Skip to content

Invoke-SophosLiveDiscoverQuery

SYNOPSIS

Run a saved EDR query or an ad hoc query on remote endpoints

SYNTAX

Invoke-SophosLiveDiscoverQuery [-Token] <String> [-TenantId] <String> [-ApiHost] <String>
 [-RequestBody] <Hashtable> [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

Run a saved EDR query or an ad hoc query on remote endpoints

EXAMPLES

EXAMPLE 1

$token = Get-SophosAccessToken -ClientID "xxxxxxxxxxxxxxxx" -ClientS "xxxxxxxxxxxxxxxxx"
PS>$partnerId = Get-SophosPartnerId -Token $token
PS>$tenant = Get-SophosPartnerTenants -PartnerId $partnerId.PartnerId -Token $token | Where-Object {$_.Name -eq 'MyTenant'}
PS>$body = @{
    "matchEndpoints" = @{
        "filters" = @(
            "groupNameContains" = "MyGroup"
        )
    }
}
PS>Invoke-SophosLiveDiscoverQuery -Token $token -TenantId $tenant.id -ApiHost $tenant.apiHost -RequestBody $body

PARAMETERS

-Token

JWT token from oauth API

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TenantId

Tenant ID

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ApiHost

API host location URL of the tenant

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RequestBody

Hashtable with the query parameters according to https://developer.sophos.com/docs/live-discover-v1/1/routes/queries/runs/post

Type: Hashtable
Parameter Sets: (All)
Aliases:

Required: True
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES