Invoke MdeMachineLiveResponse - Visorian/PSMDE GitHub Wiki

external help file: PSMDE-help.xml Module Name: PSMDE online version: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-live-response?view=o365-worldwide schema: 2.0.0

Invoke-MdeMachineLiveResponse

SYNOPSIS

Runs a sequence of live response commands on a device.

SYNTAX

Invoke-MdeMachineLiveResponse [-id] <String> [-comment] <String> [-commands] <Array> [<CommonParameters>]

DESCRIPTION

Runs a sequence of live response commands on a device.

EXAMPLES

EXAMPLE 1

Invoke-MdeMachineLiveResponse -id "MACHINE_ID" -comment "Your comment" -commands @(@{type = "RunScript"; params = @(@{key = "scriptName"; value = "scriptFile.ps1"}; @{key = "Args"; value = "argument1"})})

PARAMETERS

-id

Specifies the id of the target MDE machine.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False

-comment

Comment to associate with the action.

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-commands

Array of commands to run. Allowed values are "PutFile", "RunScript", "GetFile". See the reference link for more details on the body.

Type: Array
Parameter Sets: (All)
Aliases:

Required: True
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES

Author: Jan-Henrik Damaschke

RELATED LINKS

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-live-response?view=o365-worldwide

⚠️ **GitHub.com Fallback** ⚠️