From d96ca2ef810097c3ca02f052d40c56022540a4f6 Mon Sep 17 00:00:00 2001 From: Alex Verboon Date: Wed, 3 Apr 2019 21:32:29 +0200 Subject: [PATCH] added Get-MCASOAuthApps function --- Functions/Get-MCASOauthApps.ps1 | 85 +++++++++++++++++++++++++++ MCAS.psd1 | Bin 11582 -> 11642 bytes MCAS.psm1 | 2 +- docs/Get-MCASOAuthApps.md | 101 ++++++++++++++++++++++++++++++++ 4 files changed, 187 insertions(+), 1 deletion(-) create mode 100644 Functions/Get-MCASOauthApps.ps1 create mode 100644 docs/Get-MCASOAuthApps.md diff --git a/Functions/Get-MCASOauthApps.ps1 b/Functions/Get-MCASOauthApps.ps1 new file mode 100644 index 0000000..7803f80 --- /dev/null +++ b/Functions/Get-MCASOauthApps.ps1 @@ -0,0 +1,85 @@ + + +function Get-MCASOAuthApps { +<# +.Synopsis + Get-MCASOAuthApps +.DESCRIPTION + Get-MCASOAuthApps retrives OAuth Apps that were granted permission +.EXAMPLE + + Get-MCASOAuthApps + + appStatus : 0 + communityUsage : 1 + appName : WD Antivirus Testground + isInternal : False + firstInstalled : 1553097013550 + lastInstalled : 1553097013550 + actions : {@{is_blocking=True; uiGovernanceCategory=; display_ + alert_text=TASKS_ADALIBPY_DISABLE_APP_DISPLAY_ALERT_ + TEXT; bulk_support=; bulk_display_description=; + confirmation_link=; display_title=TASKS_ADALIBPY_DIS + ABLE_APP_DISABLE_TITLE; display_description=; + optional_notify=True; has_icon=True; display_alert_s + uccess_text=TASKS_ADALIBPY_DISABLE_APP_DISPLAY_ALERT + _SUCCESS_TEXT; governance_type=; + preview_only=False; task_name=DisableAppTask; + confirmation_button_text=; + confirm_button_style=red; type=application; + alert_display_title=}} + _tid : 92719368 + userCount : 1 + userInstallationCount : 1 + severity : 1 + saasId : 11161 + localClientId : 111111a1-2aaa-3333-cccc-4d444444d44d + instId : 0 + o365AppType : 0 + homepage : https://demo.wd.microsoft.com + scopes : {@{category=N/A; description=View your basic + profile info}, @{category=N/A; description=View + your email address}, @{category=N/A; + description=Sign you in and read your profile}} + description : WD Antivirus Testground + shouldIgnoredInScoreCalc : True + isAdminConsent : False + appId : 11161 + snapshotLastModifiedDate : 2019-03-20T16:45:05.928Z + publisher : Microsoft + scanTime : 1554310898349 + instanceName : Office 365 + clientId : aa1111a1-bbb2-3c33-d4dd-5ee5ee443333 + _id : 5c811382503a8eab728e03a3 + Retrieves all the OAuth Apps that were granted permission + +.PARAMETER Credential + Specifies the credential object containing tenant as username (e.g. + 'contoso.us.portal.cloudappsecurity.com') and the 64-character hexadecimal Oauth token as the password. +#> + + + [CmdletBinding()] + param + ( + # Specifies the credential object containing tenant as username (e.g. 'contoso.us.portal.cloudappsecurity.com') and the 64-character hexadecimal Oauth token as the password. + [Parameter(Mandatory = $false)] + [ValidateNotNullOrEmpty()] + [System.Management.Automation.PSCredential]$Credential = $CASCredential + ) + +Begin{} +Process{ + try { + $response = Invoke-MCASRestMethod -Credential $Credential -Path "/cas/api/v1/app_permissions/" -Method Get + $oauthapps = $response.data | Where-Object {$_.isinternal -eq $false} + } + catch { + throw "Error calling MCAS API. The exception was: $_" + } +} +End{ + $oauthapps +} +} + diff --git a/MCAS.psd1 b/MCAS.psd1 index 9168cdb1e432ba5df59c3344dde919b6ba322082..67da7ad7d32bea79906711ab30d7c4cc2b79312e 100644 GIT binary patch delta 36 qcmdlN^($(_H0j9!;sX5s42}$?3?