cancel
Showing results for 
Search instead for 
Did you mean: 

Re: McAfee Open API via PowerShell

I adapted this from Mischa Boender's ePowershellModule:

It is a function that will take a xmlNode and parse through it create an object. I am also attaching the file so you can just download it directly. Below the code is an example of how to use it and sample output.

function ePObject([System.Xml.XmlNode]$xNode){

$ePObject = New-Object psobject

[ref]$result1 = get-date

[ref]$result2=0

[ref]$result3=$true

foreach ($Node in $xNode.ChildNodes)

{

  if ($node.Name.Contains("."))

  {

    $name = $node.Name.Split('.')[1]

  }

  else{$name = $node.Name}

  if($node.Name.StartsWith("EPOProdPropsView_"))

  {

    $name = $node.Name.Replace("EPOProdPropsView_", "").replace(".", "_")

  }

  if(!$node.InnerText.Trim())

  {

    $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue ""

  }

  else

  {

    if ($node.InnerText.Trim().EndsWith("%") -and $name.StartsWith("percent"))

    {

        if([int]::TryParse($node.InnerText.TrimEnd('%'), $result2))

        {

            $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue $result2

        }

    }

    if([int]::TryParse($node.InnerText, $result2))

    {

        $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue $node.InnerText

    }

    elseif([DateTime]::TryParseExact($node.InnerText, "yyyy-MM-ddTTHH:mm:ssK", [System.Globalization.CultureInfo]::CurrentCulture, [System.Globalization.DateTimeStyles]::None, $result1))

    {

       $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue $result1

    }

    elseif($node.Name.EndsWith("Tags"))

    {

        $strArray = @()

        $strArray += $node.InnerText.Split(",\\s")

        $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue $strArray

    }

    else

    {   

        if([bool]::TryParse($node.InnerText, $result3))

        {

            $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue $result3

        }

        else

        {

              $ePObject | Add-Member -NotePropertyName $name -NotePropertyValue $node.InnerText

        }

    }

  }

}

    return $ePObject

}

Example:

$credentials = Get-Credential -Credential $null

$User = $credentials.GetNetworkCredential().UserName

$password = $credentials.GetNetworkCredential().Password

$domain = $credentials.GetNetworkCredential().Domain

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$url = "https://server:8443/remote/system.find?searchText=computername&:output=xml"

$navigate = new-object System.Net.WebClient

$navigate.credentials = New-Object system.net.NetworkCredential($user, $password, $domain)

$res = $navigate.DownloadString("$url")

if(!$res.Trim().StartsWith("OK:"))

{

    $ErrorActionPreference = "Stop"

    Write-Error -Message "Request was Unsuccessful."

}

else

{

    [xml]$ans = $res.Replace("OK:`r`n<?xml", "<?xml")

    [System.Xml.XmlNode]$xmlNode

    $ePObjectCabinet = @()

    $selectNodes = $ans.SelectNodes("/result/list/row") # this is the main part that needs to be changed depending on your api Call. the epoWebApi Explorer is a great tool for determining what goes here.

    foreach($xmlNode in $selectNodes)

    {

        $ePObjectCabinet +=  ePObject($xmlNode)

    }

}

Sample Output:

ParentID            : 9220

ComputerName        : computer

Description         : null

SystemDescription   : Windows 8 - MDT Alpha

TimeZone            : Central Standard Time

DefaultLangID       : 0409

UserName            : username

DomainName          : domain

IPHostName          : computer

IPV6                : 0:0:0:0:0:FFFF:AC0:FAD

IPAddress           : IP

IPSubnet            : 0:0:0:0:0:FFFF:AC0:F00

IPSubnetMask        : 0:0:0:0:0:FFFF:FFFF:FF00

IPV4x               : -P

IPXAddress          : N/A

SubnetAddress       :

SubnetMask          :

NetAddress          : 38eaa785ca12

OSType              : Windows 8 Workstation

OSVersion           : 6.2

OSServicePackVer    :

OSBuildNum          : 9200

OSPlatform          : Workstation

OSOEMID             : N/A

CPUType             : Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz

CPUSpeed            : 2594

NumOfCPU            : 4

CPUSerialNum        : N/A

TotalPhysicalMemory : 8448876544

FreeMemory          : 5428883456

FreeDiskSpace       : 254656

TotalDiskSpace      : 304743

IsPortable          : 1

OSBitMode           : 1

LastAgentHandler    : 1

UserProperty1       :

UserProperty2       :

UserProperty3       :

UserProperty4       :

SysvolFreeSpace     : 254656

SysvolTotalSpace    : 304743

Tags                : {EE:ALDU,  Laptop,  Work, tation}

ExcludedTags        :

LastUpdate          : 2013-11-13T06:35:10-06:00

ManagedState        : managed

AgentGUID           : 1906314C-25DE-45A6-AE86-8CA432DA9BFE

AgentVersion        : 4.6.0.3122

Working on some more goodies. Will post them when they are complete.

