Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixed removed AllFieldInfo and ExtraFieldInfo field newline and tab char #1190

Merged
merged 7 commits into from
Oct 16, 2023
Merged

fixed removed AllFieldInfo and ExtraFieldInfo field newline and tab char #1190

merged 7 commits into from
Oct 16, 2023

Conversation

hitenkoku
Copy link
Collaborator

What Changed

  • outputted newline and tab char in AllFieldInfo and ExtraFieldInfo field newline and tab char

I would appreciate it if you could review when you have time.

@hitenkoku hitenkoku added the bug Something isn't working label Oct 13, 2023
@hitenkoku hitenkoku self-assigned this Oct 13, 2023
@hitenkoku hitenkoku linked an issue Oct 13, 2023 that may be closed by this pull request
keep same for Details, ExtraFieldInfo and AllFieldInfo value #1189
Closed
@hitenkoku
Copy link
Collaborator Author

Evidence

.\1189.exe json-timeline -d ..\hayabusa-sample-evtx\ --include-eid 4104 -o 1189.json -C 

> cat 1189.json
...
{
    "Timestamp": "2021-10-25 16:23:05.770 +09:00",
    "Computer": "FS03.offsec.lan",
    "Channel": "PwSh",
    "EventID": 4104,
    "Level": "info",
    "RecordID": 2570,
    "RuleTitle": "PwSh Scriptblock",
    "Details": {
        "ScriptBlock": "undParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = Microsoft.PowerShell.Utility\\New-Object System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodInvocationInfo @('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue)\\r\\n $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru\\r\\n if ($PSBoundParameters.ContainsKey('InputObject')) {\\r\\n foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) }\\r\\n } else {\\r\\n $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru)\\r\\n }\\r\\n }\\r\\n }\\r\\n\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n End {\\r\\n try\\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper.EndProcessing()\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml\\r\\n}"
    },
    "ExtraFieldInfo": {
        "MessageNumber": 3,
        "MessageTotal": 3,
        "ScriptBlockId": "aae5a529-db4c-43c5-82a9-bd3c36ea6576"
    },
    "AllFieldInfo": {
        "MessageNumber": 3,
        "MessageTotal": 3,
        "ScriptBlockId": "aae5a529-db4c-43c5-82a9-bd3c36ea6576",
        "ScriptBlockText": "undParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = Microsoft.PowerShell.Utility\\New-Object System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodInvocationInfo @('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue)\\r\\n $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru\\r\\n if ($PSBoundParameters.ContainsKey('InputObject')) {\\r\\n foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) }\\r\\n } else {\\r\\n $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru)\\r\\n }\\r\\n }\\r\\n }\\r\\n\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n End {\\r\\n try\\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper.EndProcessing()\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml\\r\\n}"
    },
    "Evtx": "..\\hayabusa-sample-evtx\\EVTX-to-MITRE-Attack\\TA0007-Discovery\\T1016-System Network Configuration Discovery\\ID800-4103-4104-Firewall configuration enumerated (PowerShell).evtx"
}
...

prev data (in 9c6d321)

