I have a table that contains 4 columns in csv format. I read in the rows and write them to a server by converting them to json and writing it.
The rows are built of:
I have everything working exactly as it should except for one annoying possibly simple issue, where I am trying to display on the screen the specific value that was written and display what Hash and what display name were written to the server.
But I keep getting all the data despite trying to chose the relevant item to display by using @ebrobject.description or @ebrobject.sha256, both of these display the full string.
How can I display only the data field or the hash field and not everything ?
This is my code (certain items have been redacted).
param (
[string]
$server = 'redacted server address',
# Minerva Management user name
# [Parameter(Mandatory = $true)]
[string]
$user = "redacted",
# CSV file path (or the file name if they are on the same folder), e.g "C:\Users\userName\Desktop\hashesToBlock.csv"
[string]
$filePath = "hashesToBlock.csv"
)
function Read-Password() {
$SecurePassword = Read-Host -Prompt "Enter $user password" -AsSecureString
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
return [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
}
Try {
$csv = Import-Csv -path $filePath
}
Catch {
"Couldn't open file [$filePath]: ${$_.Exception.Message}"
Break
}
$password = Read-Password
$loginUrl = "$redacted"
$loginPayload = @{
username = $user
password = $password
}
Try {
$res = Invoke-RestMethod -Method Post -SessionVariable session -Uri $loginUrl -Body (ConvertTo-Json $loginPayload -Depth 3) -ContentType "application/json"
"Login successful."
}
Catch {
$_.Exception.Message
Break
}
# Mike made changes in this section
Write-Host "Are you sure those are the hashes you want to block?`n" -ForegroundColor Yellow
# Write-Host "`nHashes details:`n" $csv
$Count = 0
foreach ($ebrDeatails in $csv)
{
Write-Host "$Count. $ebrDeatails`n" -ForegroundColor Yellow
$Count = $Count + 1
}
Write-Host "continue blocking $Count hashes" -ForegroundColor Green
$type=Read-Host "[Y] yes [N] no
Please choose"
if ($type -ne 'Y' -or $type -ne 'y'){
return
}
$successful = 0;
foreach ($ebrDeatails in $csv) {
$addEBRUrl = "$server/api/ProcessRelationRules"
if ($ebrDeatails.groupsIds -eq "") {
$groupsIds = "All Groups"
} else {
$groupsIds = $ebrDeatails.groupsIds.Split(',');
}
$blockMode = "false"
if ($ebrDeatails.blockMode -eq "True" -or $ebrDeatails.blockMode -eq "true"){
$blockMode = "true"
}
$ebr = @{
description = $ebrDeatails.description
parentProcessType = "commandLine"
parentProcess = "*"
childProcessType = "sha256"
childProcess = $ebrDeatails.sha256
appliedGroupsIds = @($groupsIds)
isBlockMode = $blockMode
}
Try {
$res = Invoke-RestMethod -Method Post -WebSession $session -Uri $addEBRUrl -Body (ConvertTo-Json $ebr -Depth 3) -ContentType "application/json"
$successful = $successful + 1
Write-Host "`nWritten $ebrDeatails.description with Hash $ebrDeatails.sha256 to policy on web." -ForegroundColor Green
}
Catch {
Write-Host "failed to create execution block rule: $ebrDeatails, Reason: $_" -ForegroundColor Red
}
}
Write-Host "`nSuccessfully added $successful execution block rules to the web database" -ForegroundColor Green
This is the bit that is not working
Write-Host "`nWritten $ebrDeatails.description with Hash $ebrDeatails.sha256 to policy on web." -ForegroundColor Green
And this is the output that I get from that Write-Host
Written @{sha256=e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d; description=Akira ransomware's Linux/ESXi variant; groupsIds=; blockMode=TRUE}.descript ion with Hash @{sha256=e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d; description=Akira ransomware's Linux/ESXi variant; groupsIds=; blockMode=TRUE}.sh a256 to policy on web.
What I want is to get the following:
Written Akira ransomware's Linux/ESXi variant with Hash e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d to policy on web.
Can anyone work out what I am doing wrong ?
Thanks,
Mike
Expandable string literals (string literals defined with double-quotes "...") only expand simple expressions - meaning that when PowerShell see's "... $variable.propertyName", it expands $variable on its own, and then ignores .propertyName.
To force evaluation of the member access operation, enclose it in the sub-expression operator $(...), eg.:
Write-Host "`nWritten $($ebrDeatails.description) with Hash $($ebrDeatails.sha256) to policy on web." -ForegroundColor Green
PowerShell will now evaluate the expressions inside $(...) separately before interpolating them into the resulting string value.