topic Re: Powershell Script and XDR in Cortex XDR Discussions

Powershell Script and XDR

james.cadet — Mon, 06 Feb 2023 01:33:53 GMT

There is a PowerShell script that we would like to use within XDR. I understand that XDR currently is not able to run PowerShell scripts, the problem is I am not a coder. I have been trying to learn how to convert our script to Python but I am just about to give up.

In my research, I found some posts from users on various websites explaining that it is possible to run a PowerShell script with Python and I wondered if this could be a workaround?

import subprocess, sys p = subprocess.Popen(["powershell.exe", "C:\\Scripts\\PS-ScriptWeNeed.ps1"], stdout=sys.stdout) p.communicate()

The problem I see is that the assumption is you are running this script from your own host and directing Python to the path where the PowerShell script is located on your host, therefore, this is not possible unless all host already have this file located in the same file path on each host. If that is the case, any other work arounds?

If none of the above work, any chance anyone here could recommend a good resource that could help me with converting this script from PowerShell to Python?

Re: Powershell Script and XDR

bbarmanroy — Tue, 07 Feb 2023 23:27:43 GMT

@james.cadet how about using Python to retrieve the powershell script from a shared filesystem and executing it?

Re: Powershell Script and XDR

james.cadet — Thu, 16 Feb 2023 14:26:55 GMT

@bbarmanroy sorry for the delayed response, drowning in work haha. Thank you for that suggestion! I was actually working on trying to get that done but just was not able to. I keep getting errors regarding the syntax somewhere in the script and just could not figure it out and finally gave up.

Decided it was better to just recreate the script in Python, so just bit the bullet and pulled an all-nighter trying to figure out how to get that done and it finally worked. Great learning experience but it did reinforce my original belief that coding is not for me lol.

Thank you again for trying to help!

Re: Powershell Script and XDR

bbarmanroy — Fri, 03 Mar 2023 01:52:39 GMT

Great work there @james.cadet . If anything, it goes to show that you could do it.

Re: Powershell Script and XDR

KanwarSingh01 — Tue, 07 Mar 2023 02:38:50 GMT

Do you still need a solution to get PowerShell script execution in XDR?

Re: Powershell Script and XDR

odonaldadmin — Tue, 14 Mar 2023 18:32:32 GMT

Hello, I can share the PowerShell through python script I use

import subprocess def windowsupdate(): pscommand = """ """ import subprocess; process=subprocess.Popen(["powershell","& {" + pscommand + "}"],stdout=subprocess.PIPE); result=process.communicate()[0] print (result) windowsupdate()

Put all your PowerShell commands between the triple quotes in that big blank space. I haven't had issues with what PowerShell commands I can run. One thing to note is that you need to use forward slash's (/) if you're referencing a directory, otherwise XDR will have issues. Spent a few hours debugging before realizing that was the issue. Hope this helps!

Re: Powershell Script and XDR

james.cadet — Tue, 14 Mar 2023 19:55:00 GMT

@KanwarSingh01 At this time it is no longer needed as I was able to rebuild the script in python. I appreciate you checking, however, I may be back and reach out to you for another script if I am unable to get that figured out 🤣