...
{
    "Timestamp": "2021-10-25 16:23:05.770 +09:00",
    "Computer": "FS03.offsec.lan",
    "Channel": "PwSh",
    "EventID": 4104,
    "Level": "info",
    "RecordID": 2570,
    "RuleTitle": "PwSh Scriptblock",
    "Details": {
        "ScriptBlock": "undParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = Microsoft.PowerShell.Utility\\New-Object System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodInvocationInfo @('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue)\\r\\n $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru\\r\\n if ($PSBoundParameters.ContainsKey('InputObject')) {\\r\\n foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) }\\r\\n } else {\\r\\n $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru)\\r\\n }\\r\\n }\\r\\n }\\r\\n\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n End {\\r\\n try\\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper.EndProcessing()\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml\\r\\n}"
    },
    "ExtraFieldInfo": {
        "MessageNumber": 3,
        "MessageTotal": 3,
        "ScriptBlockId": "aae5a529-db4c-43c5-82a9-bd3c36ea6576"
    },
    "AllFieldInfo": {
        "MessageNumber": 3,
        "MessageTotal": 3,
        "ScriptBlockId": "aae5a529-db4c-43c5-82a9-bd3c36ea6576",
        "ScriptBlockText": "undParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession}) } if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore}) } $__cmdletization_methodParameters = Microsoft.PowerShell.Utility\\New-Object System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter] switch -exact ($PSCmdlet.ParameterSetName) { { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewPolicyStore')) { [object]$__cmdletization_value = ${NewPolicyStore} $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewGPOSession')) { [object]$__cmdletization_value = ${NewGPOSession} $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodParameter -Property @{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = Microsoft.PowerShell.Utility\\New-Object Microsoft.PowerShell.Cmdletization.MethodInvocationInfo @('CloneObject', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP NetIPsecRule.cmdletDefinition.cdxml-Help.xml }"
    },
    "Evtx": "..\\hayabusa-sample-evtx\\EVTX-to-MITRE-Attack\\TA0007-Discovery\\T1016-System Network Configuration Discovery\\ID800-4103-4104-Firewall configuration enumerated (PowerShell).evtx"
}

...

@codecov
Copy link

codecov bot commented Oct 13, 2023
edited
Loading

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (f6e1c3b) 83.74% compared to head (1f64205) 83.74%.

Additional details and impacted files 
@@                                      Coverage Diff                                      @@
##           1186-bug-duplicate-fields-are-outputted-in-extrafieldinfo    #1190      +/-   ##
=============================================================================================
- Coverage                                                      83.74%   83.74%   -0.01%     
=============================================================================================
  Files                                                             26       26              
  Lines                                                          23483    23480       -3     
=============================================================================================
- Hits                                                           19667    19664       -3     
  Misses                                                          3816     3816
Files Coverage Δ
src/afterfact.rs 74.13% <100.00%> (ø)
src/detections/message.rs 90.40% <100.00%> (+0.05%) ⬆️
src/detections/utils.rs 92.79% <93.33%> (-0.06%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

fukusuket
fukusuket reviewed Oct 13, 2023
View reviewed changes
Copy link
Collaborator

@fukusuket fukusuket left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hitenkoku
I checked following commands!

./hayabusa json-timeline -d ../hayabusa-sample-evtx -o out-standard.json --include-eid 4104 -C
./hayabusa json-timeline -d ../hayabusa-sample-evtx -o out-all-field.json --include-eid 4104 -p all-field-info -C
cat out-standard.json | jq .Details.ScriptBlock > out-standard.txt
cat out-all-field.json | jq .AllFieldInfo.ScriptBlockText > all-field.txt
diff out-standard.txt all-field.txt

When I take above diff, there seem to be some differences as shown below. Could you please check?

---
> "[System.Diagnostics.DebuggerHidden()]\\r\\n param()\\r\\n\\r\\n $foundSuggestion = $false\\r\\n \\r\\n if($lastError -and\\r\\n ($lastError.Exception -is \"System.Management.Automation.CommandNotFoundException\"))\\r\\n {\\r\\n $escapedCommand = [System.Management.Automation.WildcardPattern]::Escape($lastError.TargetObject)\\r\\n $foundSuggestion = @(Get-Command ($ExecutionContext.SessionState.Path.Combine(\".\", $escapedCommand)) -ErrorAction Ignore).Count -gt 0\\r\\n }\\r\\n\\r\\n $foundSuggestion"
1113c1113
< "\\r\\n [System.Diagnostics.DebuggerHidden()]\\r\\n param()\\r\\n\\r\\n $foundSuggestion = $false\\r\\n \\r\\n if($lastError -and\\r\\n ($lastError.Exception -is \"System.Management.Automation.CommandNotFoundException\"))\\r\\n {\\r\\n $escapedCommand = [System.Management.Automation.WildcardPattern]::Escape($lastError.TargetObject)\\r\\n $foundSuggestion = @(Get-Command ($ExecutionContext.SessionState.Path.Combine(\".\", $escapedCommand)) -ErrorAction Ignore).Count -gt 0\\r\\n }\\r\\n\\r\\n $foundSuggestion\\r\\n"
---

@hitenkoku
Copy link
Collaborator Author

@fukusuket Thanks for your check.

