-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathInvoke-HXDownloadAcquisition.ps1
84 lines (63 loc) · 3.5 KB
/
Invoke-HXDownloadAcquisition.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
function Invoke-HXDownloadAcquisition {
[CmdletBinding()]
[OutputType([psobject])]
param(
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
[string] $Uri,
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
[Microsoft.PowerShell.Commands.WebRequestSession] $WebSession,
[Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)]
[string] $Acquisition,
[Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true)]
[string] $Hostname='undefined',
[Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true)]
[string] $Hostset='undefined',
[Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true)]
[string] $Separator='~',
[Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true)]
[string] $Path
)
begin { }
process {
# Uri filtering:
if ($Uri -match '\d$') { $Endpoint = $Uri+$Acquisition }
elseif ($Uri -match '\d/$') { $Endpoint = $Uri+$Acquisition }
# Timestamp calculation:
$timestamp = Get-Date -Format o | ForEach-Object {$_ -replace ":", "."}
# Controller name:
$controller = [string](([regex]::Match($Uri,"https?://(?<controller>[\w\-]+)\.")).groups["controller"].value)
# Path filtering:
if (-not($Path -match '.zip$')) {
## filename with FireEye hostname id on it:
#$_path = (Get-Item -Path ".\" -Verbose).FullName + $timestamp + $Separator + $controller + $Separator + $Hostset + $Separator + $Hostname + $Separator + [System.IO.Path]::GetFileName($Acquisition)
## Filename without FireEye hostname id on it:
# Determine the path to write to:
if ($Path) { $_path = [System.IO.Path]::GetFullPath($Path) }
else { $_path = (Get-Item -Path ".\" -Verbose).FullName }
# Set up the path to the 'raw' folder:
$_path = [System.IO.Path]::Combine($_path, 'raw')
New-Item -ItemType Directory -Force -Path $_path -ErrorAction Stop | Out-Null
# Determine the hostname:
if ($Hostname -eq 'undefined') { $_hostname = [System.IO.Path]::GetFileName($Acquisition) -replace '.zip', '' }
else { $_hostname = $Hostname }
$_path = [System.IO.Path]::Combine($_path, $timestamp + $Separator + $controller + $Separator + $Hostset + $Separator + $_hostname + ".zip")
}
else { $_path = $Path }
# Webclient object.
$headers = @{ "Accept" = "application/octet-stream"; }
$null = Invoke-WebRequest -Uri $Endpoint -WebSession $WebSession -Method Get -Headers $headers -OutFile $_path -SkipCertificateCheck
# .net WebClient object way. Faster, but not compatible with self-signed certificates and PowerShell Core:
#$wc = New-Object System.Net.WebClient
#$wc.Headers.add('Accept','application/octet-stream')
#$wc.Headers.add('X-FeApi-Token',$TokenSession)
#$wc.DownloadFile($Endpoint, $_path)
$out = New-Object System.Object
$out | Add-Member -Type NoteProperty -Name Uri -Value $Uri
$out | Add-Member -Type NoteProperty -Name Acquisition -Value $Acquisition
$out | Add-Member -Type NoteProperty -Name Hostname -Value $Hostname
$out | Add-Member -Type NoteProperty -Name Hostset -Value $Hostset
$out | Add-Member -Type NoteProperty -Name File -Value $_path
$out
}
end { }
}