
function ConvertFrom-UnixTime {
    param (
    process {
        foreach ( $ThisUnixDate in $UnixDate ) {
            $Origin = New-Object DateTime 1970, 1, 1, 0, 0, 0, ([DateTimeKind]::Utc)

            # Remember: GuardiCore works with epoch times in milliseconds

function ConvertTo-UnixTime {
    param (
    process {
        foreach ( $ThisDateTime in $DateTime ) {
            $Origin = New-Object DateTime 1970, 1, 1, 0, 0, 0, ([DateTimeKind]::Utc)

function Get-Agent {
    param (





        $Status, # = display_status


        [ValidateSet("Active","Not Deployed","Disabled")]
        $Enforcement, # = module_status_enforcement

        [ValidateSet("Active","Not Deployed")]
        $Deception, # = module_status_deception

        [ValidateSet("Active","Not Deployed")]
        $Detection, # = module_status_detection

        [ValidateSet("Active","Not Deployed")]
        $Reveal,  # = module_status_reveal


        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/agents"

    # Building the request body with given parameters

    $Body = @{
        version = $Version -join ","
        kernel = $Kernel -join ","
        os = $OS -join ","
        labels = $ -join ","
        display_status = $Status -join ","
        status_flags = $Flag -join ","
        module_status_deception = $Deception -join ","
        module_status_detection = $Detection -join ","
        module_status_reveal = $Reveal -join ","
        activity = $Activity -join ","
        gc_filter = $Search
        limit = $Limit
        offset = $Offset

    # This one's unique
    if ( $Enforcement ) {
        $Add += foreach ($ThisEnforcement in $Enforcement) {
            if ($ThisEnforcement -eq "Disabled") {
                $ThisEnforcement = "Enforcement disabled from management console"
            } else {

        $Body.module_status_enforcement = $Add -join ","

    # Removing empty hashtable keys
    $RequestBody = Remove-EmptyKeys $Body

    # Making the call
    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCAgent"); $_}

function Get-Aggregator {
    param (



        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/agent_aggregators"

    # Building the request body with given parameters

    $Body = @{
        gc_filter = $Search
        display_status = $Status -join ","
        version = $Version -join ","
        limit = $Limit
        offset = $Offset

    # Removing empty hashtable keys
    $RequestBody = Remove-EmptyKeys $Body

    # Making the call
    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCAggregator"); $_}

function Get-ApiKey {
    param (
        [Parameter(Mandatory=$true,ParameterSetName = "ByName")]

        [Parameter(Mandatory=$true,ParameterSetName = "ByUri")]


    begin {
        if ( $Server ) {
            $Uri = "https://" + $Server + ""
        } else {
            $Uri = $Uri + "/api/v3.0"
        $TempUri = $Uri + "/authenticate"
        $Body = [PSCustomObject]@{
            "username" = ""
            "password" = ""
    process {
        $Body.username = $Credential.UserName
        $Body.password = $Credential.GetNetworkCredential().Password
        $BodyJson = $Body | ConvertTo-Json -Depth 99

        if ( $pscmdlet.ShouldProcess("$Server","Invoke-RestMethod -Uri $TempUri -Method 'Post'") ) {
            try {
                $Token = Invoke-RestMethod -Uri $TempUri -Method "Post" -Body $BodyJson -ContentType "application/json" | Select-Object -ExpandProperty "access_token"
            catch {
                throw $_.Exception

        if ( $Export ) {
            # Returns the object on the pipeline.

                PSTypeName = "GCApiKey"
                Token = $Token
                Uri = $Uri
        } else {
            # Saves the object in a global (session scope) variable called GCApiKey, so other functions don't need a key input.

            $Global:GCApiKey = [PSCustomObject]@{
                PSTypeName = "GCApiKey"
                Token = $Token
                Uri = $Uri

function Get-Asset {
    param (





        [Int32]$Limit = 20,



    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
            $Uri = "/assets"

    process {
        # Handling pipeline input
        $LabelIDs = foreach ($L in $Label) {

        $Body = @{
            search = $Search
            status = $Status
            risk_level = $Risk
            labels = $LabelIDs -join ","
            asset = ""
            limit = $Limit
            offset = $Offset

        # Handling strange asset case

        if ( $Asset ) {
            if ( $Asset[0]._id ) {
                $Body.asset = "vm:" + $Asset[0]._id
            } else {
                $Body.asset = "vm:" + $Asset

        # Removing empty hashtable keys
        $RequestBody = Remove-EmptyKeys $Body

        # Making the call
        if ( $Raw ) {
            pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
        } else {
            pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCAsset"); $_}

function Get-Collector {
    param (



        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/collectors"