I fixed [System.Diagnostics.DebuggerHidden()] ... newline character problem in a727690

Could you check it?

@hitenkoku I checked following commands!

./hayabusa json-timeline -d ../hayabusa-sample-evtx -o out-standard.json --include-eid 4104
./hayabusa json-timeline -d ../hayabusa-sample-evtx -o out-all-field.json --include-eid 4104 -p all-field-info
cat out-standard.json | jq .Details.ScriptBlock > out-standard.txt
cat out-all-field.json | jq .AllFieldInfo.ScriptBlockText > all-field.txt
diff out-standard.txt all-field.txt

When I take above diff, there seem to be some differences as shown below. Could you please check?

---
> "[System.Diagnostics.DebuggerHidden()]\\r\\n param()\\r\\n\\r\\n $foundSuggestion = $false\\r\\n \\r\\n if($lastError -and\\r\\n ($lastError.Exception -is \"System.Management.Automation.CommandNotFoundException\"))\\r\\n {\\r\\n $escapedCommand = [System.Management.Automation.WildcardPattern]::Escape($lastError.TargetObject)\\r\\n $foundSuggestion = @(Get-Command ($ExecutionContext.SessionState.Path.Combine(\".\", $escapedCommand)) -ErrorAction Ignore).Count -gt 0\\r\\n }\\r\\n\\r\\n $foundSuggestion"
1113c1113
< "\\r\\n [System.Diagnostics.DebuggerHidden()]\\r\\n param()\\r\\n\\r\\n $foundSuggestion = $false\\r\\n \\r\\n if($lastError -and\\r\\n ($lastError.Exception -is \"System.Management.Automation.CommandNotFoundException\"))\\r\\n {\\r\\n $escapedCommand = [System.Management.Automation.WildcardPattern]::Escape($lastError.TargetObject)\\r\\n $foundSuggestion = @(Get-Command ($ExecutionContext.SessionState.Path.Combine(\".\", $escapedCommand)) -ErrorAction Ignore).Count -gt 0\\r\\n }\\r\\n\\r\\n $foundSuggestion\\r\\n"
---

@hitenkoku hitenkoku requested a review from fukusuket October 14, 2023 07:52
fukusuket
fukusuket reviewed Oct 14, 2023
View reviewed changes
Copy link
Collaborator

@fukusuket fukusuket left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hitenkoku
Thank you so much for fix! I confirmed [System.Diagnostics.DebuggerHidden()] ... case!
The following three diffs still seem to remain in #1190 (review) . Could you please confirm?

