protected override void ProcessRecord() { base.ProcessRecord(); switch (ParameterSetName) { case "ByDetection": if (Detection != null) { foreach (var stateArtifacts in Detection.ArtifactsOfInterest) { string state = stateArtifacts.Key; List <CyDetection.CyArtifactOfInterest> aois = stateArtifacts.Value; foreach (var aoi in aois) { var source = aoi.Source; var type = aoi.Artifact.Type; var artifact = Detection.ResolveArtifactReference(aoi.Artifact.Uid); // now decide! bool includeInResults = true; if (null != Source) { includeInResults &= Source.Equals(source, StringComparison.InvariantCultureIgnoreCase); } if (null != ArtifactType) { includeInResults &= ArtifactType.Equals(type, StringComparison.InvariantCultureIgnoreCase); } if (includeInResults) { ////if (null != Facet) ////{ //// new PSCustomObject(). //// // output facet only //// switch (Facet) //// { //// case "Name": //// WriteObject(artifact.Name); //// break; //// case "Path": //// WriteObject(artifact.Path); //// break; //// case "CommandLine": //// WriteObject(artifact.CommandLine); //// break; //// case "Domain": //// WriteObject(artifact.Domain); //// break; //// case "Sha256Hash": //// WriteObject(artifact.Sha256Hash); //// break; //// case "Md5Hash": //// WriteObject(artifact.Md5Hash); //// break; //// case "Size": //// WriteObject(artifact.Size); //// break; //// case "SuspectedFileType": //// WriteObject(artifact.SuspectedFileType); //// break; //// } ////} ////else //{ // output whole artifact object WriteObject(artifact); } } } } break; } }