    # Building the request body with given parameters

    $Body = @{
        gc_filter = $Search
        display_status = $Status -join ","
        version = $Version -join ","
        limit = $Limit
        offset = $Offset

    # Removing empty hashtable keys
    $RequestBody = Remove-EmptyKeys $Body

    # Making the call
    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCCollector"); $_}

function Get-Incident{
    param (



        [ValidateSet("Incident","Deception","Network Scan","Reveal","Experimental")]









        $Limit = 20,

        $Offset = 0,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        # This sort is required for legacy URI building
        $Uri = "/incidents?sort=-start_time"

    # Handling start and end time defaults

    if ( -not $StartTime ) {
        $StartTime = $(Get-Date).AddHours(-1)

    if ( -not $EndTime ) {
        $EndTime = Get-Date

    [Int64]$StartTime = $StartTime | ConvertTo-GCUnixTime
    [Int64]$EndTime = $EndTime | ConvertTo-GCUnixTime

    # Building request body with parameters

    $Body = @{
        from_time = $StartTime
        to_time = $EndTime
        severity = $Severity
        incident_type = $IncidentType
        tag = $IncludeTag -join ","
        tags__not = $ExcludeTag -join ","
        id = $ID
        limit = $Limit
        offset = $Offset

    # Removing empty keys

    $RequestBody = Remove-EmptyKeys $Body

    # This legacy URI building is actually necessary,
    # due to the complicated way in which the URI needs to be structured.
    ### SOURCE ###

    $Uri += "&source="

    if ( $SourceLabel ) {
        $Uri += "labels:"
        $Uri += $ -join "|"

    if ( $SourceAsset ) {
        $Uri += "assets:"
        $Uri += $SourceAsset -join ","

    if ( $Uri[$Uri.length-1] -eq "=" ) {
        $Uri = $Uri.SubString(0,$Uri.Length-8)

    ### DESTINATION ###

    $Uri += "&destination="

    if ( $DestinationLabel ) {
        $Uri += "labels:"
        $Uri += $ -join "|"

    if ( $DestinationAsset ) {
        $Uri += "assets:"
        $Uri += $DestinationAsset -join ","

   if ( $Uri[$Uri.length-1] -eq "=" ) {
        $Uri = $Uri.SubString(0,$Uri.Length-13)

    ### ANY SIDE ###
    $Uri += "&any_side="

    if ( $AnySideLabel ) {
        $Uri += "labels:"
        $Uri += $ -join "|"

    if ( $AnySideAsset ) {
        $Uri += "assets:"
        $Uri += $AnySideAsset -join ","

    if ( $Uri[$Uri.length-1] -eq "=" ) {
        $Uri = $Uri.SubString(0,$Uri.Length-10)

    # Making the call

    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCIncident"); $_}

function Get-Label {
    param (




        $DynamicCriteriaLimit = 10,

        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/labels"

    # Building the request body with given parameters

    $Body = @{
        find_matches = $FindMatches:isPresent
        text_search = $Search
        key = $LabelKey
        value = $LabelValue
        dynamic_criteria_limit = $DynamicCriteriaLimit
        limit = $Limit
        offset = $Offset

    # Removing empty keys

    $RequestBody = Remove-EmptyKeys $Body

    # Making the call

    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCLabel"); $_}

function Get-LabelGroup {
    param (





        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $RequestKey = $ApiKey
        } else {
            $RequestKey = $global:GCApiKey
        $Uri = "/visibility/label-groups"

    # Building the request body based on given parameters
    $Body = @{
        key = $Key
        value = $Value
        assets = $ -join ","
        criteria = $ -join ","
        assets_status = $Status -join ","
        limit = $limit
        offset = $offset

    # Removing empty hashtable keys
    $RequestBody = Remove-EmptyKeys $Body

    # Making the call
    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $RequestKey
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $RequestKey | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCLabelGroup"); $_}

function Get-Policy {
    param (

        $Section = @("allow","alert","block"),


        $Protocol = @("TCP","UDP"),











            foreach ($Subnet in $_) {
                if ( -not ($Subnet -match "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/([1-9]|[1-2][0-9]|[3][0-2])") ) {
                    throw "The subnet provided is not a valid subnet. Please provide a subnet in format."


            foreach ($Subnet in $_) {
                if ( -not ($Subnet -match "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/([1-9]|[1-2][0-9]|[3][0-2])") ) {
                    throw "The subnet provided is not a valid subnet. Please provide a subnet in format."


            foreach ($Subnet in $_) {
                if ( -not ($Subnet -match "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/([1-9]|[1-2][0-9]|[3][0-2])") ) {
                    throw "The subnet provided is not a valid subnet. Please provide a subnet in format."