617c617
< "ns $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Phase2AuthSet})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${KeyModule})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowWatchKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowSetKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RemoteTunnelHostname})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${ForwardPathLifetime})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${EncryptedTunnelBypass})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RequireAuthorization})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${User})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Machine})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PrimaryStatus})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Status})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSource})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSourceType})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('All', ${All})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new()\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters,"
---
> "ns $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Phase2AuthSet})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${KeyModule})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowWatchKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowSetKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RemoteTunnelHostname})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${ForwardPathLifetime})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${EncryptedTunnelBypass})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RequireAuthorization})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${User})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Machine})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PrimaryStatus})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Status})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSource})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSourceType})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('All', ${All})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new()\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters"
751c751
< null
---
> ""
850c850
< "function Get-NetIPsecRule\\r\\n{\\r\\n [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)]\\r\\n [OutputType([Microsoft.Management.Infrastructure.CimInstance])]\\r\\n[OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')]\\r\\n\\r\\n param(\\r\\n \\r\\n [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)]\\r\\n [Alias('ID','Name')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${IPsecRuleName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Description},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayGroup},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Group},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]]\\r\\n ${Enabled},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]]\\r\\n ${Mode},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecIn')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${InboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecOut')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${OutboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${QuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]]\\r\\n ${KeyModule},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowWatchKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowSetKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${RemoteTunnelHostname},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [uint32[]]\\r\\n ${ForwardPathLifetime},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${EncryptedTunnelBypass},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${RequireAuthorization},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${User},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Machine},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]]\\r\\n ${PrimaryStatus},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Status},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${PolicyStoreSource},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]]\\r\\n ${PolicyStoreSourceType},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallAddressFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceTypeFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallPortFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallProfile},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecQuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${All},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${PolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${GPOSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${TracePolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [Alias('Session')]\\r\\n [ValidateNotNullOrEmpty()]\\r\\n [Microsoft.Management.Infrastructure.CimSession[]]\\r\\n ${CimSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [int]\\r\\n ${ThrottleLimit},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${AsJob})\\r\\n\\r\\n DynamicParam {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper = Microsoft.PowerShell.Utility\\New-Object $script:ObjectModelWrapper\\r\\n $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData)\\r\\n\\r\\n if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters])\\r\\n {\\r\\n ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters()\\r\\n }\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n Begin {\\r\\n $__cmdletization_exceptionHasBeenThrown = $false\\r\\n try \\r\\n {\\r\\n __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters\\r\\n $__cmdletization_objectModelWrapper.BeginProcessing()\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n Process {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder()\\r\\n if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${IPsecRuleName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${DisplayName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Description})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Description',"
---
> "function Get-NetIPsecRule\\r\\n{\\r\\n [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)]\\r\\n [OutputType([Microsoft.Management.Infrastructure.CimInstance])]\\r\\n[OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')]\\r\\n\\r\\n param(\\r\\n \\r\\n [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)]\\r\\n [Alias('ID','Name')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${IPsecRuleName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Description},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayGroup},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Group},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]]\\r\\n ${Enabled},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]]\\r\\n ${Mode},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecIn')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${InboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecOut')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${OutboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${QuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]]\\r\\n ${KeyModule},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowWatchKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowSetKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${RemoteTunnelHostname},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [uint32[]]\\r\\n ${ForwardPathLifetime},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${EncryptedTunnelBypass},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${RequireAuthorization},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${User},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Machine},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]]\\r\\n ${PrimaryStatus},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Status},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${PolicyStoreSource},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]]\\r\\n ${PolicyStoreSourceType},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallAddressFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceTypeFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallPortFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallProfile},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecQuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${All},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${PolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${GPOSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${TracePolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [Alias('Session')]\\r\\n [ValidateNotNullOrEmpty()]\\r\\n [Microsoft.Management.Infrastructure.CimSession[]]\\r\\n ${CimSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [int]\\r\\n ${ThrottleLimit},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${AsJob})\\r\\n\\r\\n DynamicParam {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper = Microsoft.PowerShell.Utility\\New-Object $script:ObjectModelWrapper\\r\\n $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData)\\r\\n\\r\\n if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters])\\r\\n {\\r\\n ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters()\\r\\n }\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n Begin {\\r\\n $__cmdletization_exceptionHasBeenThrown = $false\\r\\n try \\r\\n {\\r\\n __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters\\r\\n $__cmdletization_objectModelWrapper.BeginProcessing()\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n Process {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder()\\r\\n if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${IPsecRuleName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${DisplayName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Description})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Description'"

@hitenkoku
Copy link
Collaborator Author

@fukusuket Thanks for your check many times.

I fixed following problem in 8360b69

Could you check it?

