我有一个包含 4 列 csv 格式的表。 我读取行并将它们转换为 json 并将其写入服务器。
行由以下部分组成:
我的一切都按预期工作,除了一个恼人的可能简单的问题,我试图在屏幕上显示写入的特定值,并显示写入服务器的哈希值和显示名称。
但是,尽管尝试使用 @ebrobject.description 或 @ebrobject.sha256 选择要显示的相关项目,但我仍然不断获取所有数据,这两者都显示完整的字符串。
如何只显示数据字段或哈希字段而不显示所有内容?
这是我的代码(某些项目已被编辑)。
param (
[string]
$server = 'redacted server address',
# Minerva Management user name
# [Parameter(Mandatory = $true)]
[string]
$user = "redacted",
# CSV file path (or the file name if they are on the same folder), e.g "C:\Users\userName\Desktop\hashesToBlock.csv"
[string]
$filePath = "hashesToBlock.csv"
)
function Read-Password() {
$SecurePassword = Read-Host -Prompt "Enter $user password" -AsSecureString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
return [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
}
Try {
$csv = Import-Csv -path $filePath
}
Catch {
"Couldn't open file [$filePath]: ${$_.Exception.Message}"
Break
}
$password = Read-Password
$loginUrl = "$redacted"
$loginPayload = @{
username = $user
password = $password
}
Try {
$res = Invoke-RestMethod -Method Post -SessionVariable session -Uri $loginUrl -Body (ConvertTo-Json $loginPayload -Depth 3) -ContentType "application/json"
"Login successful."
}
Catch {
$_.Exception.Message
Break
}
# Mike made changes in this section
Write-Host "Are you sure those are the hashes you want to block?`n" -ForegroundColor Yellow
# Write-Host "`nHashes details:`n" $csv
$Count = 0
foreach ($ebrDeatails in $csv)
{
Write-Host "$Count. $ebrDeatails`n" -ForegroundColor Yellow
$Count = $Count + 1
}
Write-Host "continue blocking $Count hashes" -ForegroundColor Green
$type=Read-Host "[Y] yes [N] no
Please choose"
if ($type -ne 'Y' -or $type -ne 'y'){
return
}
$successful = 0;
foreach ($ebrDeatails in $csv) {
$addEBRUrl = "$server/api/ProcessRelationRules"
if ($ebrDeatails.groupsIds -eq "") {
$groupsIds = "All Groups"
} else {
$groupsIds = $ebrDeatails.groupsIds.Split(',');
}
$blockMode = "false"
if ($ebrDeatails.blockMode -eq "True" -or $ebrDeatails.blockMode -eq "true"){
$blockMode = "true"
}
$ebr = @{
description = $ebrDeatails.description
parentProcessType = "commandLine"
parentProcess = "*"
childProcessType = "sha256"
childProcess = $ebrDeatails.sha256
appliedGroupsIds = @($groupsIds)
isBlockMode = $blockMode
}
Try {
$res = Invoke-RestMethod -Method Post -WebSession $session -Uri $addEBRUrl -Body (ConvertTo-Json $ebr -Depth 3) -ContentType "application/json"
$successful = $successful + 1
Write-Host "`nWritten $ebrDeatails.description with Hash $ebrDeatails.sha256 to policy on web." -ForegroundColor Green
}
Catch {
Write-Host "failed to create execution block rule: $ebrDeatails, Reason: $_" -ForegroundColor Red
}
}
Write-Host "`nSuccessfully added $successful execution block rules to the web database" -ForegroundColor Green
这是不起作用的地方
Write-Host "`nWritten $ebrDeatails.description with Hash $ebrDeatails.sha256 to policy on web." -ForegroundColor Green
这是我从 Write-Host 获得的输出
写@{sha256=e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d;描述=Akira勒索软件的Linux/ESXi变种;组ID=; blockMode=TRUE}.descript 离子与哈希 @{sha256=e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d;描述=Akira勒索软件的Linux/ESXi变种;组ID=; blockMode=TRUE}.sh a256 到网络政策。
我想要的是得到以下内容:
编写 Akira 勒索软件的 Linux/ESXi 变体,并使用哈希值 e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d 进行网络策略。
任何人都可以找出我做错了什么吗?
谢谢,
迈克
可扩展字符串文字(用双引号
"...""... $variable.propertyName"$variable.propertyName要强制计算成员访问操作,请将其括在子表达式运算符
$(...)Write-Host "`nWritten $($ebrDeatails.description) with Hash $($ebrDeatails.sha256) to policy on web." -ForegroundColor Green
PowerShell 现在将分别计算
$(...)