        $Limit = 20,

        $Offset = 0,



    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/policy/rules?limit=" + $Limit

    # Building the request body with given parameters

    $Body = @{
        sections = $Section -join ","
        protocols = $Protocol -join ","
        offset = $Offset
        search = $Search
        comments = $Comments
        ruleset = $Ruleset
        state = $State -join ","
        port = $Port -join ","

    # Removing empty keys

    $RequestBody = Remove-EmptyKeys $Body

    # Legacy URI building

    ##### SOURCES #####

    $Uri += "&source="

    if ( $SourceLabel ) {
        $Uri += "labels:"
        foreach ($Group in $SourceLabel) {
            $Uri += $ -join ">"
            $Uri += "|"

        $Uri = $Uri.SubString(0,$Uri.length-1) #Remove trailing "|"

        $Uri += ","

    if ( $SourceProcess ) {
        $Uri += "processes:"
        $Uri += $SourceProcess -join "|"

        $Uri += ","

    if ( $SourceAsset ) {
        $Uri += "assets:"
        $Uri += $ + "|"

        $Uri += ","

    if ( $SourceSubnet ) {
        $Uri += "subnet:" + $SourceSubnet + ","

    if ( $PSBoundParameters.ContainsKey("SourceInternet") ) { #checks for the existence of the parameter
        if ( $SourceInternet -eq $true ) {
            $Uri += "address_classification:Internet,"
        } elseif ( $SourceInternet -eq $false ) {
            $Uri += "address_classification:Private,"

    #If any above parameter was present, remove the trailing ","; if nothing above was present, remove "source="
    if ( $Uri.SubString($Uri.length-1) -eq "," ) {
        $Uri = $Uri.SubString(0,$Uri.length-1)
    } else {
        $Uri = $Uri.SubString(0,$Uri.length-8)


    ##### DESTINATIONS #####

    $Uri += "&destination="

    if ( $DestinationLabel ) {
        $Uri += "labels:"
        foreach ($Group in $DestinationLabel) {
            $Uri += $ -join ">"

            $Uri += "|"

        $Uri = $Uri.SubString(0,$Uri.length-1) #Remove trailing "|"

        $Uri += ","

    if ( $DestinationProcesses ) {
        $Uri += "processes:"
        $Uri += $DestinationProcesses -join "|"

        $Uri += ","

    if ( $DestinationAsset ) {
        $Uri += "assets:"
        $Uri += $ -join "|"

        $Uri += ","

    if ( $DestinationSubnet ) {
        $Uri += "subnet:" + $DestinationSubnet + ","

    if ( $PSBoundParameters.ContainsKey("DestinationInternet") ) {
        if ( $DestinationInternet -eq $true ) {
            $Uri += "address_classification:Internet,"
        } elseif ( $DestinationInternet -eq $false ) {
            $Uri += "address_classification:Private,"

    #If any above parameter was present, remove the trailing ","; if nothing above was present, remove "&destination="
    if ( $Uri.SubString($Uri.length-1) -eq "," ) {
        $Uri = $Uri.SubString(0,$Uri.length-1)
    } else {
        $Uri = $Uri.SubString(0,$Uri.length-13)


    ##### ANY SIDE #####

    $Uri += "&any_side="

    if ( $AnySideLabel ) {
        $Uri += "labels:"
        foreach ($Group in $AnySideLabel) {
                $Uri += $ -join ">"
                $Uri += "|"

        $Uri = $Uri.SubString(0,$Uri.length-1) #Remove trailing "|"

        $Uri += ","

    if ( $AnySideProcesses ) {
        $Uri += "processes:"
        foreach ($Process in $AnySideProcesses) {
            $Uri += $Process + "|"

        $Uri = $Uri.SubString(0,$Uri.length-1) #Remove trailing "|"

        $Uri += ","

    if ( $AnySideAsset ) {
        $Uri += "assets:"
        $Uri += $AnySideAsset -join "|"

        $Uri += ","

    if ( $AnySideSubnet ) {
        $Uri += "subnet:" + $AnySideSubnet + ","

    if ( $PSBoundParameters.ContainsKey("AnySideInternet") ) { #checks for the existence of the parameter
        if ( $AnySideInternet -eq $true ) {
            $Uri += "address_classification:Internet,"
        } elseif ( $AnySideInternet -eq $false ) {
            $Uri += "address_classification:Private,"

    #If any above parameter was present, remove the trailing ","; if nothing above was present, remove "&any_side="
    if ( $Uri.SubString($Uri.length-1) -eq "," ) {
        $Uri = $Uri.SubString(0,$Uri.length-1)
    } else {
        $Uri = $Uri.SubString(0,$Uri.length-10)