> .\1189.exe json-timeline -d ..\hayabusa-sample-evtx\ --include-eid 4104 -p standard -o 4104-standard.json -C 
> .\1189.exe json-timeline -d ..\hayabusa-sample-evtx\ --include-eid 4104 -p all-field-info -o 4104-afi.json -C 
>  cat 4104-standard.json | jq .Details.ScriptBlock > out-standard.txt
> cat 4104-afi.json | jq .AllFieldInfo.ScriptBlockText > out-afi.txt
> diff out-standard.txt out-afi.txt 
751c751
< null
---
> ""

@hitenkoku Thank you so much for fix! I confirmed [System.Diagnostics.DebuggerHidden()] ... case! The following three diffs still seem to remain in #1190 (review) . Could you please confirm?

617c617
< "ns $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Phase2AuthSet})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${KeyModule})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowWatchKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowSetKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RemoteTunnelHostname})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${ForwardPathLifetime})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${EncryptedTunnelBypass})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RequireAuthorization})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${User})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Machine})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PrimaryStatus})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Status})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSource})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSourceType})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('All', ${All})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new()\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters,"
---
> "ns $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Phase2AuthSet})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Phase2AuthSet', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('KeyModule') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${KeyModule})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('KeyModule', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowWatchKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowWatchKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowWatchKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AllowSetKey') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${AllowSetKey})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('AllowSetKey', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RemoteTunnelHostname') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RemoteTunnelHostname})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RemoteTunnelEndpointDNSName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('ForwardPathLifetime') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${ForwardPathLifetime})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('MaxReturnPathLifetimeSeconds', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('EncryptedTunnelBypass') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${EncryptedTunnelBypass})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('BypassTunnelIfEncrypted', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('RequireAuthorization') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${RequireAuthorization})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('RequireAuthorization', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('User') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${User})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Users', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Machine') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Machine})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Machines', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PrimaryStatus') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PrimaryStatus})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PrimaryStatus', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Status') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Status})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSource') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSource})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSource', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStoreSourceType') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${PolicyStoreSourceType})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('PolicyStoreSourceType', $__cmdletization_values, $false, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallAddressFilter') -and (@('ByAssociatedNetFirewallAddressFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallAddressFilter}, 'MSFT_NetConSecRuleFilterByAddress', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceFilter') -and (@('ByAssociatedNetFirewallInterfaceFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceFilter}, 'MSFT_NetConSecRuleFilterByInterface', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallInterfaceTypeFilter') -and (@('ByAssociatedNetFirewallInterfaceTypeFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallInterfaceTypeFilter}, 'MSFT_NetConSecRuleFilterByInterfaceType', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallPortFilter') -and (@('ByAssociatedNetFirewallPortFilter') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallPortFilter}, 'MSFT_NetConSecRuleFilterByProtocolPort', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetFirewallProfile') -and (@('ByAssociatedNetFirewallProfile') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetFirewallProfile}, 'MSFT_NetConSecRuleInProfile', 'GroupComponent', 'PartComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase2AuthSet') -and (@('ByAssociatedNetIPsecPhase2AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase2AuthSet}, 'MSFT_NetConSecRuleEMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecPhase1AuthSet') -and (@('ByAssociatedNetIPsecPhase1AuthSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecPhase1AuthSet}, 'MSFT_NetConSecRuleMMAuthSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('AssociatedNetIPsecQuickModeCryptoSet') -and (@('ByAssociatedNetIPsecQuickModeCryptoSet') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNetIPsecQuickModeCryptoSet}, 'MSFT_NetConSecRuleQMCryptoSet', 'PartComponent', 'GroupComponent', 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('All') -and (@('GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('All', ${All})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('GPOSession') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('GPOSession', ${GPOSession})\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('TracePolicyStore') -and (@('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_queryBuilder.AddQueryOption('TracePolicyStore', ${TracePolicyStore})\\r\\n }\\r\\n\\r\\n\\r\\n $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new()\\r\\n switch -exact ($PSCmdlet.ParameterSetName) { \\r\\n { @('ByIPsecRuleName', 'ByDisplayName', 'ByQuery', 'ByAssociatedNetFirewallAddressFilter', 'ByAssociatedNetFirewallInterfaceFilter', 'ByAssociatedNetFirewallInterfaceTypeFilter', 'ByAssociatedNetFirewallPortFilter', 'ByAssociatedNetFirewallProfile', 'ByAssociatedNetIPsecPhase2AuthSet', 'ByAssociatedNetIPsecPhase1AuthSet', 'ByAssociatedNetIPsecQuickModeCryptoSet', 'GetAll', 'InputObject (cdxml)') -contains $_ } {\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewPolicyStore')) {\\r\\n [object]$__cmdletization_value = ${NewPolicyStore}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewPolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewGPOSession')) {\\r\\n [object]$__cmdletization_value = ${NewGPOSession}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewGPOSession'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n [object]$__cmdletization_defaultValue = $null\\r\\n [object]$__cmdletization_defaultValueIsPresent = $false\\r\\n if ($PSBoundParameters.ContainsKey('NewName')) {\\r\\n [object]$__cmdletization_value = ${NewName}\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true}\\r\\n } else {\\r\\n $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent}\\r\\n }\\r\\n $__cmdletization_methodParameters.Add($__cmdletization_methodParameter)\\r\\n\\r\\n $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false }\\r\\n $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('CloneObject', $__cmdletization_methodParameters"
751c751
< null
---
> ""
850c850
< "function Get-NetIPsecRule\\r\\n{\\r\\n [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)]\\r\\n [OutputType([Microsoft.Management.Infrastructure.CimInstance])]\\r\\n[OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')]\\r\\n\\r\\n param(\\r\\n \\r\\n [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)]\\r\\n [Alias('ID','Name')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${IPsecRuleName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Description},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayGroup},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Group},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]]\\r\\n ${Enabled},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]]\\r\\n ${Mode},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecIn')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${InboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecOut')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${OutboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${QuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]]\\r\\n ${KeyModule},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowWatchKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowSetKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${RemoteTunnelHostname},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [uint32[]]\\r\\n ${ForwardPathLifetime},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${EncryptedTunnelBypass},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${RequireAuthorization},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${User},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Machine},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]]\\r\\n ${PrimaryStatus},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Status},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${PolicyStoreSource},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]]\\r\\n ${PolicyStoreSourceType},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallAddressFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceTypeFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallPortFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallProfile},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecQuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${All},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${PolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${GPOSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${TracePolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [Alias('Session')]\\r\\n [ValidateNotNullOrEmpty()]\\r\\n [Microsoft.Management.Infrastructure.CimSession[]]\\r\\n ${CimSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [int]\\r\\n ${ThrottleLimit},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${AsJob})\\r\\n\\r\\n DynamicParam {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper = Microsoft.PowerShell.Utility\\New-Object $script:ObjectModelWrapper\\r\\n $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData)\\r\\n\\r\\n if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters])\\r\\n {\\r\\n ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters()\\r\\n }\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n Begin {\\r\\n $__cmdletization_exceptionHasBeenThrown = $false\\r\\n try \\r\\n {\\r\\n __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters\\r\\n $__cmdletization_objectModelWrapper.BeginProcessing()\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n Process {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder()\\r\\n if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${IPsecRuleName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${DisplayName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Description})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Description',"
---
