-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathSearchPartnerSophosCustomerIDs.ps1
119 lines (106 loc) · 4.39 KB
/
SearchPartnerSophosCustomerIDs.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<#
Script Changelog
1.0 [Feb 2023] Ben Weinberg - Script developed
1.1 [Feb 2023] Ben Weinberg - Modified script to include search for tenant ID
1.2 [Feb 2023] Ben Weinberg - Modified script to search current machines registry
#>
<#
.SYNOPSIS
Connects to Sophos Central Partner
.DESCRIPTION
This PowerShell script prompts the user to enter their Sophos client ID, secret. If asks if you are running it on the effected machine and searches for the relevant registry key.
If you are not running it on the effected machine it prompts to enter the TenantID which can be found in the registry of the effected machine.
It then uses the client ID and secret to authenticate with the Sophos API and retrieve an access token.
The script then uses the access token to retrieve information about all tenants associated with the authenticated account searches for the tenant ID and returns the company its associated with.
.NOTES
#>
$clientId = Read-Host -Prompt 'Enter your Client ID, ask Ben if unsure'
if ($clientId -eq "" ){
write-host "A client ID must be specified"
return
}
$clientSecret = Read-Host -Prompt 'Enter your Client Secret, ask Ben if unsure' -AsSecureString
if ([System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($clientSecret)) -eq "") {
Write-Host "A client secret must be specified."
return
}
$currentDevice = Read-Host -Prompt 'Are you running this on the effected machine? (y/n default n)'
if ($currentDevice -ne "y") {
$tenantId = Read-Host -Prompt "Enter a tenant ID"
if ([string]::IsNullOrEmpty($tenantId)) {
write-host "A Tenant ID must be specified"
return
} elseif (-not [Guid]::TryParse($tenantId, [ref][Guid]::Empty)) {
write-host "The Tenant ID must be in the GUID format"
return
}
} else {
$reg = Get-ItemProperty -Path "HKLM:\SOFTWARE\Sophos\Management\Policy\Authority\*" -Name "tenantid"
if ($reg) {
$tenantId = $reg.tenantid
} else {
Write-Host "No tenant ID found in registry. Please specify the tenant ID manually."
$tenantId = Read-Host -Prompt "Enter a tenant ID"
if ([string]::IsNullOrEmpty($tenantId)) {
Write-Host "A Tenant ID must be specified"
return
} elseif (-not [Guid]::TryParse($tenantId, [ref][Guid]::Empty)) {
Write-Host "The Tenant ID must be in the GUID format"
return
}
}
}
$authParams = @{
Uri = 'https://id.sophos.com/api/v2/oauth2/token'
Method = 'Post'
Body = @{
grant_type = 'client_credentials'
client_id = $clientId
client_secret = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($clientSecret))
scope = 'token'
}
ContentType = 'application/x-www-form-urlencoded'
}
try {
$authResponse = Invoke-RestMethod @authParams
} catch {
write-host "Authentication failed. Error message: $($_.Exception.Message)" -ForegroundColor Red
return
}
$accessToken = $authResponse.access_token
$headers = @{
Authorization = "Bearer $accessToken"
}
$whoamiUrl = 'https://api.central.sophos.com/whoami/v1'
$whoamiResponse = Invoke-RestMethod -Uri $whoamiUrl -Headers $headers
$partnerId = $whoamiResponse.id
# list all tenants
$headers = @{
"Authorization" = "Bearer $($authResponse.access_token)"
"X-Partner-ID" = $partnerId
"Content-Type" = "application/json"
"User-Agent" = "PowerShell"
}
$firstPageUrl = "https://api.central.sophos.com/partner/v1/tenants?pageTotal=true"
$firstPageResponse = Invoke-RestMethod -Uri $firstPageUrl -Headers $headers -Method Get
$totalPages = $firstPageResponse.pages.total
$matchedTenant = $null
for ($page = 1; $page -le $totalPages; $page++) {
$tenantsUrl = "https://api.central.sophos.com/partner/v1/tenants?pageTotal=true&page=$page"
$tenantsResponse = Invoke-RestMethod -Uri $tenantsUrl -Headers $headers -Method Get
foreach ($tenant in $tenantsResponse.items) {
if ($tenant.id -eq $tenantId) {
$matchedTenant = $tenant
break
}
}
if ($matchedTenant) {
break
}
}
if ($matchedTenant) {
Write-Host "Tenant name for ID $tenantId is $($matchedTenant.name)" -ForegroundColor Green
} else {
Write-Host "No tenant found with ID $tenantId" -ForegroundColor Red
}
Pause