- Fixed a bug in Set-CyPolicyForDevice where setting policy would not when the device record was not either a full record, or a shallow record (from devicelist), but a devicelist -perzone record. Thank you to Philip Hohl for reporting the issue.
- Fixed a bug in Get-CyZone where retrieving by name would not work when an "API" parameter was present (Scope = None). Thank you to Philip Hohl for reporting the issue.
- Reverted an (unreleased-to-powershellgallery) change to Add-CyHashToGlobalList because it had introduced buggy behavior
- Performance improvements to type conversion
- Small fixes to threat handling
- Added last_found to converted fields for Convert-CyObject
- Better safeguards in Set-CyPolicyForDevice
- Get-CyThreatList added
- Get-CyDeviceList now uses the now-supported page_size of 10000, which speeds up device record retrieval A LOT; performance enhancements to conversion.
- Updated Read-CyData to accept a "Fields" parameter to restrict datetime conversion to certain fields
- Exposed Convert-CyObject, added a "Fields" parameter to restrict datetime conversion to certain fields
- Get-CyDetectionRuleList added
- Get-CyDetectionRuleDetail added.
- Get-CyDetectionExceptionList added
- Get-CyDetectionExceptionDetail added
- Added Optics' "ActivationTime" field datetime conversion support
- Introduced "IsDirty" property to track write operations, in preparation of adding simple caching to the module.
- New-CyInstaQuery - "description" is now auto-populated with "Name" when parameter is ommitted, because it is required by the backend API
- Get-CyDeviceDetailByMac updated to support multi-device responses
- Remove-CyDetection added
- Set-CyPolicyForDevice, when called with improper arguments, would still call the backend API. Backend API would not ignore the call, but execute an improper action. Added code to detect and prevent this from affecting CyCLI module users.
- Add-CyDeviceToZone, when called with improper arguments, would still call the backend API. Backend API would not ignore the call, but execute an improper action. Added code to detect and prevent this from affecting CyCLI module users.
- Added Get-CyLockdownStatus
- Happy New Year 2019!
- Added Update-CyZone API
- Added new OPTICS APIs:
- Get-CyDetectionExceptionList
- Get-CyDetectionExceptionDetail
- Updated application definitions retrieval logic with autocompletion
- Changed autocompletion implementation across module
- Renamed Get-CyDateFromString to ConvertFrom-CyDateString
- Moved OPTICS APIs into separate files for detections, packages, etc.
- Fixed a few bugs with Add-CyPolicyExclusionsForApplication (dynamic expansion of "Application" parameter name), removed support for custom definitions for now
- Added new OPTICS APIs:
- Get-CyDetectionRecentList
- Get-CyDetectionList updated to support query parameters. NOTE: currently, multi-valued query parameters are not yet supported
- New-CyInstaQuery
- Get-CyInstaQueryResults
- Get-CyInstaQueries
- Added more AV definitions for exclusions to data file
- Small bug fix in CyPolicies
- Added better error condition comment in CyAPI.ps1
- Incorporated 2Dman's policy assignment patch
- Removed redundant file from a published release
- Get-CyTDRsForAllConsoles added
- Add-CyPolicyExclusionsForApplication added to add application-specific configuration to policies from templates that are (for now) part of the module
- Added templates for some common application exclusions
- Add-CyPolicyExclusionsForApplication added; can add policy exclusions for known AV/EPP applications from JSON definition files.
- New-CyUser transaction added
- Invoke-CySendUserInvite transaction added
- OPTICS Update-CyDetection now works
- Bugfixes in *-CyPolicy methods to better support referencing users by email when an non-session API token is used
- Updated OPTICS Update-CyDetection method
- Added convenience methods: GetUserByEmail
- Updated *-CyPolicy methods to be more robust + comfortable
- Accept "email" to identify the user
- Adding an exclusion already in the set will not add a duplicate but silently skip the action
- Changed policy defaults to have memory protection disabled in empty policy
- Changed policy defaults to have OPTICS disabled in empty policy
- Changed policy defaults to have "Watch for New Files" disabled in empty policy
- Changed policy defaults to have "Auto Upload" disabled in empty policy
- Changed policy defaults to have "Background Threat Detection" disabled in empty policy
- Added cmdlets for policy creation, cloning, common list settings changes: New-CyPolicy, Update-CyPolicy, Add-CyPolicyListSetting, Get-CyPolicyScaffold
- Packaging change for powershellgallery.com
- Added Remove-CyPolicy
- Added License file to module
- Release with some OPTICS transactions
- Added first new OPTICS transactions
- Added date conversion support for OPTICS detections
- Added "Create policy" API transaction
- Added auto-renewal of API token after 180s
- Added Clear-CyAPIHandle cmdlet to clear the session API handle
- Updated function names
- Prepared auto-renewal for tokens
- Added support for first OPTICS APIs
- Get-CyAPI supports positional parameter for console selection, allowing for short-hand form "Get-CyAPI "
- Exposed some JWT primitives
- Added more -verbose support to Get-CyAPI
- Encapsulated the REST method call function to allow for proxy support
- Updated Get-CyAPI to support proxies with/without credential access
- Updated New-CyConsoleConfig code to automatically prompt for region - eliminates the most common issue
- Updated README.md to remove outdated/confusing content
- API seems to sometimes return dates as strings like this: "2018-05-09T12:54:27.7711212". Updated date conversion to support these cases.
- Bug fix in New-CyConsoleConfig when consoles.json was empty
- Bug fix in New-CyConsoleConfig and Get-CyAPI to (a) always check if credentials are valid before saving them, and (b) return error messages that point to the most common root cause (wrong shard URL)
- Bug fix in Get-CyDeviceDetailByMac to include date conversion
- Bug fix in Convert-CyObject to fix date conversion - seems like a weird property assignment bug in Powershell.
- Minor bug fix for creation of backup
- Creates a .bak backup of
before it writes it (useful in case of manual, syntax-breaking edits to the JSON file)
- Breaking change: Better credentials handling - only DPAPI/SecureString supported now; this is a breaking change and you will need to update your existing consoles.json with encrypted credentials. To migrate, use a command similar to this:
(Get-CyConsoleConfig) | where APISecret -ne $null | foreach { $pw = ConvertTo-SecureString -Force -String $_.APISecret -AsPlainText ; New-CyConsoleConfig -Console "$($_.ConsoleId)_2" -APISecret $pw -APIId $_.APIId -Token $_.Token -APITenantId $_.APITenantId -APIAuthUrl $_.APIUrl -TDRUrl $_.TDRUrl }
. Check TDRUrl/APIUrl for correctness in consoles.json afterwards. This is only relevant for users of the pre-release version with a pre-existing consoles.json file. - Breaking change: Renamed some verbs and nouns based on PS best practices
- Mild refactoring after running PS Script Analyzer
- First candidate for public release, pending PSScriptAnalyzer fixes