    # Make the call

    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCPolicy"); $_}

function Get-RawFlow {
    param (













        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/connections?sort=slot_start_time"

    # Handling default time values

    if ( -not $StartTime ) {
        $StartTime = $(Get-Date).AddHours(-1)

    if ( -not $EndTime ) {
        $EndTime = Get-Date

    # Building the request body

    $Body = @{
        from_time = (ConvertTo-GCUnixTime $StartTime)
        to_time = (ConvertTo-GCUnixTime $EndTime)
        offset = $Offset
        limit = $Limit

    # Removing empty keys

    $RequestBody = Remove-EmptyKeys $Body

    # Legacy URI building

    ### Source ###

    if ( $SourceProcess -or $SourceAsset -or $SourceLabel -or $PSBoundParameters.ContainsKey("SourceInternat") ) {
        $Uri += "&source="

    if ( $SourceInternet -eq $true ) {
        $Uri += "address_classification:Internet"
    } elseif ( $PSBoundParameters.ContainsKey("SourceInternet") -and ($SourceInternet -eq $false) ) {
        $Uri += "address_classification:Private"

    if ( $SourceProcess ) {
        $Uri += "processes:"
        $Uri += $SourceProcess -Join ","

    if ( $SourceAsset ) {
        $Uri += "assets:"
        $Uri += $ -Join ","

    if ( $SourceLabel ) { #2D array; outer group is OR, inner groups are AND
        $Uri += "labels:"
        foreach ($Group in $SourceLabel) {
            $Uri += $ -Join ">"
            $Uri += "|"

        $Uri = $Uri.SubString(0,$Uri.Length-1) #Removing last "|"

    ### Destination ###

    if ( $DestinationProcess -or $DestinationAsset -or $DestinationLabel -or $PSBoundParameters.ContainsKey("DestinationInternet") ) {
        $Uri += "&destination="

    if ( $DestinationInternet -eq $true ) {
        $Uri += "address_classification:Internet"
    } elseif ( $PSBoundParameters.ContainsKey("DestinationInternet") -and ($DestinationInternet -eq $false) ) {
        $Uri += "address_classification:Private"

    if ( $DestinationProcess ) {
        $Uri += "processes:"
        $Uri += $DestinationProcess -Join ","

    if ( $DestinationAsset ) {
        $Uri += "assets:"
        $Uri += $ -Join ","

    if ( $DestinationLabel ) {
        $Uri += "labels:"
        foreach ($Group in $DestinationLabel) {
            $Uri += $ -Join ">"
            $Uri += "|"

        $Uri = $Uri.SubString(0,$Uri.Length-1) #Removing last "|"

    ### Any Side ###

    if ( $AnySideProcess -or $AnySideAsset -or $AnySideLabel ) {
        $Uri += "&any_side="

    if ( $AnySideProcess ) {
        $Uri += "processes:"
        $Uri += $AnySideProcess -Join ","

    if ( $AnySideAsset ) {
        $Uri += "assets:"
        $Uri += $ -Join ","

    if ( $AnySideLabel ) {
        $Uri += "labels:"
        foreach ($Group in $AnySideLabel) {
            $Uri += $ -Join ">"
            $Uri += "|"
        $Uri = $Uri.SubString(0,$Uri.Length-1) #Removing last "|"

    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCRawFlow"); $_}

function Get-SavedMap {
    param (







        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/saved-maps"

    # Building request body from parameters

    $Body = @{
        author_id = $AuthorID -join ","
        state = $State -join ","
        features = $Features -join ","
        included_asset_ids = $ -join ","
        included_label_ids = $ -join ","
        time_range_filter = ""
        search = $Search
        limit = $Limit
        offset = $Offset

    # Weird parameter

    if ( $TimeRange ) {
        if ( $TimeRange.count -ne 2 ) {
            throw "Incorrect time range syntax"

        $Range0 = $TimeRange[0] | ConvertTo-GCUnixTime
        $Range1 = $TimeRange[1] | ConvertTo-GCUnixTime

        $Body.time_range_filter = $Range0 + "," + $Range1

    # Removing empty keys

    $RequestBody = Remove-EmptyKeys $Body

    if ( $Raw ) {
        pwsh-GC-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-GC-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCSavedMap"); $_}

function Get-User {
    param (

        $Limit = 20,




    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/system/users"

    $Body = @{
        username = $Name -join ","
        limit = $Limit
        offset = $Offset

    $RequestBody = Remove-EmptyKeys $Body

    if ( $Raw ) {
        pwsh-gc-get-request -Raw -Uri $Uri -Body $RequestBody -ApiKey $Key
    } else {
        pwsh-gc-get-request -Uri $Uri -Body $RequestBody -ApiKey $Key | foreach {$_.PSTypeNames.Clear(); $_.PSTypeNames.Add("GCUser"); $_}

function New-BlankLabel {
    param (



    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/labels"

