Merge pull request #21 from jonas2k/dev

Adapted to CylanceAPI limitation of 'page_size' max value of 200; 'Sh…

CylanceApiTools.psd1

@@ -8,7 +8,7 @@
     # RootModule = ''
 
     # Version number of this module.
-    ModuleVersion        = '1.41'
+    ModuleVersion        = '1.42'
 
     # Supported PSEditions
     CompatiblePSEditions = @("Core")
@@ -99,7 +99,7 @@
         cylanceApiAuthSuffix        = "auth/v2/token"
         cylanceApiMemSuffix         = "memoryprotection/v2"
         cylanceApiRegions           = @{apne1 = "-apne1"; au = "-au"; euc1 = "-euc1"; sae1 = "-sae1"; us = ".us" }
-        devicePageSize              = 10000
+        maxPageSize                 = 200
         expirationSeconds           = 120
         memProtectionActions        = @{
             0 = "None";

modules/Helpers.ps1

@@ -182,9 +182,49 @@ function Get-CylanceDevices {
 
     $params = @{
         "page"      = 1
-        "page_size" = $MyInvocation.MyCommand.Module.PrivateData["devicePageSize"]
+        "page_size" = $MyInvocation.MyCommand.Module.PrivateData["maxPageSize"]
     }
-    return Invoke-RestMethod -Method "GET" -Uri (Get-CylanceApiUri -type "Devices" -region $region) -Body $params -Headers $headers
+
+    $devicesCylanceApiUri = Get-CylanceApiUri -type "Devices" -region $region
+    return (Get-CylanceItems -itemCylanceApiUri $devicesCylanceApiUri -params $params -headers $headers)
+}
+
+function Get-CylanceItems {
+    param (
+        [parameter(Mandatory = $true)]
+        [String]$itemCylanceApiUri,
+        [parameter(Mandatory = $true)]
+        [hashtable]$params,
+        [parameter(Mandatory = $true)]
+        [hashtable]$headers,
+        [parameter(Mandatory = $false)]
+        [int]$itemLimit = 0
+    )
+
+    $items = New-Object -TypeName "System.Collections.ArrayList"
+
+    $initialResponse = Invoke-RestMethod -Method "GET" -Uri $itemCylanceApiUri -Body $params -Headers $headers
+    $items.AddRange($initialResponse.page_items)
+
+    if ($initialResponse.total_pages -gt 1 -and ($itemLimit ? $items.Count -lt $itemLimit : $True)) {
+        for ($i = $params.page + 1; $i -le $initialResponse.total_pages; $i++) {
+            $params.page = $i
+            $response = Invoke-RestMethod -Method "GET" -Uri $itemCylanceApiUri -Body $params -Headers $headers
+            $items.AddRange($response.page_items)
+
+            if ($itemLimit -and ($items.Count -gt $itemLimit)) {
+                break
+            }
+        }
+    }
+    if ($itemLimit -and ($items.Count -gt $itemLimit)) {
+        $items = $items.GetRange(0, $itemLimit)
+    }
+
+    if ((-not $itemLimit -and $initialResponse.total_number_of_items -ne $items.Count) -or ($itemLimit -and $itemLimit -ne $items.Count)) {
+        Write-HostAs -mode "Warning" -message "Item count reported by API doesn't match actually returned item count, please proceed with caution."
+    }
+    return $items
 }
 
 function Get-FullCylanceDevice {
@@ -208,7 +248,7 @@ function Get-FullCylanceDevice {
 function Get-MemProtectionEvents {
     param(
         [parameter(Mandatory = $true)]
-        [ValidateRange(1, 200)]
+        [ValidateRange(1, 1000)]
         [int]$count,
         [parameter(Mandatory = $true)]
         [String]$bearerToken,
@@ -224,31 +264,33 @@ function Get-MemProtectionEvents {
 
     $params = @{
         "page"      = 1
-        "page_size" = $count
+        "page_size" = $MyInvocation.MyCommand.Module.PrivateData["maxPageSize"]
     }
-    return Invoke-RestMethod -Method "GET" -Uri (Get-CylanceApiUri -type "Mem" -region $region) -Body $params -Headers $headers
+
+    $memProtectionCylanceApiUri = Get-CylanceApiUri -type "Mem" -region $region
+    return (Get-CylanceItems -itemCylanceApiUri $memProtectionCylanceApiUri -headers $headers -params $params -itemLimit $count)
 }
 
 function Add-MemProtectionActionDescription {
     param(
         [parameter(ValueFromPipeline)]
-        $event
+        $memProtectionEvent
     )
 
     $memProtectionActions = $MyInvocation.MyCommand.Module.PrivateData["memProtectionActions"]
-    if ($memProtectionActions.ContainsKey($([int32]$event.action))) {
-        $event | Add-Member -NotePropertyName "action_description" -NotePropertyValue $($memProtectionActions.$([int32]$event.action))
+    if ($memProtectionActions.ContainsKey($([int32]$memProtectionEvent.action))) {
+        $memProtectionEvent | Add-Member -NotePropertyName "action_description" -NotePropertyValue $($memProtectionActions.$([int32]$evmemProtectionEventent.action))
     }
 }
 function Add-MemProtectionViolationTypeDescription {
     param(
         [parameter(ValueFromPipeline)]
-        $event
+        $memProtectionEvent
     )
 