Highlighted

Re: McAfee Open API via PowerShell

Glad to see contributions popping up in here.

I'm at the point, where I should start having some time to begin looking into the API, again.  I'm hoping I can revamp and flesh out the PowerShell module I was building.

My biggest issues lately in our environment have bene VSE exclusion exports/reviews/audits.  Hoping to see how the API can address some of the shortcomings of the GUI revolving around exporting exclusions.

Re: McAfee Open API via PowerShell

I have also begun work on a McAfee API implementation in Powershell.  Current functions that are ready for testing are

-  agentmgmt.listAgentHandlers - List all Agent Handlers

* clienttask.export [productId] [fileName] - Exports client tasks

-  clienttask.find [searchText] - Finds client tasks

* clienttask.importClientTask importFileName - Imports client tasks from an XML file.

-  clienttask.run names productId taskId [retryAttempts] [retryIntervalInSeconds] [abortAfterMinutes] [useAllAgentHandlers] [stopAfterMinutes] [randomizationInterval] - Runs the client task on a supplied list of systems

-  clienttask.syncShared - Shares client tasks with participating registered servers
-  core.addPermSetsForUser userName permSetName - Adds permission set(s) to specified user

-  core.addUser userName password [fullName=<>] [email=<>] [phoneNumber=<>] [notes=<>] [disabled=<>] [admin=<>] - Adds a user to the system

-  core.executeQuery queryId [database=<>] - Executes a SQUID query and returns the results

-  core.exportPermissionSets - Exports all permission sets.

-  core.help [command] [prefix=<>] - Displays a list of all commands and help strings.

*  core.importPermissionSets file [overwrite] - Imports permission sets.

-  core.listDatabases - Displays all registered databases that the user is permitted to see.

-  core.listDatatypes [type] - Displays all registered datatypes and operations for those types that the user is permitted to see.

-  core.listPermSets [userName] - List permission sets in the system

-  core.listQueries - Displays all queries that the user is permitted to see.

-  core.listTables

- Displays all SQUID tables that the user is permitted to see.

-  core.listUsers [permSetName] - List users in the system

-  core.purgeAuditLog [age] [unit] - Purge the audit log by age

-  core.removePermSetsForUser userName permSetName - Removes permission set(s) from a specified user

-  core.removeUser userName - Removes a user from the system

-  core.updateUser userName [password=<>] [windowsUserName=<>] [windowsDomain=<>] [subjectDN=<>] [newUserName=<>] [fullName=<>] [email=<>] [phoneNumber=<>] [notes=<>] [disabled=<>] [admin=<>] - Updates an existing user

detectedsystem.add sourceID sourceType MAC IPAddress [IPSubnet] [IPSubnetMask] [dnsName] [OSPlatform] [OSFamily] [OSVersion] [domain] [netbiosName] [netbiosComment] [users] [agentGUID] [detectedTime] [externalID] - Adds a Detected System.

detectedsystem.addToTree UIDs branchNodeID [allowDuplicates] [dirSort] - Add detected systems to the System Tree

detectedsystem.delete UIDs - Deletes Detected Systems

detectedsystem.deleteByAge age unit - Deletes all Detected Systems older than a given age

detectedsystem.find searchText - Find Detected Systems

detectedsystem.markAsException [UIDs] [unmark] [category] - Adds Detected Systems to the exceptions list

-  eeadmin.administratorRecovery EEADMIN.administratorRecovery challengeCode recoveryType [userId] - Endpoint Encryption Administrator Recovery

* eeadmin.assignUser EEADMIN.assignUser systemNode nodeId dn [recursive] [ldapServerName] - Endpoint Encryption user/group assignment

* eeadmin.changeUserPassword EEADMIN.changeUserPassword userDn newPassword [oldPassword] - Endpoint Encryption change user's password

* eeadmin.deassignUser EEADMIN.deassignUser systemNode nodeId dn dnType - Endpoint Encryption user/group de-assignment

-  eeadmin.exportMachineKey EEADMIN.exportMachineKey [machineId] [keyCheck] [oldKeys] - Endpoint Encryption export machine key

-  epo.getVersion - Gets the ePO version

-  epo.purgeComplianceHistory queryId [unit] - Purges compliance events by query or age

-  epo.syncDirectory [syncPointList] - Synchronizes Domains/AD
-  system.excludeTag names tagName - Excludes the tag from supplied systems

-  system.exportTag [fileName] - Export Tags

-  system.find searchText - Finds systems in the System Tree

-  system.findGroups [searchText] - Finds groups in the System Tree

-  system.findTag [searchText] - Find Tags

-  system.importTag uploadFile [force] - Imports Tags

If things go like they have been I should have the whole thing done in a couple weeks.  The issue I have is that I only have access to a production environment and I am hoping that a couple of you may have some fairly robust test environments available and would be willing to help me test.  The documentation on the routines have quite a few mistakes in them from all of the copy and pasting and I have a lot of refactoring to do still.

