{"id":21108344,"url":"https://github.com/celerium/sentinelone-powershellwrapper","last_synced_at":"2025-07-08T16:32:05.160Z","repository":{"id":63829450,"uuid":"452903711","full_name":"Celerium/SentinelOne-PowerShellWrapper","owner":"Celerium","description":"PowerShell wrapper for the SentinelOne API","archived":false,"fork":false,"pushed_at":"2024-03-04T00:01:18.000Z","size":2260,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-03-04T01:23:40.112Z","etag":null,"topics":["api","powershell","restful-api","s1","sentinelone"],"latest_commit_sha":null,"homepage":"https://celerium.github.io/SentinelOne-PowerShellWrapper/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Celerium.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"custom":"https://www.buymeacoffee.com/Celerium"}},"created_at":"2022-01-28T01:38:25.000Z","updated_at":"2024-03-03T14:47:31.000Z","dependencies_parsed_at":"2024-03-04T01:23:37.855Z","dependency_job_id":null,"html_url":"https://github.com/Celerium/SentinelOne-PowerShellWrapper","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Celerium%2FSentinelOne-PowerShellWrapper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Celerium%2FSentinelOne-PowerShellWrapper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Celerium%2FSentinelOne-PowerShellWrapper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Celerium%2FSentinelOne-PowerShellWrapper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Celerium","download_url":"https://codeload.github.com/Celerium/SentinelOne-PowerShellWrapper/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225449614,"owners_count":17476094,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","powershell","restful-api","s1","sentinelone"],"created_at":"2024-11-20T00:46:04.816Z","updated_at":"2025-07-08T16:32:05.110Z","avatar_url":"https://github.com/Celerium.png","language":"PowerShell","funding_links":["https://www.buymeacoffee.com/Celerium"],"categories":[],"sub_categories":[],"readme":"\u003e [!CAUTION]\n\u003e I no longer have access to the S1 mgmt console so I will be archiving this module.\n\n\n\n\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"http://Celerium.org\"\u003e\u003cimg src=\"https://raw.githubusercontent.com/Celerium/SentinelOne-PowerShellWrapper/main/.github/images/Celerium_PoSHGallery_SentinelOneAPI.png\" alt=\"_CeleriumDemo\" width=\"200\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  Celerium_SentinelOneAPI\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n[![Az_Pipeline][Az_Pipeline-shield]][Az_Pipeline-url]\n[![GitHub_Pages][GitHub_Pages-shield]][GitHub_Pages-url]\n\n[![PoshGallery_Version][PoshGallery_Version-shield]][PoshGallery_Version-url]\n[![PoshGallery_Platforms][PoshGallery_Platforms-shield]][PoshGallery_Platforms-url]\n[![PoshGallery_Downloads][PoshGallery_Downloads-shield]][PoshGallery_Downloads-url]\n[![codeSize][codeSize-shield]][codeSize-url]\n\n[![Contributors][contributors-shield]][contributors-url]\n[![Forks][forks-shield]][forks-url]\n[![Stargazers][stars-shield]][stars-url]\n[![Issues][issues-shield]][issues-url]\n\n[![Blog][Website-shield]][Website-url]\n[![GitHub_License][GitHub_License-shield]][GitHub_License-url]\n\n---\n\n## Buy me a coffee\n\nWhether you use this project, have learned something from it, or just like it, please consider supporting it by buying me a coffee, so I can dedicate more time on open-source projects like this :)\n\n\u003ca href=\"https://www.buymeacoffee.com/Celerium\" target=\"_blank\"\u003e\u003cimg src=\"https://www.buymeacoffee.com/assets/img/guidelines/download-assets-sm-2.svg\" alt=\"Buy Me A Coffee\" style=\"width:150px;height:50px;\"\u003e\u003c/a\u003e\n\n---\n\n\u003ca name=\"readme-top\"\u003e\u003c/a\u003e\n\n\u003c!