     $memProtectionViolationTypes = $MyInvocation.MyCommand.Module.PrivateData["memProtectionViolationTypes"]
-    if ($memProtectionViolationTypes.ContainsKey($([int32]$event.violation_type))) {
-        $event | Add-Member -NotePropertyName "violation_type_description" -NotePropertyValue $($memProtectionViolationTypes.$([int32]$event.violation_type))
+    if ($memProtectionViolationTypes.ContainsKey($([int32]$memProtectionEvent.violation_type))) {
+        $memProtectionEvent | Add-Member -NotePropertyName "violation_type_description" -NotePropertyValue $($memProtectionViolationTypes.$([int32]$memProtectionEvent.violation_type))
     }
 }
 

modules/Invoke-CylanceDuplicateCleanup.ps1

@@ -20,7 +20,7 @@ function Invoke-CylanceDuplicateCleanup {
         Write-HostAs -mode "Info" -message "Checking devices, this may take a while."
         $response = Get-CylanceDevices -bearerToken $bearerToken -region $region
 
-        $duplicates = $response.page_items | Group-Object -Property "name" | Where-Object { $_.count -ge 2 }
+        $duplicates = $response | Group-Object -Property "name" | Where-Object { $_.count -ge 2 }
 
         [Array]$devicesToBeRemoved = @()
 

modules/Invoke-CylanceInactiveCleanup.ps1

@@ -22,7 +22,7 @@ function Invoke-CylanceInactiveCleanup {
         Write-HostAs -mode "Info" -message "Checking devices, this may take a while."
         $response = Get-CylanceDevices -bearerToken $bearerToken -region $region
 
-        $offlineDevices = $response.page_items | Where-Object { $null -ne $_.id -and $_.state -eq "Offline" -and (Test-DateIsOutOfRange -inputDate $_.date_first_registered -daysBack 1) }
+        $offlineDevices = $response | Where-Object { $null -ne $_.id -and $_.state -eq "Offline" -and (Test-DateIsOutOfRange -inputDate $_.date_first_registered -daysBack 1) }
 
         [Array]$devicesToBeRemoved = @()
         $daysAgo = (Get-Date).AddDays(-$inactiveDays)

modules/Show-CylanceMemProtectionEvents.ps1

@@ -7,7 +7,7 @@ function Show-CylanceMemProtectionEvents {
         [parameter(Mandatory = $false)]
         [String]$tenantId,
         [parameter(Mandatory = $false)]
-        [ValidateRange(1, 200)]
+        [ValidateRange(1, 1000)]
         [int]$count = 10,
         [parameter(Mandatory = $false)]
         [AllowEmptyString()]
@@ -20,20 +20,20 @@ function Show-CylanceMemProtectionEvents {
         $bearerToken = Get-BearerToken -applicationId $applicationId -applicationSecret $applicationSecret -tenantId $tenantId -region $region
         Write-HostAs -mode "Info" -message "Fetching data, this may take a while."
         $response = Get-MemProtectionEvents -count $count -bearerToken $bearerToken -region $region
-        $memProtectionEvents = $response.page_items | ForEach-Object { $_.created = [DateTime]$_.created; $_ }
+        $memProtectionEvents = $response | ForEach-Object { $_.created = [DateTime]$_.created; $_ }
 
-        foreach ($event in $memProtectionEvents) {
+        foreach ($memProtectionEvent in $memProtectionEvents) {
             try {
-                $fullDevice = Get-FullCylanceDevice -device $event.device_id -bearerToken $bearerToken -region $region
-                $event | Add-Member -NotePropertyName "device_name" -NotePropertyValue $fullDevice.name
-                $event | Add-Member -NotePropertyName "device_policy" -NotePropertyValue $fullDevice.policy.name
+                $fullDevice = Get-FullCylanceDevice -device $memProtectionEvent.device_id -bearerToken $bearerToken -region $region
+                $memProtectionEvent | Add-Member -NotePropertyName "device_name" -NotePropertyValue $fullDevice.name
+                $memProtectionEvent | Add-Member -NotePropertyName "device_policy" -NotePropertyValue $fullDevice.policy.name
             }
             catch {
                 Write-HostAs -mode "Error" -message "Can't get full device details for $($device.name)."
                 Write-Error "$($device.name): $($_.Exception.Message)"
             }
-            $event | Add-MemProtectionActionDescription
-            $event | Add-MemProtectionViolationTypeDescription
+            $memProtectionEvent | Add-MemProtectionActionDescription
+            $memProtectionEvent | Add-MemProtectionViolationTypeDescription
         }
 
         if ($memProtectionEvents.Count -gt 0) {