I would appreciate community input on which parameters should be "pipable".   I would also like to know if there is a way to create tags on the fly.

When I get things cleaned up a bit I will be looking for a few of you to help me with the alpha stuff.   Once it is done I will be posting it here.

Re: McAfee Open API via PowerShell

Awesome!  Glad to see some other community members building out PowerShell API functions.  My time for this project has pretty much been squashed for full time development.  Also, I've had more use cases for individual customized scripts, instead of a fully contained module due to various customers and scopes.  But I do have a fully stocked McAfee lab environment that I can use for testing.

For what should be piped, I'd have to see what you have built to see.  From my perspective I'd say more is better.  Pipe all the things.

Re: Re: McAfee Open API via PowerShell

Work load has shifted.... like they do, and I don't have any time to put in to the library.  I still have refactoring to do and optimizing.  I also wanted to compile it into a module to hide the internal stuff, but it is working pretty well for me.  I have not vetted the piping.  So if I have goobered that let me know.

Re: McAfee Open API via PowerShell

(( Thanks to mischaboender for his work on the ePOwerShell Module -- I pulled the naming convention/structure from his work. ))

PowerShell Module

https://github.com/vidrine/epo-webapi

ePO Versions Tested


  • 4.6.x
    • 4.6.5
    • 4.6.6
    • 4.6.7

List of commands

Last Updated:  2014/05/08


commandstatusapi_call
Connect-EpoServercomplete
Get-EpoVersioncompleteepo.getVersion
Get-EpoSystemcompletesystem.find
Get-EpoServerTaskcompletescheduler.getServerTask taskId

completescheduler.getServerTask taskName

completescheduler.listRunningServerTasks
Enable-EpoServerTaskcompletescheduler.updateServerTask taskId

completescheduler.updateServerTask taskName
Disable-EpoServerTaskcompletescheduler.updateServerTask taskId

completescheduler.updateServerTask taskName
Get-EpoServerTaskALLcompletescheduler.listAllServerTasks
Stop-EpoServerTaskin progressscheduler.cancelServerTask
Start-EpoServerTaskplannedscheduler.runServerTask taskId

plannedscheduler.runServerTask taskName
Get-EpoAgentHandlercompleteagentmgmt.listAgentHandlers
Get-EpoTagcompletesystem.find.Tag
Add-EpoEncryptionUserplannedeeadmin.assignUser
Set-EpoEncryptionUserPasswordplannedeeadmin.changeUserPassword
Remove-EpoEncryptionUserplannedeeadmin.deassignUser
Get-EpoEncryptionKeycompleteeeadmin.exportMachineKey machineId

completeeeadmin.exportMachineKey machineName
Get-EpoGroupSystemplannedepogroup.findSystems
Get-EpoPolicycompletepolicy.find
Export-EpoPolicycompletepolicy.export
Import-EpoPolicyplannedpolicy.importPolicy

plannedpolicy.assignToGroup

plannedpolicy.assignToSystem ids

plannedpolicy.assignToSystem names

plannedpolicy.syncShared

plannedepo.syncDirectory

plannedcore.listDatabases

plannedcore.listDatatypes
Get-EpoQueryplannedcore.listQueries
Get-EpoTableplannedcore.listTables
Get-EpoUserplannedcore.listUsers permSetId

plannedcore.listUsers permSetName

plannedcore.listPermSets userId

plannedcore.listPermSets userName

plannedcore.exportPermissionSets

Message was edited by: vidrine on 5/9/14 9:28:24 AM CDT
nlfdss
Level 8
Report Inappropriate Content
Message 27 of 46

Re: McAfee Open API via PowerShell

I would recommend posting the progress on the list of command to the Wiki section of the project on Github, and then link to it from the home page of the project.

Great work on this so far! I look forward to using it and potentially contributing to the project.

Re: McAfee Open API via PowerShell

Good suggestion.  I've added it to the wiki.

I really need to do some "help" documentation on the functions themselves, but I was more concerned with getting them to return the data first.

A bulk of the cleanup will have to come when I manage to find time.  Otherwise I may just build out the functionality and try to swing back later to clean up the code.

Re: McAfee Open API via PowerShell

I'm interested in eeadmin.assignuser

Re: McAfee Open API via PowerShell

I may have some time this week to build a wrapper for that API call, .

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community