Symantec Privileged Access Management

Expand all | Collapse all

Parsing XML via powershell

  • 1.  Parsing XML via powershell

    Posted 16 days ago

    Would you please share any Powershell scripts to parse out xml data from CLI / API



  • 2.  RE: Parsing XML via powershell

    Posted 16 days ago
    First you have to identify the XML element that you need to retrieve from the response. This may change depending on the CLI command that you use. To identify the element, you can open the below URL (update the highlighted fields as required) in a web browser and it will show the response XML in the browser.

    Note: If your PAM hostname doesn't match with the SSL cert, then you need to use PowerShell v6.0 or above to make use of the "SkipCertificateCheck" option with Invoke-RestMethod.

    Please find the sample PowerShell code below.

    # This is a simple demo of the PAM CL
    $pamServer = "" # either FQDN or IP address
    $adminUserID = "super" #Assign CLI Username
    $adminPassword = "P@ssw0rd" #Assign CLI User Password
    $authentication = "CSPM"
    # Create a request
    $request = @{
       "adminUserID" = "$adminUserID"
       "adminPassword" = "$adminPassword"
       "authentication" = "$authentication" 
       "cmdName" = "searchTargetAccount" #see CLI documentation for a description of this command
       "TargetAccount.userName" = "test"
    #Invoke the CLI 
    $results = Invoke-RestMethod -Method Get -Uri "https://$pamServer/cspm/servlet/adminCLI" -Body $request -TimeoutSec 30 -SkipCertificateCheck
    #Convert CDATA section to XML object
    [xml]$xmlResult = $results.'cw.appMessage'.content.'#cdata-section'
    if ($xmlResult.CommandResult.'cr.statusCode' -eq "400") {
       Write-Host "CLI invocation successful"
       $resultElementName='TargetAccount' #ElementName changes based on the CLI command
       foreach ($item in $xmlResult.CommandResult.'cr.result'.$resultElementName) {
          Write-host "Username:" $item.userName
          Write-Host "TargetApplicationID:"$item.targetApplicationID
    #Throws an error when the CLI fails
    else {
       $failureDesc = $xmlResult.CommandResult.'cr.statusDescription'
       Write-Host "CLI invocation failed with error - $failureDesc"