Functions/EventSecurity/Set-PASPTARule.ps1
|
# .ExternalHelp psPAS-help.xml Function Set-PASPTARule { [CmdletBinding(SupportsShouldProcess)] param( [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateRange(1, [int]::MaxValue)] [string]$id, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateSet('SSH', 'WINDOWS', 'SCP', 'KEYSTROKES', 'SQL')] [string]$category, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [string]$regex, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateRange(1, 100)] [int]$score, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [string]$description, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [ValidateSet('NONE', 'TERMINATE', 'SUSPEND')] [string]$response, [parameter( Mandatory = $true, ValueFromPipelinebyPropertyName = $true )] [boolean]$active, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [ValidateSet('EXCLUDE', 'INCLUDE')] [string]$vaultUsersMode, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string[]]$vaultUsersList, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [ValidateSet('EXCLUDE', 'INCLUDE')] [string]$machinesMode, [parameter( Mandatory = $false, ValueFromPipelinebyPropertyName = $true )] [string[]]$machinesList ) BEGIN { Assert-VersionRequirement -RequiredVersion 10.4 $userScopeParams = [Collections.Generic.List[String]]@('vaultUsersMode', 'vaultUsersList') $machineScopeParams = [Collections.Generic.List[String]]@('machinesMode', 'machinesList') $scopeParams = [Collections.Generic.List[String]]@($userScopeParams + $machineScopeParams) }#begin PROCESS { #Get all parameters that will be sent in the request $boundParameters = $PSBoundParameters | Get-PASParameter #Create URL for Request $URI = "$Script:BaseURI/API/pta/API/Settings/RiskyActivity/" switch ($PSBoundParameters.keys) { { $scopeParams -contains $PSItem } { #Current parameter relates to scope section of request object if (-not($boundParameters.ContainsKey('scope'))) { #create the scope key $boundParameters.Add('scope', @{}) } #determine whether vaultUsers or machines scope item if ($userScopeParams -contains $PSItem) { $scopeItem = 'vaultUsers' } elseif ( $machineScopeParams -contains $PSItem) { $scopeItem = 'machines' } #add scope item key to bond parameters if (-not($boundParameters['scope'].ContainsKey($scopeItem))) { $boundParameters['scope'].Add($scopeItem, @{}) } #translate paramer names into request property name #* Return only last 4 characters of parametername in lowercase #*vaultUsersMode & machinesMode translate to "mode" #*vaultUsersList & machinesList translate to "list" $property = ($PSItem).Substring(($PSItem).length - 4, 4).ToLower() #Add scope parameter vaultUsers & machines request values to boundParameters $boundParameters['scope'][$scopeItem][$property] = $PSBoundParameters[$PSItem] } } #Create body of request #* Ensure JSON Depth of 3 to capture correct scope format $Body = $boundParameters | Get-PASParameter -ParametersToRemove $scopeParams | ConvertTo-Json -Depth 3 if ($PSCmdlet.ShouldProcess($id, 'Update Risky Activity Rule')) { #send request to PAS web service Invoke-PASRestMethod -Uri $URI -Method PUT -Body $Body -WebSession $Script:WebSession } }#process END { }#end } |