> "function Get-NetIPsecRule\\r\\n{\\r\\n [CmdletBinding(DefaultParameterSetName='GetAll', PositionalBinding=$false)]\\r\\n [OutputType([Microsoft.Management.Infrastructure.CimInstance])]\\r\\n[OutputType('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetConSecRule')]\\r\\n\\r\\n param(\\r\\n \\r\\n [Parameter(ParameterSetName='ByIPsecRuleName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)]\\r\\n [Alias('ID','Name')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${IPsecRuleName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByDisplayName', Mandatory=$true)]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayName},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Description},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${DisplayGroup},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Group},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled[]]\\r\\n ${Enabled},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.IPsecMode[]]\\r\\n ${Mode},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecIn')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${InboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Alias('SecOut')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.SecurityPolicy[]]\\r\\n ${OutboundSecurity},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${QuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Phase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.KeyModule[]]\\r\\n ${KeyModule},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowWatchKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${AllowSetKey},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${RemoteTunnelHostname},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [uint32[]]\\r\\n ${ForwardPathLifetime},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${EncryptedTunnelBypass},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [bool[]]\\r\\n ${RequireAuthorization},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${User},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Machine},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PrimaryStatus[]]\\r\\n ${PrimaryStatus},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${Status},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [string[]]\\r\\n ${PolicyStoreSource},\\r\\n\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [ValidateNotNull()]\\r\\n [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.PolicyStoreType[]]\\r\\n ${PolicyStoreSourceType},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAddressFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallAddressFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetInterfaceTypeFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallInterfaceTypeFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetProtocolPortFilter')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallPortFilter},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetFirewallProfile')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetFirewallProfile},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP2AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase2AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEP1AuthSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecPhase1AuthSet},\\r\\n\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet', Mandatory=$true, ValueFromPipeline=$true)]\\r\\n [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIKEQMCryptoSet')]\\r\\n [ValidateNotNull()]\\r\\n [ciminstance]\\r\\n ${AssociatedNetIPsecQuickModeCryptoSet},\\r\\n\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${All},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${PolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [string]\\r\\n ${GPOSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${TracePolicyStore},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [Alias('Session')]\\r\\n [ValidateNotNullOrEmpty()]\\r\\n [Microsoft.Management.Infrastructure.CimSession[]]\\r\\n ${CimSession},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [int]\\r\\n ${ThrottleLimit},\\r\\n\\r\\n [Parameter(ParameterSetName='ByIPsecRuleName')]\\r\\n [Parameter(ParameterSetName='ByDisplayName')]\\r\\n [Parameter(ParameterSetName='ByQuery')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallAddressFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallInterfaceTypeFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallPortFilter')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetFirewallProfile')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase2AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecPhase1AuthSet')]\\r\\n [Parameter(ParameterSetName='ByAssociatedNetIPsecQuickModeCryptoSet')]\\r\\n [Parameter(ParameterSetName='GetAll')]\\r\\n [switch]\\r\\n ${AsJob})\\r\\n\\r\\n DynamicParam {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_objectModelWrapper = Microsoft.PowerShell.Utility\\New-Object $script:ObjectModelWrapper\\r\\n $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData)\\r\\n\\r\\n if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters])\\r\\n {\\r\\n ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters()\\r\\n }\\r\\n }\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n\\r\\n Begin {\\r\\n $__cmdletization_exceptionHasBeenThrown = $false\\r\\n try \\r\\n {\\r\\n __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters\\r\\n $__cmdletization_objectModelWrapper.BeginProcessing()\\r\\n }\\r\\n catch\\r\\n {\\r\\n $__cmdletization_exceptionHasBeenThrown = $true\\r\\n throw\\r\\n }\\r\\n }\\r\\n \\r\\n\\r\\n Process {\\r\\n try \\r\\n {\\r\\n if (-not $__cmdletization_exceptionHasBeenThrown)\\r\\n {\\r\\n $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder()\\r\\n if ($PSBoundParameters.ContainsKey('IPsecRuleName') -and (@('ByIPsecRuleName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${IPsecRuleName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('InstanceID', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByDisplayName') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${DisplayName})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default')\\r\\n }\\r\\n if ($PSBoundParameters.ContainsKey('Description') -and (@('ByQuery') -contains $PSCmdlet.ParameterSetName )) {\\r\\n $__cmdletization_values = @(${Description})\\r\\n $__cmdletization_queryBuilder.FilterByProperty('Description'"