    $Body = [PSCustomObject]@{
        id = $null
        key = $LabelKey
        value = $LabelValue
        criteria = @()

    $Should = $Body.key + ": " + $Body.value
    if ( $PSCmdlet.ShouldProcess($Should,"pwsh-GC-post-request on $Uri with $Key") ) {
        pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function New-DynamicLabel {
    param (







    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
            $Uri = "/visibility/labels"

        $Body = [PSCustomObject]@{
            id = $null
            key = $LabelKey
            value = $LabelValue
            criteria = @() #This is an array of "criteria objects" that can be specified by an array of these objects from the pipeline, via the $Criteria parameter. You can also create a rule with just a single criteria by directly specifying Argument, Field, and Operation.
    process {
        if ( -not ($LabelKey -and $LabelValue -and (($Argument -and $Field -and $Operation) -or $Criteria)) ) {
            throw "Parameters required: LabelKey, LabelValue, and either one or more Criteria objects, an Argument, Field, and Operation, or a label object"
        if ( $Criteria ) {
            $Body.criteria += $Criteria
        } else {
            $Body.criteria += [PSCustomObject]@{
                argument = $Argument
                field = $Field
                op = $Operation
    end {
        $Should = $Body.key + ": " + $Body.value
        if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-get-request -Raw -Uri $Uri -ApiKey $Key") ) {
            pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function New-Policy {
    param (


        $Protocol = @("TCP","UDP"),
















    if ( GCApiKey-present $ApiKey  ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/policy/sections/" + $Section + "/rules"

    $ordering_value = $null #Required to be $null by the API call
    $ruleset_id = $null #Required to be $null by the API call

    $Body = [PSCustomObject]@{
        ordering_value = $ordering_value
        rule = [PSCustomObject]@{
            ruleset_id = $ruleset_id
            port_ranges = @()
            ports = @()
            source = [PSCustomObject]@{}
            destination = [PSCustomObject]@{}
            ip_protocols = $Protocol
            action = $Action

    if ( $Port ) {
        $Body.rule.ports = $Port

    if ( $PortRange ) {
        #The validation doesn't work in ValidateScript for some reason, so I'm just doing it here
        foreach ($P in $PortRange) {
            if ( $P.length -ne 2 ) {
                throw "Parameter PortRange: Each range must consist of starting and ending port"

            foreach ($Port in $P) {
                if ( -not (($Port -is [int]) -and ($Port -gt 0) -and ($Port -lt 65536)) ) {
                    throw "Parameter PortRange: Ports may only be integers from 1 to 65535"

            if ( $P[1] -le $P[0] ) {
                throw "Parameter PortRange: Each range's end value must be greater than its start value"

            $port_range = [PSCustomObject]@{
                start = $P[0]
                end = $P[1]

            $Body.rule.port_ranges += $port_range

    if ( $SourceLabel ) {
        $temp = [PSCustomObject]@{}
        $Body.rule.source | Add-Member -MemberType NoteProperty -Name labels -Value $temp
        $Body.rule.source.labels | Add-Member -MemberType NoteProperty -Name or_labels -Value @()

        $or_labels = @()

        foreach ($Group in $SourceLabel) {
            $and_labels = [PSCustomObject]@{
                and_labels = @()

            foreach ($Item in $Group) {
                $and_labels.and_labels += $

            $or_labels += $and_labels

        $Body.rule.source.labels.or_labels = $or_labels

    if ( $DestinationLabel ) {
        $temp = [PSCustomObject]@{}
        $Body.rule.destination | Add-Member -MemberType NoteProperty -Name labels -Value $temp
        $Body.rule.destination.labels | Add-Member -MemberType NoteProperty -Name or_labels -Value @()

        $or_labels = @()

        foreach ($Group in $DestinationLabel) {
            $and_labels = [PSCustomObject]@{
                and_labels = @()

            foreach ($Item in $Group) {
                $and_labels.and_labels += $

            $or_labels += $and_labels

        $Body.rule.destination.labels.or_labels = $or_labels

    if ( $SourceProcesses ) {
        $Body.rule.source | Add-Member -MemberType NoteProperty -Name processes -Value $SourceProcesses

    if ( $DestinationProcesses ) {
        $Body.rule.destination | Add-Member -MemberType NoteProperty -Name processes -Value $DestinationProcesses

    if ( $SourceAsset ) {
        $Body.rule.source | Add-Member -MemberType NoteProperty -Name asset_ids -Value @($

    if ( $DestinationAsset ) {
        $Body.rule.destination | Add-Member -MemberType NoteProperty -Name asset_ids -Value @($

