cancel
Showing results for 
Search instead for 
Did you mean: 

Re: McAfee Open API via PowerShell

@vidrine any luck yet?

Re: McAfee Open API via PowerShell

None yet, work has been keeping me occupied.  I should be able to get it together by end of next week at the latest.

Re: McAfee Open API via PowerShell

I've managed to create this powershell command to delete hostnames out of ePO.  You can use my template to help build more .ps1 scripts.  Would you like to work together and create more?

#========================================================================

# Created with: SAPIEN Technologies, Inc., PowerShell Studio 2012 v3.1.34

# Created on: 10/02/2014 09:45 AM

# Created by: Brandon Stevens

# Organization:

# Filename: RemoveHostFromePO.ps1

# ePO 5.1.1

#========================================================================

 

[

System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

# Causes WebClient to ignore certification validation

 

$Credential

= Get-Credential -Credential "$env:USERDOMAIN\$env:USERNAME

"

 

$WebClient

= New-Object

System.Net.WebClient

 

$WebClient

.Credentials = $Credential.

GetNetworkCredential()

 

$ePOServer

=

"URL of your ePO server and PORT #"

 

$Computer

= Read-Host -Prompt

"Enter PC name or username"

 

$Date

= Get-Date -Format

F

 

$SearchURL

= "$epoServer/remote/system.delete?names=$Computer

&:output=xml"

 

$recipients

= "YOUR E-MAIL ADDRESS"

 

[

XML]$ResultXML = $WebClient.DownloadString($SearchURL).Replace("OK:`r`n",""

)

 

$ResultXML

.result.list.element.CmdReturnStatus | select-object name,message,@{Name="Username";expression={$env:USERNAME}},@{name=”Date”;expression={$Date}} | export-csv "PLACE THE DIRECTORY YOU WOULD LIKE YOUR .CSV FILE TO GO TO" –NoTypeInformation

-Append

 

Send-MailMessage

-From E-MAIL ADDRESS YOU WANT TO SEND THE E-MAIL FROM -Subject "$Computer Removed from ePO" -To $recipients -Body "$Computer was removed from ePO by $env:USERDOMAIN\$env:USERNAME on

$Date

 

Regards,

Administrator"

-Port 25 -SmtpServer

SMTP SERVER

#========================================================================

#Let me know if you have any questions on this.  It works seamlessly and I'd love to work together and create more!

#Thank you,


#Brandon Stevens

Re: McAfee Open API via PowerShell

Hey, Brandon, this is great! BUT... the forum is Emoji'ing your script! The part that talks about the URI / URL

Could you put it inside Code tags,

Like this

 

Of course I'm guessing it's Colon followed by letter o? since it's "surprised emoji"? 😮

Highlighted

Re: McAfee Open API via PowerShell

Hi all. 


I noticed that this thread is a little stale now but if anyone is interested newer powershell cmdlets are available and I have started working on this today. 


The newest and easiest way to call the remote commands is to use the Invoke-RestMethod cmdlet. 


I will post my examples for Tagging and Agent  Wakup tomorrow if it helps. 


Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO







Re: McAfee Open API via PowerShell

I am definitely interested.  We have a dying server with 7k duplicate system names on it.  I could construct the query to pull out the information I need (list all duplicates except the one with the latest communication) if I could get at the SQL directly.  I am told that there's no way to do that within ePO so I'm looking for a way to pull that information and then tag those systems for deletion.  I was very excited when I logged onto this forum and saw a recent entry for powershell.

Re: McAfee Open API via PowerShell

Hi

I have been able to set Tags on systems using the following PowerShell v3 cmdlets:

$creds = Get-Credential

$Uri = "https://<ePOServerFQDN>:8443/remote/system.applyTag?names=<systemname>&tagName=<tagname>"

Invoke-RestMethod -Uri $Uri -Credential $creds

The first line will prompt you for Credentials with permissions to connect to the epO Web API AND have the permissions to use Tags.

The Second line sets up the Uri to call. In this example please replace <ePOServerFQDN> with your epo server FQDN, <systemname> with the name of a system in your System Tree and <tagname> with a valid Tag in your Tag Catalogue.

The third line will Invoke the PowerShell Invoke-RestMethod cmdlet with the Uri and Credentials provided.

If all is successful you should get an OK response back, then take a look at the System in your system tree and see if the Tag has been assigned. Also check out the Audit Log and you will see the Audit entry for the action carried out.

Using the Invoke-RestMethod with the correctly formed -Uri and -Credential parameters you can call any of the API methods.

Take a look at the Web API documentation for available Methods and the Invoke-RestMethod Documentation at Microsoft.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

Re: McAfee Open API via PowerShell

I made some additional changes to your powershell script that adds one tag to one machine. As a test I can add tags to about 30 machines. When I rerun the script again to add 800 more machines I receive the following error.

Invoke-RestMethod : The remote server returned an error: (400) Bad Request.

At C:\Users\...\ePO-addTags.ps1:55 char:1

+ Invoke-RestMethod -Uri $Uri -Credential $creds

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], Web

   Exception

    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

My question is what is the maximum number of connections, timeout for ePO?

dunne3
Level 7
Report Inappropriate Content
Message 39 of 46

Re: McAfee Open API via PowerShell

Hi,

Has anyone been working on Powershell scripting recently. What is the best code to use within this thread to connect into EPO?. I have been using MischaBoender's Ep0wershell module but having no success performing the queries I desire.

At the moment I am creating a Powershell GUI with AD and I would now like to implement McAfee EPO capabilities.

I would like to possibly hard code the EPO credentials to the script and be able to carry out searches by IP, Machine or UserName and with this list back the machine information along with Threat Events.

Can anyone please help me?

Re: McAfee Open API via PowerShell

I agree. I tried using his and didn't have much luck. It is a bit old though ...

Since there haven't been any updates on his in a while I've decided to make an open source version:

GitHub - UNT-CAS-ITS/ePOwerShell: This PowerShell Class allows you to easily connect to and work wit...

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community