-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAPI - Get PSM Session Detail.ps1
49 lines (40 loc) · 1.87 KB
/
API - Get PSM Session Detail.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#Install pre-reqs
install-module psPAS
import-module psPAS
#Instantiate variables
$PVWA = 'https://pvwa.example.com'
$cred = Get-Credential Administrator
$array = @()
#Initiate REST API session
New-PASSession -BaseURI $PVWA -Credential $cred
#Get recordings - optionally add searches and/or filter parameters
$PSMRecordings = Get-PASPSMRecording
#Loop through each recording record
foreach($sessionRecording in $PSMRecordings){
#Get the recording detail for current recording
$recordingProperties = $sessionRecording | Get-PASPSMRecordingProperty
$PSMProviderID =''
#Find the PSM provider ID in the Raw Properties returned
if ($recordingProperties.RawProperties -match '(ProviderID=)(\w*)'){
$PSMProviderID = $Matches.2
}
#Look up the PSM server by its provider ID
$PSMServerInfo = Get-PASComponentDetail -ComponentID SessionManagement | Where-Object {$_.ComponentUserName -eq $PSMProviderID}
#create a custom PS object with the desired properties
$obj = new-object psobject -Property @{
SessionGUID = $recordingProperties.SessionGuid
CyberArkUser = $recordingProperties.User
PrivilegedAccount = $recordingProperties.AccountUsername
TargetServer = $recordingProperties.RemoteMachine
ConnectionComponent = $recordingProperties.ConnectionComponentID
PSMServerIP = $PSMServerInfo.ComponentIP
TimestampStart =(Get-Date 01.01.1970)+([System.TimeSpan]::fromseconds($recordingProperties.Start))
TimestampEnd = (Get-Date 01.01.1970)+([System.TimeSpan]::fromseconds($recordingProperties.End))
}
#add the custom object to our array
$array += $obj
}
#Output the array in a table format
$array | ft
#Close out the REST API Session
Close-PASSession