    if ( $SourceSubnet ) {
        $Body.rule.source | Add-Member -MemberType NoteProperty -Name subnets -Value $SourceSubnet

    if ( $DestinationSubnet ) {
        $Body.rule.destination | Add-Member -MemberType NoteProperty -Name subnets -Value $DestinationSubnet

    if ( $PSBoundParameters.ContainsKey("SourceInternet") ) { #checks for the existence of the parameter
        if ( $SourceInternet -eq $true ) {
            $Body.rule.source | Add-Member -MemberType NoteProperty -Name address_classification -Value "Internet"
        } elseif ( $SourceInternet -eq $false ) {
            $Body.rule.source | Add-Member -MemberType NoteProperty -Name address_classification -Value "Private"

    if ( $PSBoundParameters.ContainsKey("DestinationInternet") ) {
        if ( $DestinationInternet -eq $true ) {
            $Body.rule.destination | Add-Member -MemberType NoteProperty -Name address_classification -Value "Internet"
        } elseif ( $DestinationInternet -eq $false ) {
            $Body.rule.destination | Add-Member -MemberType NoteProperty -Name address_classification -Value "Private"

    if ( $Comments ) {
        $Body.rule | Add-Member -MemberType NoteProperty -Name comments -Value $Comments

    if ( $Ruleset ) {
        $Body.rule | Add-Member -MemberType NoteProperty -Name ruleset_name -Value $Ruleset

    $Should = $Ruleset
    if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -ApiKey $Key") ) {
        pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function New-SavedMap{
    param (











    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/saved-maps"

    # Building the request body based on parameters

    $Body = [PSCustomObject]@{
        name = ""
        map_type = 1
        filters = [PSCustomObject]@{}
        start_time_filter = $null
        end_time_filter = $null
        include_processes = $IncludeProcesses.IsPresent
        time_resolution = $TimeResolution.IsPresent
        email_on_progress = $EmailOnProgress.IsPresent

    if ( -not $StartTime ) {
        $Body.start_time_filter = $($(Get-Date).AddHours(-1) | ConvertTo-GCUnixTime)
    } else {
        $Body.start_time_filter = $StartTime | ConvertTo-GCUnixTime

    if ( -not $EndTime ) {
        $Body.end_time_filter = $(Get-Date | ConvertTo-GCUnixTime)
    } else {
        $Body.end_time_filter = $EndTime | ConvertTo-GCUnixTime

    if ( $Name ) {
        $ = $Name

    if ( $Public ) {
        $Body.map_type = 0

    if ( $FilterHashTableInclude ) {
        $temp = [PSCustomObject]@{}
        $Body.filters | Add-Member -MemberType NoteProperty -Name include -Value $temp
        foreach ($Hash in $FilterHashTableInclude.Keys) {
            $Body.filters.include | Add-Member -MemberType NoteProperty -Name $Hash -Value @($FilterHashTableInclude[$Hash])

    if ( $FilterHashTableExclude ) {
        $temp = [PSCustomObject]@{}
        $Body.filters | Add-Member -MemberType NoteProperty -Name exclude -Value $temp
        foreach ($Hash in $FilterHashTableExclude.Keys) {
            $Body.filters.exclude | Add-Member -MemberType NoteProperty -Name $Hash -Value @($FilterHashTableExclude[$Hash])

    if ( $TimeRange ) {
        if ( $TimeRange.count -ne 2 ) {
            throw "Incorrect time range syntax"

        $Start = $TimeRange[0] | ConvertTo-GCUnixTime
        $End = $TimeRange[1] | ConvertTo-GCUnixTime

        $Body.start_time_filter = $Start
        $Body.end_time_filter = $End

    $Should = $Name
    if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -ApiKey $Key") ) {
        pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function New-StaticLabel {

    param (



    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
            $Uri = "/assets/labels/" + $LabelKey + "/" + $LabelValue

        $Body = [PSCustomObject]@{
            "vms" = @()
    process {
        if ( $Asset ) {
            $Body.vms += foreach ($ThisAsset in $Asset) {
    end {
        $Should = $LabelKey + ": " + $LabelValue
        if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -ApiKey $Key") ) {
            pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function New-User {

    param (








    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/system/user"

    if ( -not $Description ) {
        $Description = "Created by the API"

    $Body = [PSCustomObject]@{
        action = "create"
        can_access_passwords = $IncidentPasswordAccess.IsPresent
        description = $Description
        email = $Email
        password = $Password
        password_confirm = $Password
        permission_scheme_ids = @($Permissions)
        two_factor_auth_enabled = $TwoFactor.IsPresent
        username = $Name