&R1K)QgTU^1hq?B;3GD+B@FEDFp3 delta 12 UcmewrwJ&PJH0jNkq*n+604(hWCjbBd diff --git a/MCAS.psm1 b/MCAS.psm1 index 217f5cc..d18cea8 100644 --- a/MCAS.psm1 +++ b/MCAS.psm1 @@ -48,7 +48,6 @@ enum device_type { CISCO_IRONPORT_PROXY = 106 # CiscoIronPort WSA CISCO_SCAN_SAFE = 124 # Cisco ScanSafe CLAVISTER = 164 # Clavister NGFW (Syslog) - CUSTOM_PARSER = 167 # Custom Parser FORCEPOINT = 202 # Forcepoint Web Security Cloud FORTIGATE = 108 # Fortinet Fortigate GENERIC_CEF = 179 # Generic CEF log @@ -293,6 +292,7 @@ $ExportedCommands = @( 'Get-MCASStream', 'Get-MCASSubnetCollection', 'Get-MCASUserGroup', + 'Get-MCASOAuthApps', 'Import-MCASCredential', 'Install-MCASSiemAgent', 'New-MCASDiscoveryDataSource', diff --git a/docs/Get-MCASOAuthApps.md b/docs/Get-MCASOAuthApps.md new file mode 100644 index 0000000..d5ab56e --- /dev/null +++ b/docs/Get-MCASOAuthApps.md @@ -0,0 +1,101 @@ +--- +external help file: MCAS-help.xml +Module Name: MCAS +online version: +schema: 2.0.0 +--- + +# Get-MCASOAuthApps + +## SYNOPSIS +Get-MCASOAuthApps retrives OAuth Apps that were granted permission + +## SYNTAX + +``` +Get-MCASOAuthApps [-Credential ] [] +``` + +## DESCRIPTION +This function retrives OAuth Apps that were granted permission + +## EXAMPLES + +### EXAMPLE 1 +``` +Get-MCASOAuthApps +``` +appStatus : 0 +communityUsage : 1 +appName : WD Antivirus Testground +isInternal : False +firstInstalled : 1553097013550 +lastInstalled : 1553097013550 +actions : {@{is_blocking=True; uiGovernanceCategory=; display_ + alert_text=TASKS_ADALIBPY_DISABLE_APP_DISPLAY_ALERT_ + TEXT; bulk_support=; bulk_display_description=; + confirmation_link=; display_title=TASKS_ADALIBPY_DIS + ABLE_APP_DISABLE_TITLE; display_description=; + optional_notify=True; has_icon=True; display_alert_s + uccess_text=TASKS_ADALIBPY_DISABLE_APP_DISPLAY_ALERT + _SUCCESS_TEXT; governance_type=; + preview_only=False; task_name=DisableAppTask; + confirmation_button_text=; + confirm_button_style=red; type=application; + alert_display_title=}} +_tid : 92719368 +userCount : 1 +userInstallationCount : 1 +severity : 1 +saasId : 11161 +localClientId : 111111a1-2aaa-3333-cccc-4d444444d44d +instId : 0 +o365AppType : 0 +homepage : https://demo.wd.microsoft.com +scopes : {@{category=N/A; description=View your basic + profile info}, @{category=N/A; description=View + your email address}, @{category=N/A; + description=Sign you in and read your profile}} +description : WD Antivirus Testground +shouldIgnoredInScoreCalc : True +isAdminConsent : False +appId : 11161 +snapshotLastModifiedDate : 2019-03-20T16:45:05.928Z +publisher : Microsoft +scanTime : 1554310898349 +instanceName : Office 365 +clientId : aa1111a1-bbb2-3c33-d4dd-5ee5ee443333 +_id : 5c811382503a8eab728e03a3 + + +Retrieves all the OAuth Apps that were granted permission + + +## PARAMETERS + +### -Credential +Specifies the credential object containing tenant as username (e.g. +'contoso.us.portal.cloudappsecurity.com') and the 64-character hexadecimal Oauth token as the password. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: $CASCredential +Accept pipeline input: False +Accept wildcard characters: False +``` +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. +For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +## OUTPUTS + +## NOTES + +## RELATED LINKS