There is an undocumented Tufin API, see the code below:
#Parameters must be declared at the start of the script.
Param(
[Parameter(Mandatory=$true)][string]$usr,
#[Parameter(Mandatory=$true)][string]$pwd,
[Parameter(Mandatory=$true)][ipaddress]$src,
[Parameter(Mandatory=$true)][ipaddress]$dst,
[Parameter(Mandatory=$false)][string]$svc = 'any'
)
#Purpose is to obfuscate the password when user type his/her password.
$securepwd = Read-Host("Password") -AsSecureString
$bstrpwd = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securepwd)
#Need to convert the password from secure to plaintext otherwise the encrypted cipher text will locked your account.
$pwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstrpwd)
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$cred = "${usr}:${pwd}"
$bytes = [System.Text.Encoding]::ASCII.GetBytes($cred)
$base64 = [System.Convert]::ToBase64String($bytes)
$basicAuthValue = "Basic $base64"
$headers = @{ Authorization = $basicAuthValue }
$date = Get-Date
try {
#Invoke-RestMethod -Uri "https://tufin_Secure_track_ipaddress/securetrack/api/topology/path_image?src=$($src)&dst=$($dst)&service=$($svc)" -Method Get -ContentType 'application/xml' -Headers $headers -OutFile "$env:USERPROFILE\path_image_$($date.ToString('ddMMyy-HHmm')).png"
Invoke-RestMethod -Uri "https://tufin_Secure_track_ipaddress/securetrack/api/path/calcImage/src/$($src)/dst/$($dst)/svc/ANY?arrow=true&WithPa=false" -Method Get -ContentType 'application/xml' -Headers $headers -OutFile "$env:USERPROFILE\path_image_$($date.ToString('ddMMyy-HHmm')).png"
} catch {
$Error[0].ErrorDetails.Message
}
