Products

Endpoint Protection Endpoint Security Data Center Security Server Data Center Security Server Advanced Endpoint Detection and Response Endpoint Detection and Response Cloud Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

This article provides simple to use steps to demonstrate Symantec Endpoint Security products usage with PowerShell 5.1. These steps can also be used to validate that the Rest API for products listed below is functioning as expected.

Environment

Data Center Security 6.9.3 and older.
Data Center Security 6.10 and newer.
Symantec Endpoint Detection and Response 4.10 and newer.
Symantec Endpoint Protection Manager 14.3 and newer.
Symantec Endpoint Security.
Symantec Protection Engine 9.0 and newer.

Resolution

Contained within each Product folder are two or more scripts. Generally each products has a script with Authentication, auth or token in the name. This script should be run first to generate an access token which is then used in the other scripts in that folder.

Simplified Steps for Use

Open Powershell (Version 5.x)

Run the command:

Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process

Navigate to folder where scripts downloaded and extracted to:
- ```
Example: cd "<drive>:\full\path\to\folder"
```
Type in the script name and press enter

Detailed Steps

Below are detailed steps that give more context that may help in some scenarios.

Download and Extract files, confirm PowerShell version

Download the Endpoint_products_REST_API_scripts.zip file attached to this article (scroll to the bottom of the page) to a Windows computer. Extract the .zip file. Inside the .zip file are various folders, each one representing a specific product.

Open PowerShell and confirm the version by running this command:

$PSVersionTable

This will print out a table, reference the PSVersion row. Most Windows operating systems have version 5.1.x by default. Newer versions may have Version 7. These scripts were validated against 5.1.x but will work on version 7, although you may see warnings.

Set the Execution Policy to allow PowerShell scripts to run

Next, run this command:

Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process

This command will bypass any defined PowerShell execution policy defined for the PowerShell window currently open. Depending on your environment's ExecutionPolicy, this may need to be run every time a new Powershell window is opened.

Navigate to the folder where the scripts are saved

In the PowerShell window, navigate to folder where you saved the scripts to. This can be done a few ways. Typing "cd" then the path (like in a cmd prompt) works. You can also type:

Set-Location C:\path\to\scripts

The easiest may be using File Explorer. right click on the folder that contains the scripts and choose "Open in Terminal" which opens a PowerShell window at that path. Don't forget to run the execution policy if you choose this method.

Run a Script

Finally, run one of the scripts by typing in the script name. Example using the SEPM script "SEPM-Authentication.ps1"

SEPM-Authentication.ps1

Follow the script prompts to see the results

Each script will prompt for some sort of information needed to complete the Rest API call. Depending on the product and script, you may be asked to provide one or more of the following:

Server IP address
Rest API port
Username or ClientID
Password or ClientSecret
Token or Oauth credential

After entering the required information, the API will return information.

Scripts contained in Endpoint_products_REST_API_scripts.zip

Below is a list of all the individual scripts in theEndpoint_products_REST_API_scripts.zip file and a brief description of each.

Symantec Data Center Security

DCS 6.9.3 and older

These scripts should be used with Data Center Security version 6.9.3 and older.

DCS-auth-token-6-9-3.ps1 - Generates an auth token required for other API requests.
DCS-securitygroups-6-9-3.ps1 - Returns a list of DCS Security Groups. Requires token generated from previous script.

DCS 6.10 and newer

These scripts should be used with Data Center Security version 6.9.3 and older.

DCS-auth-token-6-10.ps1 - Generates an auth token required for other API requests.
DCS-securitygroups-6-10.ps1 - Returns a list of DCS Security Groups. Requires token generated from previous script.

Symantec Endpoint Detection and Response (On-Prem)

EDR-auth.ps1 - Generates a token to be used in other API requests.
EDR-appliances.ps1 - Returns EDR appliance details. Requires token generated from previous script.

Symantec Endpoint Protection Manager (On-Prem)

SEPM-Authenticate.ps1 - Generates a token for use in other API requests.
SEPM-Groups.ps1 - Returns a list of Groups in the SEPM. Requires token generate from previous script.
SEPM-Version.ps1 - Returns SEPM version information.

Symantec Endpoint Security (Cloud)

SES-oauth2_tokens.ps1 - Generates oauth token for using in API requests.
SES-device-groups.ps1 - Returns list of device groups.

Symantec Protection Engine

SPE-authentication.ps1 - Generates access token for API requests
SPE-homepage-statistics.ps1 - Returns general SPE statistic information.

Common Errors using PowerShell Rest API scripts

Invoke-RestMethod : Unable to connect to the remote server

This is caused being unable to connect to the product's Rest API. Check the IP/port you entered into the script. Also check general network connectivity to the IP and port. PowerShell's Test-NetConnection is helpful here.

Test-NetConnection -ComputerName <name or IP> -Port <port>

Additional Information

The steps and scripts attached in this article serve as examples of Symantec Endpoint Security products Rest API usage with PowerShell. Support can assist with confirming Rest API functionality and verifying individual API calls are working as designed. Assistance with custom scripting is outside the scope of standard support.

Set-ExecutionPolicy

Attachments

Endpoint_products_REST_API_scripts.zip get_app

Symantec Endpoint Security products Rest API testing and troubleshooting scripts

Article ID: 413836

Updated On: