Resources/DefenderRisk.ps1
function Get-RocketCyberDefenderRisk { <# .SYNOPSIS Gets defender risk information for a given account ID from the RocketCyber API. .DESCRIPTION The Get-RocketCyberDefenderRisk cmdlet gets defender risk information for a given account ID from the RocketCyber API. .PARAMETER id Data will be retrieved from this account id. .EXAMPLE Example Response Body: { "detectionSummary": { "totalEvents": 30, "totalMalicious": 14, "totalSuspicious": 10, "totalInformational": 0 }, "devicesAtRisk": { "total": 2, "data": [ { "hostname": "DESKTOP-AT67V98", "ipAddress": "23.778.24.3", "operatingSystem": { "platform": "Microsoft", "family": "Windows", "version": "10", "edition": "Pro" }, "detections": { "malicious": 1, "suspicious": 3, "informational": 0 } } ] }, "devicesWithPoorHealth": { "total": 1, "data": [ { "hostname": "DESKTOP-AT67V98", "ipAddress": "23.778.24.3", "operatingSystem": { "platform": "Microsoft", "family": "Windows", "version": "10", "edition": "Pro" } } ] }, "devicesWithUnknownHealth": { "total": 3, "data": [ { "hostname": "ip-56-1-9-331.ec5", "ipAddress": "11.0.3.11", "operatingSystem": { "platform": null, "family": "Red Hat Enterprise Linux", "version": "8.4 (Ootpa)", "edition": null } } ] } } .EXAMPLE Get-RocketCyberDefenderRisk -id 12345 Defender risk data will be retrieved from account 12345. .EXAMPLE 12345 | Get-RocketCyberDefenderRisk Defender risk data will be retrieved from account 12345. .NOTES N\A .LINK https://github.com/Celerium/RocketCyber-PowerShellWrapper https://api-doc.rocketcyber.com/ #> [CmdletBinding(DefaultParameterSetName = 'index')] Param ( [Parameter(Mandatory = $true , ValueFromPipeline = $true, ParameterSetName = 'index')] [ValidateRange(1, [int]::MaxValue)] [Int64]$id ) $resource_uri = "/$id/defender/risk" $body = @{} try { if ($null -eq $RocketCyber_API_Key) { throw "The RocketCyber API access token is not set. Run Add-RocketCyberAPIKey to set the API access token." } $Api_Key = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($RocketCyber_API_Key) $Bearer_Token = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($Api_Key) $RocketCyber_Headers.Add('Authorization', "Bearer $Bearer_Token") $rest_output = Invoke-RestMethod -method 'GET' -uri ( $RocketCyber_Base_URI + $resource_uri ) -headers $RocketCyber_Headers ` -body $body -ErrorAction Stop -ErrorVariable web_error } catch { Write-Error $_ } finally { [void] ($RocketCyber_Headers.Remove('Authorization')) if ($Api_Key) { [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($Api_Key) } } $data = @{} $data = $rest_output return $data } |