-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathReceive-CsRuleSet.psm1
60 lines (53 loc) · 1.73 KB
/
Receive-CsRuleSet.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
function Receive-CsRuleSet {
<#
.SYNOPSIS
Download the latest rule set by type, or specific rule set by id
.PARAMETER TYPE
Type of rule set
.PARAMETER ID
ID of a specific rule set
.PARAMETER FORMAT
The output archive type [default: 'zip']
.PARAMETER PATH
Destination path
#>
[CmdletBinding(DefaultParameterSetName = 'latest')]
[OutputType([psobject])]
param(
[Parameter(ParameterSetName = 'latest', Mandatory = $True)]
[ValidateSet('snort-suricata-master', 'snort-suricata-update', 'snort-suricata-changelog',
'yara-master', 'yara-update', 'yara-changelog', 'common-event-format', 'netwitness')]
[string]
$Type,
[Parameter(ParameterSetName = 'specific', Mandatory = $True)]
[string]
$Id,
[Parameter(ParameterSetName = 'latest')]
[Parameter(ParameterSetName = 'specific')]
[ValidateSet('zip', 'gzip')]
[string]
$Format = 'zip',
[Parameter(ParameterSetName = 'latest', Mandatory = $True)]
[Parameter(ParameterSetName = 'specific', Mandatory = $True)]
[string]
$Path
)
process{
$Param = @{
Uri = '/intel/entities/rules-latest-files/v1?type=' + $Type + '&format=' + $Format
Method = 'get'
Header = @{
accept = 'application/' + $Format
}
OutFile = $Path
}
switch ($PSBoundParameters.Keys) {
'Id' {
$Param.Uri = '/intel/entities/rules-files/v1?id=' + $Id + '&format=' + $Format
}
'Verbose' { $Param['Verbose'] = $true }
'Debug' { $Param['Debug'] = $true }
}
Invoke-CsAPI @Param
}
}