CyGlobalLists.ps1
<#
.SYNOPSIS Gets the global list .PARAMETER API Optional. API Handle (use only when not using session scope). .PARAMETER List The type of global list to retrieve. #> function Get-CyGlobalList { Param ( [parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [CylanceAPIHandle]$API = $GlobalCyAPIHandle, [Parameter(Mandatory=$true)] [ValidateSet ("GlobalSafeList", "GlobalQuarantineList")] [String]$List ) $APIListType = 0 switch ($List) { "GlobalQuarantine" { $APIListType = 0 } "GlobalSafeList" { $APIListType = 1 } } Read-CyData -API $API -Uri "$($API.BaseUrl)/globallists/v2" -QueryParams @{ "listTypeId" = $APIListType } } <# .SYNOPSIS Adds file hash to global list .PARAMETER API Optional. API Handle (use only when not using session scope). .PARAMETER List The global list type to add to .PARAMETER SHA256 The file hash to add .PARAMETER Category The category of the file to add to the list .PARAMETER Reason The reason for adding the file. #> function Add-CyHashToGlobalList { Param ( [parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [CylanceAPIHandle]$API = $GlobalCyAPIHandle, [Parameter(Mandatory=$true)] [ValidateSet ("GlobalSafeList", "GlobalQuarantineList")] [String]$List, [Parameter( Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [String]$SHA256, [Parameter(Mandatory=$false)] [ValidateSet ("Admin Tool", "Commercial Software", "Drivers", "Internal Application", "Operating System", "Security Software", "None")] [String]$Category, [Parameter(Mandatory=$true)] [String]$Reason ) Begin { $headers = @{ "Accept" = "application/json" "Authorization" = "Bearer $($API.AccessToken)" } $APIListType = "GlobalQuarantine"; if ($List -eq "GlobalSafeList") { $APIListType = "GlobalSafe" } } Process { switch ($APIListType) { "GlobalQuarantine" { $updateMap = @{ "sha256" = $SHA256 "list_type" = $APIListType "reason" = $Reason } } "GlobalSafe" { $updateMap = @{ "sha256" = $SHA256 "list_type" = $APIListType "reason" = $Reason "category" = $Category } } } $json = $updateMap | ConvertTo-Json # remain silent $null = Invoke-RestMethod -Method POST -Uri "$($API.BaseUrl)/globallists/v2" -ContentType "application/json; charset=utf-8" -Header $headers -UserAgent "" -Body $json } } <# .SYNOPSIS Removes a hash from a global list .PARAMETER API Optional. API Handle (use only when not using session scope). .PARAMETER List The list type .PARAMETER SHA256 The file hash to remove. #> function Remove-CyHashFromGlobalList { Param ( [parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [CylanceAPIHandle]$API = $GlobalCyAPIHandle, [Parameter(Mandatory=$true)] [ValidateSet ("GlobalSafeList", "GlobalQuarantineList")] [String]$List, [Parameter( Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [String]$SHA256 ) Begin { $headers = @{ "Accept" = "application/json" "Authorization" = "Bearer $($API.AccessToken)" } $APIListType = "GlobalQuarantine"; if ($List -eq "GlobalSafeList") { $APIListType = "GlobalSafe" } } Process { $updateMap = @{ "sha256" = $SHA256 "list_type" = $APIListType } $json = $updateMap | ConvertTo-Json $null = Invoke-RestMethod -Method DELETE -Uri "$($API.BaseUrl)/globallists/v2" -ContentType "application/json; charset=utf-8" -Header $headers -UserAgent "" -Body $json } } |