Functions/EventSecurity/Add-PASPTARule.ps1

# .ExternalHelp psPAS-help.xml
Function Add-PASPTARule {
    [CmdletBinding()]
    param(
        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateSet('SSH', 'WINDOWS', 'SCP', 'KEYSTROKES', 'SQL')]
        [string]$category,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$regex,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateRange(1, 100)]
        [int]$score,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string]$description,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateSet('NONE', 'TERMINATE', 'SUSPEND')]
        [string]$response,

        [parameter(
            Mandatory = $true,
            ValueFromPipelinebyPropertyName = $true
        )]
        [boolean]$active,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateSet('EXCLUDE', 'INCLUDE')]
        [string]$vaultUsersMode,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string[]]$vaultUsersList,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [ValidateSet('EXCLUDE', 'INCLUDE')]
        [string]$machinesMode,

        [parameter(
            Mandatory = $false,
            ValueFromPipelinebyPropertyName = $true
        )]
        [string[]]$machinesList

    )

    BEGIN {

        Assert-VersionRequirement -RequiredVersion 10.4
        $userScopeParams = [Collections.Generic.List[String]]@('vaultUsersMode', 'vaultUsersList')
        $machineScopeParams = [Collections.Generic.List[String]]@('machinesMode', 'machinesList')
        $scopeParams = [Collections.Generic.List[String]]@($userScopeParams + $machineScopeParams)

    }#begin

    PROCESS {

        #Get all parameters that will be sent in the request
        $boundParameters = $PSBoundParameters | Get-PASParameter

        #Create URL for Request
        $URI = "$Script:BaseURI/API/pta/API/Settings/RiskyActivity/"

        switch ($PSBoundParameters.keys) {

            { $scopeParams -contains $PSItem } {

                #Current parameter relates to scope section of request object
                if (-not($boundParameters.ContainsKey('scope'))) {
                    #create the scope key
                    $boundParameters.Add('scope', @{})
                }

                #determine whether vaultUsers or machines scope item
                if ($userScopeParams -contains $PSItem) {
                    $scopeItem = 'vaultUsers'
                } elseif ( $machineScopeParams -contains $PSItem) {
                    $scopeItem = 'machines'
                }

                #add scope item key to bond parameters
                if (-not($boundParameters['scope'].ContainsKey($scopeItem))) {
                    $boundParameters['scope'].Add($scopeItem, @{})
                }
                #translate paramer names into request property name
                #* Return only last 4 characters of parametername in lowercase
                #*vaultUsersMode & machinesMode translate to "mode"
                #*vaultUsersList & machinesList translate to "list"
                $property = ($PSItem).Substring(($PSItem).length - 4, 4).ToLower()

                #Add scope parameter vaultUsers & machines request values to boundParameters
                $boundParameters['scope'][$scopeItem][$property] = $PSBoundParameters[$PSItem]

            }

        }

        #Create body of request
        #* Ensure JSON Depth of 3 to capture correct scope format
        $Body = $boundParameters | Get-PASParameter -ParametersToRemove $scopeParams | ConvertTo-Json -Depth 3

        #send request to PAS web service
        $result = Invoke-PASRestMethod -Uri $URI -Method POST -Body $Body -WebSession $Script:WebSession

        If ($null -ne $result) {

            #Return Results
            $result | Add-ObjectDetail -typename 'psPAS.CyberArk.Vault.PTA.Rule'

        }

    }#process

    END { }#end

}