    $Should = $Name
    if ( $PSCmdlet.ShouldProcess($Should, "pwsh-gc-post-request -Raw -Uri $Uri -ApiKey $Key") ) {
        pwsh-gc-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function Publish-Policy {


    if ( GCApiKey-present $ApiKey ) {
        if ( $ApiKey ) {
            $Key = $ApiKey
        } else {
            $Key = $global:GCApiKey
        $Uri = "/visibility/policy/revisions"

    # Building the request body from parameters

    $Body = [PSCustomObject]@{
        action = "publish"
        comments = $Comments

    $Should = $Body.action
    if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -ApiKey $Key") ) {
        pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function Remove-Label {
    param (

    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
    process {
        foreach ($ThisLabel in $Label) {
            $Uri = "/visibility/labels/" + $
            $Should = $Uri
            if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-delete-request -Uri $Uri -ApiKey $Key") ) {
                pwsh-GC-delete-request -Uri $Uri -ApiKey $Key

function Remove-Policy {
    param (

    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey

        $Body = [PSCustomObject]@{
            action = "delete"
    process {
        foreach ($ThisPolicy in $Policy) {
            $Uri = "/visibility/policy/rules/" + $

            $Should = $Uri
            if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key") ) {
                pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function Remove-SavedMap {
    param (

    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey

        $Body = [PSCustomObject]@{
            action = "delete"
    process {
        foreach ($ThisMap in $Map) {
            $Uri = "/visibility/saved-maps/" + $

            $Should = [string]$Uri
            if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key") ) {
                pwsh-GC-post-request -Raw -Uri $Uri -Body $Body -ApiKey $Key

function Remove-User {
    param (



    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
            $Uri = "/system/user"

    process {
        foreach ( $ThisUser in $Username ) {
            $Body = [PSCustomObject]@{
                action = "delete"
                confirm = $true
                username = $ThisUser

            $Should = $username
            if ( $PSCmdlet.ShouldProcess($Should, "pwsh-gc-post-request -Uri $Uri -Body $Body -ApiKey $Key -Raw:$Raw.IsPresent") ) {
                pwsh-gc-post-request -Uri $Uri -Body $Body -ApiKey $Key -Raw:$Raw.IsPresent

function Set-Label {

    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey

    process {
        foreach ( $ThisLabel in $Label ) {
            $Uri = "/visibility/labels/" + $
            $RequestBody = $ThisLabel | Select-Object -ExcludeProperty id,_id

            $Should = $Uri
            if ( $PSCmdlet.ShouldProcess($Should, "pwsh-GC-post-request -Raw -Uri $Uri -Method Put -ApiKey $Key") ) {
                pwsh-GC-post-request -Raw -Uri $Uri -Body $RequestBody -Method Put -ApiKey $Key

function Set-Password {



    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
            $Uri = "/system/user"

    process {
        foreach ( $ThisUser in $User ) {
            # Serialize/deserialize
            $RequestUser = $ThisUser | ConvertTo-Json -Depth 2 | ConvertFrom-Json

            $RequestUser | Add-Member -MemberType NoteProperty -Name "action" -Value "update"
            $RequestUser | Add-Member -MemberType NoteProperty -Name "password" -Value ($Password | ConvertFrom-SecureString)
            $RequestUser | Add-Member -MemberType NoteProperty -Name "password_confirm" -Value $Password
            $RequestBody = $RequestUser | Select-Object -Property action,can_access_passwords,description,email,id,permission_scheme_ids,two_factor_auth_enabled,username,password,password_confirm

            $Should = $ThisUser.username
            if ( $PSCmdlet.ShouldProcess($Should,"pwsh-GC-post-request -Raw -Uri $Uri -Method Post -ApiKey $Key") ) {
                pwsh-GC-post-request -Raw -Uri $Uri -Body $RequestBody -Method Post -ApiKey $Key

function Set-Policy {
    param (

    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
    process {
        foreach ($ThisPolicy in $Policy) {
            # Serialize/deserialize data
            $PCopy = $ThisPolicy | ConvertTo-Json -Depth 99 | ConvertFrom-Json
            $Uri = "/visibility/policy/rules/" + $

