protected override void ProcessRecord()
{
base.ProcessRecord();
switch (ParameterSetName)
{
case "ByDetection":
if (Detection != null)
{
foreach (var stateArtifacts in Detection.ArtifactsOfInterest)
{
string state = stateArtifacts.Key;
List <CyDetection.CyArtifactOfInterest> aois = stateArtifacts.Value;
foreach (var aoi in aois)
{
var source = aoi.Source;
var type = aoi.Artifact.Type;
var artifact = Detection.ResolveArtifactReference(aoi.Artifact.Uid);
// now decide!
bool includeInResults = true;
if (null != Source)
{
includeInResults &= Source.Equals(source, StringComparison.InvariantCultureIgnoreCase);
}
if (null != ArtifactType)
{
includeInResults &= ArtifactType.Equals(type, StringComparison.InvariantCultureIgnoreCase);
}
if (includeInResults)
{
////if (null != Facet)
////{
//// new PSCustomObject().
//// // output facet only
//// switch (Facet)
//// {
//// case "Name":
//// WriteObject(artifact.Name);
//// break;
//// case "Path":
//// WriteObject(artifact.Path);
//// break;
//// case "CommandLine":
//// WriteObject(artifact.CommandLine);
//// break;
//// case "Domain":
//// WriteObject(artifact.Domain);
//// break;
//// case "Sha256Hash":
//// WriteObject(artifact.Sha256Hash);
//// break;
//// case "Md5Hash":
//// WriteObject(artifact.Md5Hash);
//// break;
//// case "Size":
//// WriteObject(artifact.Size);
//// break;
//// case "SuspectedFileType":
//// WriteObject(artifact.SuspectedFileType);
//// break;
//// }
////}
////else
//{
// output whole artifact object
WriteObject(artifact);
}
}
}
}
break;
}
}