Skip to content

New-S1HeatTicket

SYNOPSIS

Create a heat ticket for SentinelOne threats.

SYNTAX

Detail

New-S1HeatTicket [-AutoCloseHeatIncident] [-CherryPick] -SiteName <String> [-HeatInstanceName <String>]
 -ReportedTime <String> [-Urgency <String>] [-Impact <String>] [<CommonParameters>]

ID

New-S1HeatTicket [-AutoCloseHeatIncident] [-HeatInstanceName <String>] [-ThreatID <String>]
 [-TaskOwnerTeam <String>] [-Urgency <String>] [-Impact <String>] [<CommonParameters>]

DESCRIPTION

This function creates a heat ticket for SentinelOne threats based on the provided parameters. It connects to the Heat instance, retrieves threat information, and generates a ticket with relevant details.

EXAMPLES

EXAMPLE 1

New-S1HeatTicket -SiteName 'WindowsClients' -ReportedTime 'Last 24 Hours'

Creates a heat ticket for Windows clients with threats reported in the last 24 hours.

EXAMPLE 2

New-S1HeatTicket -SiteName 'LinuxServers' -ThreatID '12345' -Urgency 'High'

Creates a heat ticket for a specific threat ID on Linux servers with high urgency.

PARAMETERS

-AutoCloseHeatIncident

Automatically close the heat incident after creating the ticket.

Type: SwitchParameter
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-CherryPick

Cherry-pick specific threats to create tickets for.

Type: SwitchParameter
Parameter Sets: Detail
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-SiteName

The name of the site for which to create the heat ticket.

Type: String
Parameter Sets: Detail
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-HeatInstanceName

The name of the Heat instance to connect to. Defaults to 'IvantiPR'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: IvantiPR
Accept pipeline input: False
Accept wildcard characters: False

-ReportedTime

The time frame for which to report threats. Valid values are "Last Hour", "Last 24 Hours", "Last 7 Days", "Last 30 Days", "Last 2 Months", "Last 3 Months", "Last Year".

Type: String
Parameter Sets: Detail
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ThreatID

The ID of the specific threat to create a ticket for.

Type: String
Parameter Sets: ID
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TaskOwnerTeam

The team responsible for the task. Valid values are 'NSOC', 'Server en Storage', 'Systeemsoftware'.

Type: String
Parameter Sets: ID
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Urgency

The urgency level of the ticket. Valid values are 'High', 'Medium', 'Low'. Defaults to 'Low'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: Low
Accept pipeline input: False
Accept wildcard characters: False

-Impact

The impact level of the ticket. Valid values are 'High', 'Medium', 'Low'. Defaults to 'Low'.

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: Low
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES