Skip to content

Commit

Permalink
more cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@TehMuffinMoo
TehMuffinMoo committed Jul 16, 2024
1 parent d10c655 commit 1a8a7f5
Show file tree
Hide file tree
Showing 21 changed files with 107 additions and 112 deletions.
10 changes: 6 additions & 4 deletions Modules/ibPS/Functions/BloxOne/BloxOneCloud/Get-B1DNSEvent.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,6 @@ function Get-B1DNSEvent {
.PARAMETER PolicyAction
Used to filter the DNS Events by Policy Action
.PARAMETER EndpointGroup
Used to filter the DNS Events by Endpoint Group
.PARAMETER AppName
Used to filter the DNS Events by App Name
Expand Down Expand Up @@ -95,7 +92,6 @@ function Get-B1DNSEvent {
[String[]]$ThreatIndicator,
[ValidateSet("Log","Block","Default","Redirect")]
[String[]]$PolicyAction,
[String[]]$EndpointGroup,
[String[]]$AppName,
[String[]]$DNSView,
[datetime]$Start = $(Get-Date).AddDays(-1),
Expand All @@ -122,6 +118,9 @@ function Get-B1DNSEvent {
if ($IP) {
$Filters += "qip=$IP"
}
if ($Response) {
$Filters += "rdata=$Response"
}
if ($Network) {
$Filters += "network=$Network"
}
Expand All @@ -146,6 +145,9 @@ function Get-B1DNSEvent {
if ($FeedName) {
$Filters += "feed_name=$FeedName"
}
if ($FeedType) {
$Filters += "feed_type=$FeedType"
}
if ($AppCategory) {
$Filters += "app_category=$AppCategory"
}
Expand Down
3 changes: 3 additions & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneCloud/Set-B1Location.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,9 @@ function Set-B1Location {
}
}

if ($NewName) {
$Object.name = $($NewName)
}
if ($Description) {
$Object.description = $($Description)
}
Expand Down
8 changes: 8 additions & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/Get-B1DTCHealthCheck.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,14 @@
} else {
$QueryURI = 'health_check_all'
}
if ($Status) {
if ($Status -eq 'Enabled') {
$StatusVal = $False
} else {
$StatusVal = $True
}
$Filters.Add("disabled==$StatusVal") | Out-Null
}
if ($Port) {
$Filters.Add("port==$Port") | Out-Null
}
Expand Down
3 changes: 3 additions & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/Get-B1ZoneChild.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,9 @@
if ($OrderByTag) {
$QueryFilters.Add("_torder_by=$OrderByTag") | Out-Null
}
if ($tfilter) {
$QueryFilters.Add("_tfilter=$tfilter") | Out-Null
}
if ($QueryFilters) {
$QueryString = ConvertTo-QueryString $QueryFilters
}
Expand Down
1 change: 1 addition & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/New-B1DelegatedZone.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@

$splat = @{
"fqdn" = $FQDN
"comment" = $Description
"disabled" = $false
"delegation_servers" = $ExternalHosts
"view" = $ViewUUID
Expand Down
1 change: 1 addition & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/New-B1ForwardZone.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@

$splat = @{
"fqdn" = $FQDN
"comment" = $Description
"disabled" = $false
"forward_only" = if ($ForwardOnly) {$true} else {$false}
"external_forwarders" = $ExternalHosts
Expand Down
4 changes: 0 additions & 4 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/Remove-B1AddressReservation.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
.PARAMETER Address
The IP address of the reservation to remove
.PARAMETER Space
The IPAM space the reservation is contained in
.PARAMETER id
The id of the Address Reservation to remove. Accepts pipeline input.
Expand All @@ -28,7 +25,6 @@
[Parameter(ParameterSetName="Default",Mandatory=$true)]
[String]$Address,
[Parameter(ParameterSetName="Default",Mandatory=$true)]
[String]$Space,
[Parameter(
ValueFromPipelineByPropertyName = $true,
ParameterSetName="With ID",
Expand Down
6 changes: 3 additions & 3 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/Set-B1AuthoritativeZone.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
The description for the zone to be updated to
.PARAMETER State
Set whether the Forward Zone is enabled or disabled.
Set whether the Authoritative Zone is enabled or disabled.
.PARAMETER NotifyExternalSecondaries
Toggle whether to notify external secondary DNS Servers for this zone.
Expand Down Expand Up @@ -55,7 +55,7 @@
[System.Object]$AddAuthNSGs,
[System.Object]$RemoveAuthNSGs,
[Parameter(ParameterSetName="Default",Mandatory=$true)]
[System.Object]$View,
[String]$View,
[String]$Description,
[ValidateSet("Enabled","Disabled")]
[String]$State,
Expand Down Expand Up @@ -89,7 +89,7 @@
return $null
}
} else {
$Object = Get-B1ForwardZone -FQDN $FQDN -Strict
$Object = Get-B1AuthoritativeZone -FQDN $FQDN -View $View -Strict
if (!($Object)) {
Write-Error "Unable to find Authoritative Zone: $($FQDN)"
return $null
Expand Down
6 changes: 6 additions & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneDDI/Set-B1DTCHealthCheck.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,12 @@
if ($RetryDown) {
$NewObj.retry_down = $RetryDown
}
if ($State) {
$NewObj.disabled = $(if ($State -eq 'Enabled') { $false } else { $true })
}
if ($Tags) {
$NewObj.tags = $Tags
}

if ($Port) {
if ($ObjectType -in @('tcp','http')) {
Expand Down
2 changes: 1 addition & 1 deletion Modules/ibPS/Functions/BloxOne/BloxOneTD/Disable-B1Lookalike.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
$JSONData = @{
"hide" = $MutedDomains
} | ConvertTo-Json
$Results = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atclad/v1/lookalikes" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
$null = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atclad/v1/lookalikes" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue

foreach ($MutedDomain in $MutedDomains) {
if (Get-B1Lookalikes -LookalikeDomain $($MutedDomain) -Muted true) {
Expand Down
2 changes: 1 addition & 1 deletion Modules/ibPS/Functions/BloxOne/BloxOneTD/Disable-B1LookalikeTargetCandidate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
"select" = @()
"unselect" = $DisabledDomains
} | ConvertTo-Json
$Results = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atcfw/v1/lookalike_target_candidates" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
$null = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atcfw/v1/lookalike_target_candidates" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue

$Candidates = Get-B1LookalikeTargetCandidates | Select-Object -ExpandProperty items_described
foreach ($DisabledDomain in $DisabledDomains) {
Expand Down
2 changes: 1 addition & 1 deletion Modules/ibPS/Functions/BloxOne/BloxOneTD/Enable-B1Lookalike.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
$JSONData = @{
"expose" = $UnmutedDomains
} | ConvertTo-Json
$Results = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atclad/v1/lookalikes" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
$null = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atclad/v1/lookalikes" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue

foreach ($UnmutedDomain in $UnmutedDomains) {
if (Get-B1Lookalikes -LookalikeDomain $($UnmutedDomain) -Muted false) {
Expand Down
2 changes: 1 addition & 1 deletion Modules/ibPS/Functions/BloxOne/BloxOneTD/Enable-B1LookalikeTargetCandidate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
"select" = $EnabledDomains
"unselect" = @()
} | ConvertTo-Json
$Results = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atcfw/v1/lookalike_target_candidates" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
$null = Invoke-CSP -Method PATCH -Uri "$(Get-B1CSPUrl)/api/atcfw/v1/lookalike_target_candidates" -Data $($JSONData) -ErrorAction SilentlyContinue -WarningAction SilentlyContinue

$Candidates = Get-B1LookalikeTargetCandidates | Select-Object -ExpandProperty items_described
foreach ($EnabledDomain in $EnabledDomains) {
Expand Down
3 changes: 3 additions & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneTD/Get-B1BypassCode.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@
$Fields += "access_key"
$QueryFilters.Add("_fields=$($Fields -join ",")") | Out-Null
}
if ($OrderBy) {
$QueryFilters += "_order_by=$($OrderBy)"
}
if ($QueryFilters) {
$QueryString = ConvertTo-QueryString $QueryFilters
}
Expand Down
6 changes: 5 additions & 1 deletion Modules/ibPS/Functions/BloxOne/BloxOneTD/Get-B1SOCInsight.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,11 @@
$QueryFilter = ConvertTo-QueryString $QueryFilters
}
Write-DebugMsg -Filters $QueryFilters
$Results = Invoke-CSP -Uri "$(Get-B1CspUrl)/api/v1/insights$QueryFilter" -Method GET | Select-Object -ExpandProperty insightList -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
if ($insightId) {
$Results = Invoke-CSP -Uri "$(Get-B1CspUrl)/api/v1/insights/$($insightId)$($QueryFilter)" -Method GET | Select-Object -ExpandProperty insight -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
} else {
$Results = Invoke-CSP -Uri "$(Get-B1CspUrl)/api/v1/insights$QueryFilter" -Method GET | Select-Object -ExpandProperty insightList -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
}

if ($Results) {
return $Results
Expand Down
7 changes: 1 addition & 6 deletions Modules/ibPS/Functions/BloxOne/BloxOneTD/Get-B1ThreatIntel.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,11 +124,6 @@ function Get-B1ThreatIntel {
[Switch]$Unique
)