@hitenkoku hitenkoku requested a review from fukusuket October 14, 2023 09:16
fukusuket
fukusuket reviewed Oct 14, 2023
View reviewed changes
Copy link
Collaborator

@fukusuket fukusuket left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hitenkoku
Thank you for fix:) Just one last thing!
I checked the above < null diff, it seems that there is a following difference. Could you please confirm?
(It might be a problem with evtx itself...)

standard profile
{
    "Timestamp": "2021-10-20 23:39:26.255 +09:00",
    "Computer": "FS03.offsec.lan",
    "Channel": "PwSh",
    "EventID": 4104,
    "Level": "info",
    "RecordID": 1322,
    "RuleTitle": "PwSh Scriptblock",
    "Details": {
        "": ""
    },
    "ExtraFieldInfo": {
        "MessageNumber": 1,
        "MessageTotal": 1,
        "ScriptBlockId": "0783d7d2-2c3f-405e-b294-070c778241d6"
    }
}

all-field-info profile
{
    "Timestamp": "2021-10-20 23:39:26.255 +09:00",
    "Computer": "FS03.offsec.lan",
    "Channel": "PwSh",
    "EventID": 4104,
    "Level": "info",
    "RecordID": 1322,
    "RuleTitle": "PwSh Scriptblock",
    "AllFieldInfo": {
        "MessageNumber": 1,
        "MessageTotal": 1,
        "ScriptBlockId": "0783d7d2-2c3f-405e-b294-070c778241d6",
        "ScriptBlockText": ""
    },
    "RuleFile": "PwSh_4104_Info_ScriptblockLog.yml",
    "EvtxFile": "../hayabusa-sample-evtx/EVTX-to-MITRE-Attack/TA0006-Credential Access/T1003-Credential dumping/ID800-4103-4104-LSASS dump with LSASSY (PowerShell).evtx"
}

@hitenkoku
Copy link
Collaborator Author

hitenkoku commented Oct 15, 2023
edited
Loading

@fukusuket thanks for your comment.

I checked record. ScriptBlockText in that record is empty .

hayabusa-sample-evtx\EVTX-to-MITRE-Attack\TA0006-Credential Access\T1003-Credential dumping\ID800-4103-4104-LSASS dump with LSASSY (PowerShell).evtx

image

@hitenkoku
Copy link
Collaborator Author

@fukusuket I fixed in c8060d4 .

Could you check it?

> .\1189.exe json-timeline -d ..\hayabusa-sample-evtx\ --include-eid 4104 -p standard -o 4104-standard.json -C 
> .\1189.exe json-timeline -d ..\hayabusa-sample-evtx\ --include-eid 4104 -p all-field-info -o 4104-afi.json -C 
>  cat 4104-standard.json | jq .Details.ScriptBlock > out-standard.txt
> cat 4104-afi.json | jq .AllFieldInfo.ScriptBlockText > out-afi.txt
> diff out-standard.txt out-afi.txt 
>

@hitenkoku hitenkoku requested a review from fukusuket October 15, 2023 04:40
fukusuket
fukusuket approved these changes Oct 15, 2023
View reviewed changes
Copy link
Collaborator

@fukusuket fukusuket left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hitenkoku
Thank you so much for fix and investigation!
I see, there are cases where it becomes an empty record🤔 I confirmed #1190 (review) result has no diff! LGTM!!🚀

@hitenkoku hitenkoku mentioned this pull request Oct 16, 2023
Merged
YamatoSecurity
YamatoSecurity approved these changes Oct 16, 2023
View reviewed changes
Copy link
Collaborator

@YamatoSecurity YamatoSecurity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hitenkoku LGTM!

@hitenkoku hitenkoku merged commit 5f83277 into 1186-bug-duplicate-fields-are-outputted-in-extrafieldinfo Oct 16, 2023
9 checks passed
@hitenkoku hitenkoku deleted the fix/#1189 branch October 16, 2023 02:04
@hitenkoku
Copy link
Collaborator Author

@fukusuket @YamatoSecurity Thanks for your review.
I merged it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YamatoSecurity YamatoSecurity YamatoSecurity approved these changes

@fukusuket fukusuket fukusuket approved these changes

Assignees

@hitenkoku hitenkoku

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

keep same for Details, ExtraFieldInfo and AllFieldInfo value
3 participants
@hitenkoku @fukusuket @YamatoSecurity