There is an undocumented Tufin API, see the code below:
#Parameters must be declared at the start of the script. Param( [Parameter(Mandatory=$true)][string]$usr, #[Parameter(Mandatory=$true)][string]$pwd, [Parameter(Mandatory=$true)][ipaddress]$src, [Parameter(Mandatory=$true)][ipaddress]$dst, [Parameter(Mandatory=$false)][string]$svc = 'any' ) #Purpose is to obfuscate the password when user type his/her password. $securepwd = Read-Host("Password") -AsSecureString $bstrpwd = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securepwd) #Need to convert the password from secure to plaintext otherwise the encrypted cipher text will locked your account. $pwd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstrpwd) add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy $cred = "${usr}:${pwd}" $bytes = [System.Text.Encoding]::ASCII.GetBytes($cred) $base64 = [System.Convert]::ToBase64String($bytes) $basicAuthValue = "Basic $base64" $headers = @{ Authorization = $basicAuthValue } $date = Get-Date try { #Invoke-RestMethod -Uri "https://tufin_Secure_track_ipaddress/securetrack/api/topology/path_image?src=$($src)&dst=$($dst)&service=$($svc)" -Method Get -ContentType 'application/xml' -Headers $headers -OutFile "$env:USERPROFILE\path_image_$($date.ToString('ddMMyy-HHmm')).png" Invoke-RestMethod -Uri "https://tufin_Secure_track_ipaddress/securetrack/api/path/calcImage/src/$($src)/dst/$($dst)/svc/ANY?arrow=true&WithPa=false" -Method Get -ContentType 'application/xml' -Headers $headers -OutFile "$env:USERPROFILE\path_image_$($date.ToString('ddMMyy-HHmm')).png" } catch { $Error[0].ErrorDetails.Message }