Using PowerShell to Query ABR

Introduction

The Admin By Request API allows you to get the necessary data into your preferred SIEM system. This blog covers how to test functionality and get data from Admin By Request using Windows PowerShell.

IMPORTANT

In order to use Invoke-RestMethods cmdlets used during this task, you need to be running Windows PowerShell version 3.0 or higher.

Procedure

There are five tasks involved:

Enable and Copy API Key
1. In the Admin By Request portal, navigate to menu Settings > Windows Settings:
2. From the left-hand side menu, select Data and then select top tab API KEYS:
3. If there is no key available, click button Add New. If there is a key available, select Click to show, followed by Copy to clipboard.
4. Paste the API Key into notepad (or similar) to be retrieved later, so that it is not overwritten in the next step.
Copy Required URLs from Resources
This task locates and copies two URLs used to make queries in subsequent tasks.
1. Copy Inventory URL:
  
  Follow this link.
  
  From the list of resources, copy the URL you want to work with using the Copy to clipboard button to the right of the /inventory URL (highlighted):
  
  NOTE
  
  For this example, we want to return our current inventory.
  
  The URL depends on your data center. This example uses data center 1 (https://dc1api.adminbyrequest.com/inventory in the URL). You might see a different data center in the URL (e.g. dc2api).
  
  Paste the inventory URL into notepad (or similar) to be retrieved later, so that it is not overwritten in the next step.
2. Copy Auditlog URL:
  
  Follow this link.
  
  From the list of resources, copy the URL you want to work with using the Copy to clipboard button to the right of the /inventory URL (highlighted):
  
  NOTE
  
  This example returns the current inventory.
  
  The URL depends on your data center. This example uses data center 1 (https://dc1api.adminbyrequest.com/auditlog in the URL). You might see a different data center in the URL (e.g. dc2api).
  
  Paste the inventory URL into notepad (or similar) to be retrieved later, so that it is not overwritten in the next step.
Start PowerShell and Declare API Key
NOTE
If you want to run the code within this blog as a script, you might need to change the default execution policy in PowerShell to bypass or unrestricted using the following line of code. An explanation of why this is required is outside the scope of this blog - refer to PowerShell's Execution Policy for more information.
```
set-executionpolicy bypass -scope process
```
1. Launch Windows PowerShell and declare the API Key by copying and pasting the following line of code into the window:
```
$apikey = ‘74521893577544cdac9b927df962f8a0’
```
2. Replace the API Key in this line of code with the API Key you copied in Enable and Copy API Key.
3. Press Enter:
Define General Variables
This task defines several variables to make the code easier to work with.
Get Data
1. Get Inventory Data
  1. Copy and paste the following line of code into the window:
    Invoke-Restmethod -uri $inventory -header $header -Method GET
  2. Press Enter on your Keypad:
2. Get Auditlog Data
  1. Copy and paste the following line of code into the window:
    Invoke-Restmethod -uri $auditlog -header $header -Method GET
  2. Press Enter on your Keypad:

NOTE

To output the data to a TXT or CSV file for further aggregation, simply add >> filename to the end of the command. For example:

Invoke-Restmethod -uri $auditlog -header $header -Method GET >> auditlog.txt

Voila! You have now successfully used Windows PowerShell to get inventory and auditlog data written to screen or file.

This procedure was created with the assistance of Mads Christian Mozart Johansen.

Using PowerShell to Query ABR

Introduction

Procedure

Related FAQ