-- PROJECT LOGO --\u003e\n\u003cbr /\u003e\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://celerium.org\"\u003e\n    \u003cimg src=\"https://raw.githubusercontent.com/Celerium/SentinelOne-PowerShellWrapper/main/.github/images/Celerium_PoSHGitHub_SentinelOneAPI.png\" alt=\"Logo\"\u003e\n  \u003c/a\u003e\n\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://www.powershellgallery.com/packages/SentinelOneAPI\" target=\"_blank\"\u003ePowerShell Gallery\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/Celerium/SentinelOne-PowerShellWrapper/issues/new/choose\" target=\"_blank\"\u003eReport Bug\u003c/a\u003e\n    ·\n    \u003ca href=\"https://github.com/Celerium/SentinelOne-PowerShellWrapper/issues/new/choose\" target=\"_blank\"\u003eRequest Feature\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/div\u003e\n\n---\n\n## About The Project\n\n* :warning: **As of 2023-11, Module is being overhauled to v2.0**\n\n* :warning: **As of 2022-11, SentinelOne has almost 400 endpoints and only the GET endpoints have been wrapped. The other endpoints will come later after the core functionality of this module has been validated.**\n\n  * See the RoadMap below for more information on whats next\n\nThe [SentinelOneAPI](https://www.sentinelone.com/) offers users the ability to extract data from SentinelOne into third-party reporting tools and aims to abstract away the details of interacting with SentinelOne's API endpoints in such a way that is consistent with PowerShell nomenclature. This gives system administrators and PowerShell developers a convenient and familiar way of using SentinelOne's API to create documentation scripts, automation, and integrations.\n\n* :book: Project documentation can be found on [Github Pages](https://celerium.github.io/SentinelOne-PowerShellWrapper/)\n* :book: SentinelOne's REST API documentation can be found under your management portal *https://your_mgmt_Address/api-doc/overview*.\n\nSentinelOne features a REST API that makes use of common HTTPs GET actions. In order to maintain PowerShell best practices, only approved verbs are used.\n\n* GET -\u003e Get-\n* GET -\u003e Connect-\n* GET -\u003e Export-\n* :warning:POST -\u003e New-\n* :warning:PUT -\u003e Set-\n* :warning:DELETE -\u003e Remove-\n\nAdditionally, PowerShell's `verb-noun` nomenclature is respected. Each noun is prefixed with `SentinelOne` in an attempt to prevent naming problems.\n\nFor example, one might access the `/sites` endpoint by running the following PowerShell command with the appropriate parameters:\n\n* *:book: Note: All commands contain an alias of 'S1'*\n\n```posh\nGet-SentinelOneSites\n```\n\nor\n\n```posh\nGet-S1Sites\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Install\n\nThis module can be installed directly from the [PowerShell Gallery](https://www.powershellgallery.com/packages/SentinelOneAPI) with the following command:\n\n```posh\nInstall-Module -Name SentinelOneAPI\n```\n\n* :information_source: This module supports PowerShell 5.0+ and *should* work in PowerShell Core.\n* :information_source: If you are running an older version of PowerShell, or if PowerShellGet is unavailable, you can manually download the *main* branch and place the *SentinelOneAPI* folder into the (default) `C:\\Program Files\\WindowsPowerShell\\Modules` folder.\n\nProject documentation can be found on [Github Pages](https://celerium.github.io/SentinelOne-PowerShellWrapper/)\n\n* A full list of functions can be retrieved by running `Get-Command -Module SentinelOneAPI`.\n* Help info and a list of parameters can be found by running `Get-Help \u003ccommand name\u003e`, such as:\n\n```posh\nGet-Help Get-SentinelOneSites\nGet-Help Get-SentinelOneSites -Full\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Initial Setup\n\nAfter installing this module, you will need to configure both the *base URI* \u0026 *API key* that are used to talk with the SentinelOne API.\n\n1. Run `Add-SentinelOneBaseURI` -baseMgmt_uri '\u003chttps://Mgmt-Console-Uri.sentinelone.net'`\u003e\n   * By default, you will need to define your management consoles url.\n   * The *'baseApi_uri'* parameter allows you to adjust in the event the API version is updated. By default it uses `/web/api/v2.1`\n   * If you have your own API gateway or proxy, you may put in your own custom URI by specifying the `-base_uri` parameter:\n      * `Add-SentinelOneBaseURI -base_uri http://myapi.gateway.celerium.org`\n\u003cbr\u003e\n\n2. Run `Add-SentinelOneAPIKey -Api_Key 123456789`\n   * It will prompt you to enter your API key if you do not specify them.\n    * SentinelOne API keys can be generated by going to *SentinelOne \u003e User \u003e Options\n\u003cbr\u003e\n\n3. [**optional**] Run `Export-SentinelOneModuleSettings`\n   * This will create a config file at `%UserProfile%\\SentinelOneAPI` that holds the *base uri* \u0026 *API key* information.\n   * Next time you run `Import-Module -Name SentinelOneAPI`, this configuration file will automatically be loaded.\n   * :warning: Exporting module settings encrypts your API key in a format that can **only be unencrypted by the user principal** that encrypted the secret. It makes use of .NET DPAPI, which for Windows uses reversible encrypted tied to your user principal. This means that you **cannot copy** your configuration file to another computer or user account and expect it to work.\n   * :warning: However in Linux\\Unix operating systems the secret keys are more obfuscated than encrypted so it is recommend to use a more secure \u0026 cross-platform storage method.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Usage\n\nTo view documentation for the module as well as any commands you can browse the [online Github pages](https://celerium.github.io/SentinelOne-PowerShellWrapper)\n\n* [SentinelOne-PowerShellWrapper](https://celerium.github.io/SentinelOne-PowerShellWrapper)\n\nAs a quick summary though you can reference the following notes:\n\n* Each `Get-SentinelOne*` function will respond with the raw data that SentinelOne's API provides.\n* A full list of functions can be retrieved by running `Get-Command -Module SentinelOneAPI`.\n* Help info and a list of parameters can be found by running `Get-Help \u003ccommand name\u003e`, such as:\n\n```posh\nGet-Help Get-SentinelOneSites\nGet-Help Get-SentinelOneSites -Full\n```\n\n* All commands contain an alias of 'S1'\n\n```posh\nGet-Help Get-S1Sites\nGet-Help Get-S1Sites -Full\n```\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Roadmap\n\n* [ ] Add Changelog\n* [ ] Example scripts \u0026 reports\n* [ ] Implement other METHODS `( DELETE, POST, PUT )`\n* [ ] Validate GET command structure, parameters and usage\n  * `Not all commands are fully validated due to various api issues and or permissions`\n\nSee the [open issues](https://github.com/Celerium/SentinelOne-PowerShellWrapper/issues) for a full list of proposed features (and known issues).\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n---\n\n## Contributing\n\nContributions are what makes the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.\n\nIf you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag \"enhancement\".\nDon't forget to give the project a star! Thanks again!\n\nSee the [CONTRIBUTING](https://github.com/Celerium/SentinelOne-PowerShellWrapper/blob/main/.github/CONTRIBUTING.md) guide for more information about contributing.\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## License\n\nDistributed under the MIT License. See [`LICENSE`](https://github.com/Celerium/SentinelOne-PowerShellWrapper/blob/main/LICENSE) for more information.\n\n[![GitHub_License][GitHub_License-shield]][GitHub_License-url]\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Contact\n\n\u003cdiv align=\"left\"\u003e\n\n  \u003cp align=\"left\"\u003e\n    ·\n    \u003ca href=\"https://celerium.org/#/contact\" target=\"_blank\"\u003eWebsite\u003c/a\u003e\n    ·\n    \u003ca href=\"mailto: celerium@celerium.org\"\u003eEmail\u003c/a\u003e\n    ·\n    \u003ca href=\"https://www.reddit.com/user/CeleriumIO\" target=\"_blank\"\u003eReddit\u003c/a\u003e\n    ·\n  \u003c/p\u003e\n\u003c/div\u003e\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n## Acknowledgments\n\nBig thank you to the following people and services as they have provided me with lots of helpful information as I continue this project!\n\n* [GitHub Pages](https://pages.github.com)\n* [Img Shields](https://shields.io)\n* [Font Awesome](https://fontawesome.com)\n* [Choose an Open Source License](https://choosealicense.com)\n* [GitHub Emoji Cheat Sheet](https://www.webpagefx.com/tools/emoji-cheat-sheet)\n\n\u003cp align=\"right\"\u003e(\u003ca href=\"#readme-top\"\u003eback to top\u003c/a\u003e)\u003c/p\u003e\n\n\u003c!-- MARKDOWN LINKS \u0026 IMAGES --\u003e\n\u003c!-- https://www.markdownguide.org/basic-syntax/#reference-style-links --\u003e\n\n[Az_Pipeline-shield]:               https://img.shields.io/azure-devops/build/AzCelerium/SentinelOneAPI/8?style=for-the-badge\u0026label=DevOps_Build\n[Az_Pipeline-url]:                  https://dev.azure.com/AzCelerium/SentinelOneAPI/_build?definitionId=8\n\n[GitHub_Pages-shield]:              https://img.shields.io/github/actions/workflow/status/celerium/SentinelOne-PowerShellWrapper/pages%2Fpages-build-deployment?style=for-the-badge\u0026label=GitHub%20Pages\n[GitHub_Pages-url]:                 https://github.com/Celerium/SentinelOne-PowerShellWrapper/actions/workflows/pages/pages-build-deployment\n\n[GitHub_License-shield]:            https://img.shields.io/github/license/celerium/SentinelOne-PowerShellWrapper?style=for-the-badge\n[GitHub_License-url]:               https://github.com/Celerium/SentinelOne-PowerShellWrapper/blob/main/LICENSE\n\n[PoshGallery_Version-shield]:       https://img.shields.io/powershellgallery/v/SentinelOneapi?include_prereleases\u0026style=for-the-badge\n[PoshGallery_Version-url]:          https://www.powershellgallery.com/packages/SentinelOneAPI\n\n[PoshGallery_Platforms-shield]:     https://img.shields.io/powershellgallery/p/SentinelOneapi?style=for-the-badge\n[PoshGallery_Platforms-url]:        https://www.powershellgallery.com/packages/SentinelOneAPI\n\n[PoshGallery_Downloads-shield]:     https://img.shields.io/powershellgallery/dt/SentinelOneAPI?style=for-the-badge\n[PoshGallery_Downloads-url]:        https://www.powershellgallery.com/packages/SentinelOneAPI\n\n[website-shield]:                   https://img.shields.io/website?up_color=blue\u0026url=https%3A%2F%2Fcelerium.org\u0026style=for-the-badge\u0026label=Blog\n[website-url]:                      https://celerium.org\n\n[codeSize-shield]:                  https://img.shields.io/github/repo-size/celerium/SentinelOne-PowerShellWrapper?style=for-the-badge\n[codeSize-url]:                     https://github.com/Celerium/SentinelOne-PowerShellWrapper\n\n[contributors-shield]:              https://img.shields.io/github/contributors/celerium/SentinelOne-PowerShellWrapper?style=for-the-badge\n[contributors-url]:                 https://github.com/Celerium/SentinelOne-PowerShellWrapper/graphs/contributors\n\n[forks-shield]:                     https://img.shields.io/github/forks/celerium/SentinelOne-PowerShellWrapper?style=for-the-badge\n[forks-url]:                        https://github.com/Celerium/SentinelOne-PowerShellWrapper/network/members\n\n[stars-shield]:                     https://img.shields.io/github/stars/celerium/SentinelOne-PowerShellWrapper?style=for-the-badge\n[stars-url]:                        https://github.com/Celerium/SentinelOne-PowerShellWrapper/stargazers\n\n[issues-shield]:                    https://img.shields.io/github/issues/Celerium/SentinelOne-PowerShellWrapper?style=for-the-badge\n[issues-url]:                       https://github.com/Celerium/SentinelOne-PowerShellWrapper/issues\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcelerium%2Fsentinelone-powershellwrapper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcelerium%2Fsentinelone-powershellwrapper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcelerium%2Fsentinelone-powershellwrapper/lists"}