-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.ps1
144 lines (128 loc) · 4.57 KB
/
main.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
function Request-SessionId {
<#
Example function using username and password to request a
session. This will return a session token.
parameter TS is the Tanium Server to use
parameter Credential accepts a credential object use for Username/Password Auth
parameter TSPORT is the Tanium Server port to use :default 443
parameter DisableCetficateValidation use to validate Tanium Server Certificate :default true
#>
[CmdletBinding()]
Param(
[PSCredential]
$Credential,
[String]
$TS = $TaniumServer,
[Int]
[ValidateRange(0, 65535)]
$TSPORT = 443,
[Boolean]
$DisableCertificateValidation = $false
)
$uri = "https://{0}:{1}/auth" -f $TS, $TSPORT
$webRequest = [System.Net.WebRequest]::Create($Uri)
if ($DisableCertificateValidation) {
$webRequest.ServerCertificateValidationCallback = { $true }
}
$webRequest.ContentType = "text/plain;charset=`"utf-8`""
$webRequest.Accept = "*/*"
$webRequest.Method = "GET"
$webRequest.Headers.Add('username', ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Credential.UserName))))
$webRequest.Headers.Add('password', ([System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Credential.GetNetworkCredential().Password))))
try {
$response = $webRequest.GetResponse()
$reader = [System.IO.StreamReader]($response.GetResponseStream())
$sessionId = $reader.ReadToEnd()
$response.Close()
$reader.Close()
return $sessionId
}
catch {
Write-Output "An exception has occured"
Write-Error $_
exit
}
}
function Request-Report {
<#
Example function used to request data from the API Gateway.
Uses https://TaniumServer/plugin/products/gateway/graphq.
parameter TS is the Tanium Server to use
parameter Body accepts a JSON-Object
parameter SessionID accpes active sessionID and/or API token
parameter Method accepts valid web methd (POST, GET, PUT, PATCH, DELETE)
#>
[CmdletBinding()]
Param(
[String]
$TaniumServer,
[String]
$Body,
[String]
$SessionId = $SessionId,
[ValidateRange(0, 65535)]
$TSPORT = 443,
[String]
[ValidateSet('POST', 'GET', 'PUT', 'PATCH', 'DELETE')]
$Method
)
$uri = "https://{0}:{1}/plugin/products/gateway/graphql" -f $TaniumServer, $TSPORT
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
try {
$headers = @{}
$headers.Add("Content-Type", "application/json")
$headers.Add("session", $SessionId)
$request = Invoke-WebRequest -Uri $uri -Headers $headers -Body $body -Method $method
}
catch {
Write-Warning $Error[0]
}
return $request
}
# Request SessionId using username and password:
Write-Output "Please enter a username and password"
$Creds = Get-Credential
$TS = '127.0.0.1'
$SessionId = Request-SessionId -TS $TS -Credential $Creds -DisableCertificateValidation $true
# GraphQL Query - Cached Data
<# Example output taken from Query Explorer in the Tanium Console
endpoints {
edges {
node {
name
ipAddress
os {
name
}
}
}
#>
$QueryCached = @"
{"query":"{endpoints{edges{node{name ipAddress os{name}}}}}"}
"@
# Request data from the API Gateway
Write-Output "Requesting Cached Data"
$Response = Request-Report -TaniumServer $TS -Method POST -SessionId $SessionId -Body $QueryCached
$Response.content
# GraphQL Query - Live Data
<# Note: Requesting live data is the same as with cached but we define a source
when requesting live data "source: {ts:" #>
<#Example taken from Query Explorer
endpoints(source: {ts: {expectedCount: 1, stableWaitTime: 10}}) {
edges {
node {
name
ipAddress
os {
name
}
}
}
}
#>
$QueryLive = @"
{"query":"{endpoints(source:{ts:{expectedCount: 1, stableWaitTime: 10}}){edges{node{name ipAddress os{name}}}}}"}
"@
Write-Output "Requesting Live Data"
$Response = Request-Report -TaniumServer $TS -Method POST -SessionId $SessionId -Body $QueryLive
$Response.content