Home > Mobile >  How to pass a variable to advanced hunting query using PowerShell utilizing Defender for Endpoint Re
How to pass a variable to advanced hunting query using PowerShell utilizing Defender for Endpoint Re

Time:09-17

I am running the following advanced hunting query (a type of Kusto query) utilizing Microsoft Defender for Endpoint rest API through PowerShell.

$query = "let letter = 'b';
          DeviceTvmSoftwareInventory
          | where SoftwareVendor startswith letter
          | project DeviceName, OSPlatform, SoftwareVendor, SoftwareName, SoftwareVersion"

It works as it is, but I need to pass a variable to the query to run the query against series of different values (i.e., variable) instead of a hardcoded string (i.e., 'b').

I tried to define a PowerShell variable outside of the query and reference it in the query but it doesn't work.

How can I pass a PowerShell variable to this query? How can I overcome this problem?

Thank you

CodePudding user response:

Iterate over an array of the values.

$Values = @('a', 'b', 'c')
$Values |
    ForEach-Object {
        $query = "let letter = '$_';
            DeviceTvmSoftwareInventory
            | where SoftwareVendor startswith letter
            | project DeviceName, OSPlatform, SoftwareVendor, SoftwareName, SoftwareVersion"
    }

Page link:https//www.codepudding.com/Mobile/115255.html

Prev:Extract Username From Log Text using Powershell
Next:Unable to export system.object in a readable form using PowerShell
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding