| external help file | Module Name | online version | schema |
|---|---|---|---|
PowerGRR-help.xml |
PowerGRR |
2.0.0 |
Get hunt approval identified by the given filters.
Get-GRRHuntApproval [[-Credential] <PSCredential>] [[-Offset] <Int32>] [[-Count] <Int32>] [-ShowJSON]
[<CommonParameters>]
Get-GRRHuntApproval [[-Credential] <PSCredential>] [-HuntId] <String> [-ApprovalId] <String> [-OnlyState]
[-ShowJSON] [<CommonParameters>]
Get hunt approval identified by approval id and hunt id or list hunt approvals based on the available filters.
Get only the state of a hunt approval and use this in a loop to wait until the approval is valid and you can continue with the desired actions.
PS C:\> Get-GRRHuntApproval -Credential $cred -Count 1
notified_users : {user}
is_valid_message : Requires 2 approvers for access.
reason : Hunting for malicious binaries
email_cc_addresses : {[email protected]}
is_valid : False
approvers : {}
id : 1111111111111111
subject : @{...}
Return latest hunt approval request.
PS C:\> Get-GRRHuntApproval -Credential $cred
notified_users : {user}
is_valid_message : Requires 2 approvers for access.
reason : Hunting for malicious binaries
email_cc_addresses : {[email protected]}
is_valid : False
approvers : {}
id : 2222222222222222
subject : @{...}
...
Return all hunt approval requests. Use PowerShell to filter them as needed.
PS C:\> Get-GRRHuntApproval -Credential $cred -HuntId 11111111 -ApprovalId 1111111111111111
notified_users : {user}
is_valid_message : Requires 2 approvers for access.
reason : Hunting for malicious binaries
email_cc_addresses : {[email protected]}
is_valid : False
approvers : {}
id : 1111111111111111
subject : @{...}
Return a specific hunt approval request and use PowerShell to get a specifc values.
PS C:\> PS> Get-GRRHuntApproval -Credential $cred -HuntId 11111111 -ApprovalId 1111111111111111 -OnlyState
False
Return only the state of a specific hunt approval request. Use that for a loop and if approval becomes valid start the hunt directly.
Approval id from New-GRRClientApproval.
Type: String
Parameter Sets: ByApproval
Aliases:
Required: True
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseAmount of approvals to be returned.
Type: Int32
Parameter Sets: ByUser
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseGRR credentials.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseHunt id for which an approval was requested.
Type: String
Parameter Sets: ByApproval
Aliases:
Required: True
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseOffset for the returned approvals.
Type: Int32
Parameter Sets: ByUser
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseReturn only the state of the approval. Useful for loops.
Type: SwitchParameter
Parameter Sets: ByApproval
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseReturn only plain JSON instead of converted JSON objects.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Benannt
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).