PowerShell to Download All Critical/High Lacework Alerts From the Last 24 Hours

Not sure how many folks here would use this but I needed this as part of a larger project so I thought I would share:

# Define Lacework API key, endpoint, and time range
$APIKey = "your_lacework_api_key"
$BaseURI = "https://api.lacework.net/api/v1"
$TimeRange = (Get-Date).AddHours(-24).ToString("yyyy-MM-ddTHH:mm:ssZ")

# Create authentication headers
$Headers = @{
    'Content-Type' = 'application/json'
    'x-api-key' = $APIKey
}

# Define function to get alerts
function Get-LaceworkAlerts($severity, $since) {
    $URI = "$BaseURI/external/vulnerabilities/container?start_time=$since&severity=$severity"

    try {
        $Response = Invoke-WebRequest -Uri $URI -Headers $Headers -Method Get
        $Alerts = ($Response.Content | ConvertFrom-Json).data
    }
    catch {
        Write-Error "Error fetching Lacework alerts: $_"
        $Alerts = $null
    }

    return $Alerts
}

# Get critical and high alerts from the past 24 hours
$CriticalAlerts = Get-LaceworkAlerts -severity "Critical" -since $TimeRange
$HighAlerts = Get-LaceworkAlerts -severity "High" -since $TimeRange

# Output the alerts
$CriticalAlerts
$HighAlerts

# Save the alerts to JSON files
if ($CriticalAlerts) {
    $CriticalAlerts | ConvertTo-Json | Set-Content -Path "CriticalAlerts.json"
}
if ($HighAlerts) {
    $HighAlerts | ConvertTo-Json | Set-Content -Path "HighAlerts.json"
}

Comments

Post a Comment

Popular posts from this blog

Unveiling the Power of PowerShell Regions: A Comprehensive Guide

 Introduction PowerShell has gained widespread popularity as a powerful task automation and configuration management framework. As your PowerShell scripts grow in size and complexity, it's essential to maintain readability and organization. One often under-utilized feature of PowerShell that can significantly improve code readability is the use of 'regions'. In this blog post, we will delve into the concept of regions in PowerShell, exploring their applications, benefits, and how you can make the most of them in your scripts. What are PowerShell Regions? PowerShell regions are collapsible sections of code, demarcated by special comments, that allow you to group and organize related code snippets. The primary purpose of regions is to improve the readability of your scripts by allowing you to fold or collapse sections of code that are not actively being worked on. These regions can be expanded or collapsed using the 'Expand-Collapse' functionality available in most mo...
Read more

PowerShell Script to Remotely Update Firmware on Brother Printers Microsoft

While this does not work for all models or configurations of Brother printers, it can be a lifesaver so I thought I would share: # Set your printer's IP address and model number $PrinterIP = "192.168.1.100" $PrinterModel = "HL-L8360CDW" # Define the URL for the firmware download page $FirmwareURL = "https://support.brother.com/g/b/downloadtop.aspx?c=us&lang=en&prod=$($PrinterModel.ToLower())_eus" # Get the latest firmware version from Brother's website $LatestFirmwareInfo = (Invoke-WebRequest -Uri $FirmwareURL -UseBasicParsing).Links | Where-Object { $_.href -like "*.firm" } | ForEach-Object { @{ Version = $_.innerText.Trim() -replace '[^0-9.]', ''; DownloadUrl = $_.href } } | Sort-Object -Descending -Property Version | Select-Object -First 1 if (!$LatestFirmwareInfo) { Write-Host "Couldn't retrieve the latest firmware version for the printer model. Please verify the printer model an...
Read more

PowerShell Script to Reset Permissions on all Documents in a Document Library in SharePoint Online.

Here's a PowerShell script that resets permissions on all documents in a SharePoint Online document library: #Connect to SharePoint Online Site $SiteURL = "https://yourdomain.sharepoint.com/sites/sitename" $UserName = "yourusername@yourdomain.com" $Password = "yourpassword" $SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force $Cred = New-Object System.Management.Automation.PSCredential($UserName, $SecurePassword) Connect-PnPOnline -Url $SiteURL -Credentials $Cred #Set Variables $ListName = "Documents" $FolderPath = "/Shared Documents" #Get all Documents from the document library $Documents = Get-PnPListItem -List $ListName -Folder $FolderPath #Loop through each document and reset permissions foreach ($Doc in $Documents) { Set-PnPListItemPermission -List $ListName -Identity $Doc.Id -InheritPermissions $true -ClearAllPermissions $true } Write-Host "Permissions reset complete." You will need to re...
Read more