$Start = $Start.ToUniversalTime()
$End = $End.ToUniversalTime()
$StartTime = $Start.ToString("yyyy-MM-ddTHH:mm:ss.000")
$EndTime = $End.ToString("yyyy-MM-ddTHH:mm:ss.000")

if ($ThreatActors) {
$Filters = @(
@{
Expand All @@ -144,7 +139,7 @@ function Get-B1ThreatIntel {
)
}
)
$Results = Invoke-B1CubeJS -Cube PortunusAggIPSummary -Measures count -Dimensions threat_indicator,actor_id -TimeDimension timestamp -Start $Start -End $End -Limit $TopCount -Grouped -Filters $Filters -OrderBy timestampMax -Order 'desc'
$Results = Invoke-B1CubeJS -Cube PortunusAggIPSummary -Measures count -Dimensions threat_indicator,actor_id -TimeDimension timestamp -Start $Start -End $End -Limit $Limit -Grouped -Filters $Filters -OrderBy timestampMax -Order 'desc'
$ThreatActorData = @()
$UniqueResults = $Results | Select-Object 'actor_id' -Unique
ForEach ($UniqueResult in $UniqueResults) {
Expand Down
3 changes: 3 additions & 0 deletions Modules/ibPS/Functions/BloxOne/BloxOneTD/Set-B1InternalDomainList.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@
if ($Domains) {
$Object.internal_domains = $Domains
}
if ($Description) {
$Object.description = $Description
}
if ($Tags) {
$Object.tags = $Tags
}
Expand Down
17 changes: 10 additions & 7 deletions Modules/ibPS/Functions/BloxOne/BloxOneTD/Submit-B1TideData.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,15 +168,18 @@ function Submit-B1TideData {

$Feed = @{
"feed" = @{
"profile" = "$($Profile)"
"record_type" = "$($RecordType)"
"record" = @(@{
"$($RecordType)" = "$($RecordValue)"
"detected" = "$($DetectedTime)"
})
"profile" = "$($Profile)"
"record_type" = "$($RecordType)"
"record" = @(@{
"$($RecordType)" = "$($RecordValue)"
"detected" = "$($DetectedTime)"
})
}
}


if ($external_id) {
$Feed.feed.external_id = $external_id
}
if ($ThreatClass) {
$Feed.feed.record[0].class = "$($ThreatClass)"
}
Expand Down
3 changes: 1 addition & 2 deletions Modules/ibPS/Functions/Misc/Misc.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -710,8 +710,7 @@ function Build-TopologyChildren {
[System.Object[]]$Object,
[Switch]$IncludeAddresses,
[Switch]$IncludeRanges,
[Switch]$IncludeSubnets,
[Int]$Progress = 0
[Switch]$IncludeSubnets
)
process {
$ParentObjectsToCheck = @("ipam/address_block")
Expand Down
5 changes: 0 additions & 5 deletions Modules/ibPS/Functions/Misc/Resolve-DoHQuery.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,6 @@ function Resolve-DoHQuery {
.PARAMETER Section
Optionally specify one or more sections to return (Answer/Authority/Additional)
.PARAMETER DNSSEC
Optionally validate DNSSEC
.PARAMETER SourceIP
Specify the Source IP to spoof using EDNS OPT 65523. This only works when using BloxOne Threat Defense.
Expand Down Expand Up @@ -121,8 +118,6 @@ function Resolve-DoHQuery {
[String]$DoHServer = $(if ($ENV:IBPSDoH) { $ENV:IBPSDoH }),
[ValidateSet('Answer','Authority','Additional')]
[String[]]$Section,
[Parameter(DontShow)]
[Switch]$DNSSEC,
[String]$SourceIP,
[String]$SourceMAC,
[String]$SourceView,
Expand Down
Loading

0 comments on commit 1a8a7f5

Please sign in to comment.