            # Have to parse the source/destination labels to only contain IDs,
            # instead of all the other info that they come with from Get-GCLabel
            # Passing that extra info to the API errors out,
            # because this api call is just like the one for creating new policy,
            # and only uses label IDs for the source/destination

            if ( $PCopy.source.labels ) {
                $OrCount = $PCopy.source.labels.or_labels.count
                for ($i = 0; $i -lt $OrCount; $i++) {
                    $AndCount = $PCopy.source.labels.or_labels[$i].and_labels.count
                    for ($j = 0; $j -lt $AndCount; $j++) {
                        $temp = $PCopy.source.labels.or_labels[$i].and_labels[$j].id
                        $PCopy.source.labels.or_labels[$i].and_labels[$j] = $temp

            if ( $PCopy.destination.labels ) {
                $OrCount = $PCopy.destination.labels.or_labels.count
                for ($i = 0; $i -lt $OrCount; $i++) {
                    $AndCount = $PCopy.destination.labels.or_labels[$i].and_labels.count
                    for ($j = 0; $j -lt $AndCount; $j++) {
                        $temp = $PCopy.destination.labels.or_labels[$i].and_labels[$j].id
                        $PCopy.destination.labels.or_labels[$i].and_labels[$j] = $temp

            $RequestBody = $PCopy

            $Should = $RequestBody.ruleset_name
            if ( $PSCmdlet.ShouldProcess($Should,"pwsh-GC-post-request -Raw -Uri $Uri -Method Put -ApiKey $Key") ) {
                pwsh-GC-post-request -Raw -Uri $Uri -Body $RequestBody -Method Put -ApiKey $Key

function Set-User {


    begin {
        if ( GCApiKey-present $ApiKey ) {
            if ( $ApiKey ) {
                $Key = $ApiKey
            } else {
                $Key = $global:GCApiKey
            $Uri = "/system/user"

    process {
        foreach ( $ThisUser in $User ) {
            # Serialize/deserialize
            $RequestUser = $ThisUser | ConvertTo-Json -Depth 2 | ConvertFrom-Json

            $RequestUser | Add-Member -MemberType NoteProperty -Name "action" -Value "update"
            $RequestBody = $RequestUser | Select-Object -Property action,can_access_passwords,description,email,id,permission_scheme_ids,two_factor_auth_enabled,username

            $Should = $ThisUser.username
            if ( $PSCmdlet.ShouldProcess($Should,"pwsh-GC-post-request -Raw -Uri $Uri -Body $RequestBody -Method Post -ApiKey $Key") ) {
                pwsh-GC-post-request -Raw -Uri $Uri -Body $RequestBody -Method Post -ApiKey $Key

function GCApiKey-present {

    param (

    if ( -not ($ApiKey -or $global:GCApiKey) ) {
        throw "No API key present."
    } else {
        return $true

function pwsh-GC-delete-request {

    param (

    $RequestToken = $ApiKey.Token | ConvertTo-SecureString -AsPlainText -Force
    $RequestUri = $ApiKey.Uri + $Uri

    try {
        Invoke-RestMethod -Uri $RequestUri -Method Delete -Authentication Bearer -Token $RequestToken
    catch {
        throw $_.Exception

function pwsh-GC-get-request {

    param (



    begin {
        $RequestToken = $ApiKey.Token | ConvertTo-SecureString -AsPlainText -Force
        $RequestUri = $ApiKey.Uri + $Uri
    process {
        $Request = try {
            Invoke-RestMethod -Uri $RequestUri -Method Get -Body $Body -Authentication Bearer -Token $RequestToken
        catch {
            throw $_.Exception
        switch ($Raw) {
            $true {
            default {
                if ( $Request.objects ) {

function pwsh-GC-post-request {
    param (


        [ValidateSet("Post","Put")][String]$Method = "Post",
    $RequestToken = $ApiKey.Token | ConvertTo-SecureString -AsPlainText -Force
    $RequestUri = $ApiKey.Uri + $Uri
    $RequestBody = $Body | ConvertTo-Json -Depth 10

    $Request = try {
        Invoke-RestMethod -Uri $RequestUri -Method $Method -Body $RequestBody -ContentType "application/json" -Authentication Bearer -Token $RequestToken
    catch {
        throw $_.Exception

    switch ($Raw) {
        $true {

        default {
            if ( $Request.objects ) {

function Remove-EmptyKeys {
    param (

    $KeyList = New-Object -TypeName System.Collections.Generic.List[string]

    foreach ($HashKey in $Body.Keys) {

    foreach ($HashKey in $KeyList) {
        if ([string]::isNullOrEmpty($Body[$HashKey])) {


Set-Alias -Name api -value Get-GCApiKey

Export-ModuleMember -Function ConvertFrom-UnixTime,ConvertTo-UnixTime,Get-Agent,Get-Aggregator,Get-ApiKey,Get-Asset,Get-Collector,Get-Incident,Get-Label,Get-LabelGroup,Get-Policy,Get-RawFlow,Get-SavedMap,Get-User,New-BlankLabel,New-DynamicLabel,New-Policy,New-SavedMap,New-StaticLabel,New-User,Publish-Policy,Remove-Label,Remove-Policy,Remove-SavedMap,Remove-User,Set-Label,Set-Password,Set-Policy,Set-User -Alias api