Initial Commit

2024-03-25 08:34:43 -05:00
commit 0226b293b5
137 changed files with 9448 additions and 0 deletions
--- a/source/tests/Test-NotifyMalwareInternal.ps1
+++ b/source/tests/Test-NotifyMalwareInternal.ps1
@@ -0,0 +1,52 @@
+function Test-NotifyMalwareInternal {
+    [CmdletBinding()]
+    param (
+        # Parameters can be added if needed
+    )
+
+    begin {
+
+        $auditResults = @()
+    }
+
+    process {
+        # Retrieve all 'Custom' malware filter policies and check notification settings
+        $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
+        $policiesToReport = @()
+
+        foreach ($policy in $malwareNotifications) {
+            if ($policy.EnableInternalSenderAdminNotifications -ne $true) {
+                $policiesToReport += "$($policy.Identity): Notifications Disabled"
+            }
+        }
+
+        # Determine the result based on the presence of custom policies without notifications
+        $result = $policiesToReport.Count -eq 0
+        $details = if ($result) { "All custom malware policies have notifications enabled." } else { "Misconfigured Policies: $($policiesToReport -join ', ')" }
+        $failureReason = if ($result) { "N/A" } else { "Some custom policies do not have notifications for internal users sending malware enabled." }
+
+        # Create an instance of CISAuditResult and populate it
+        $auditResult = [CISAuditResult]::new()
+        $auditResult.Status = if ($result) { "Pass" } else { "Fail" }
+        $auditResult.ELevel = "E3"
+        $auditResult.ProfileLevel = "L1"
+        $auditResult.Rec = "2.1.3"
+        $auditResult.RecDescription = "Ensure notifications for internal users sending malware is Enabled"
+        $auditResult.CISControlVer = "v8"
+        $auditResult.CISControl = "17.5"
+        $auditResult.CISDescription = "Assign Key Roles and Responsibilities"
+        $auditResult.IG1 = $false
+        $auditResult.IG2 = $true
+        $auditResult.IG3 = $true
+        $auditResult.Result = $result
+        $auditResult.Details = $details
+        $auditResult.FailureReason = $failureReason
+
+        $auditResults += $auditResult
+    }
+
+    end {
+        # Return auditResults
+        return $auditResults
+    }
+}