only", "suppress_dynamic_only", "disable_in_process_monitor", "disable_in_process_monitor_deep", "disable_all_monitors", or "disable_all_monitors_deep".

Type: String
Parameter Sets: GroupPath, SitePath, AccountPath
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Certificate

The certificate to be excluded.

Type: String
Parameter Sets: GroupCertificate, SiteCertificate, AccountCertificate
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Browser

The browser to be excluded. Valid values are "chrome", "firefox", "edge", or "ie".

Type: String
Parameter Sets: GroupBrowser, SiteBrowser, AccountBrowser
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-FileType

The file type to be excluded.

Type: String
Parameter Sets: GroupFileType, SiteFileType, AccountFileType
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OSType

The operating system type for the exclusion. Valid values are "windows", "macos", "linux", or "windows_legacy".

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Description

An optional description for the exclusion.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupID

The group ID where the exclusion will be applied.

Type: String
Parameter Sets: GroupHash, GroupPath, GroupCertificate, GroupBrowser, GroupFileType
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteID

The site ID where the exclusion will be applied.

Type: String
Parameter Sets: SiteHash, SitePath, SiteCertificate, SiteBrowser, SiteFileType
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AccountID

The account ID where the exclusion will be applied.

Type: String
Parameter Sets: AccountHash, AccountPath, AccountCertificate, AccountBrowser, AccountFileType
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES