search cancel

SEP 15 PowerShell API Example Script

book

Article ID: 176023

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

  • Following API documentation for SEP 15 works in postman, but does not work in PowerShell. 
  • SEP 15 PowerShell API Example Script
  • How can I create an API request using PowerShell in SEP 15?

Resolution

  • Get the Client ID and Client Secret by logging into the SEP 15 Console: https://sep.securitycloud.symantec.com
  • Go to Endpoint > Integration > Client Applications
  • You can use an existing client application or create a new one by choosing "Client Application". 
  • This is where you will get your Client ID, Client Secret, Customer ID, and Domain ID. 
  • More information here: https://apidocs.symantec.com/home/sep_15

Use the following Sample PowerShell script to generate the token. Fill out the clientid, clientsecret, x-epmp-customer-id, and x-epmp-domain-id. 

# Get Authorization Token
$clientid = ''
$clientsecret = ''
$cred = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($clientid + ':' + $clientsecret))
$uri = 'https://usea1.r3.securitycloud.symantec.com/r3_epmp_i'
$path = '/oauth2/tokens'
$params = '?grant_type=client_credentials'
$method = 'Post'
$headers = @{
'Authorization' = "Basic $cred";
'Accept' = 'application/json';
'Content-Type' = 'application/x-www-form-urlencoded';
}
$auth = Invoke-RestMethod -Uri $uri$path$params -Method $method -Headers $headers

# Export Events
$path = '/sccs/v1/events/export'
$params = ''
$method = 'Post'
$headers = @{
'Authorization' = $auth.access_token;
'Content-Type' = 'application/json';
'x-epmp-customer-id' = '';
'x-epmp-domain-id' = '';
'x-epmp-product' = 'SAEP';
}
$request_info = @{
'batchSize' = '10000';
'type' = 'FIREWALL';
'startDate' = '1970-01-01T00:00:00.000Z';
'endDate' = Get-Date -UFormat "%Y-%m-%dT%H:%M:%S.000Z";
}
$body = $request_info | ConvertTo-Json -Compress
echo $body
$events = Invoke-RestMethod -Uri $uri$path$params -Method $method -Headers $headers -Body $body
echo $events