add: Arraylist tests and helper Template
This commit is contained in:
DrIOS
98
helpers/CIS 365 v3.0.0 Controls/Test-Template.ps1
Normal file
98
helpers/CIS 365 v3.0.0 Controls/Test-Template.ps1
Normal file
@@ -0,0 +1,98 @@
|
||||
function Test-Template {
|
||||
[CmdletBinding()]
|
||||
param (
|
||||
# Parameters can be added if needed
|
||||
)
|
||||
|
||||
begin {
|
||||
# Initialization code, if needed
|
||||
# Load necessary scripts, define variables, etc.
|
||||
}
|
||||
|
||||
process {
|
||||
# Fetch relevant data
|
||||
# Example: $data = Get-SomeData
|
||||
|
||||
# Process the data to evaluate compliance
|
||||
# Example: $compliantItems = $data | Where-Object { $_.Property -eq 'ExpectedValue' }
|
||||
# Example: $nonCompliantItems = $data | Where-Object { $_.Property -ne 'ExpectedValue' }
|
||||
|
||||
# Prepare failure reasons and details for non-compliant items
|
||||
$failureReasons = $nonCompliantItems | ForEach-Object {
|
||||
# Example: "Item: $($_.Name) - Reason: Missing expected value"
|
||||
}
|
||||
$failureReasons = $failureReasons -join "`n"
|
||||
|
||||
# Prepare details for compliant items
|
||||
$compliantDetails = $compliantItems | ForEach-Object {
|
||||
# Example: "Item: $($_.Name) - Value: $($_.Property)"
|
||||
}
|
||||
$compliantDetails = $compliantDetails -join "`n"
|
||||
|
||||
# Create and populate the CISAuditResult object
|
||||
$auditResult = [CISAuditResult]::new()
|
||||
$auditResult.Status = if ($nonCompliantItems) { 'Fail' } else { 'Pass' }
|
||||
$auditResult.ELevel = 'E3' # Modify as needed
|
||||
$auditResult.ProfileLevel = 'L1' # Modify as needed
|
||||
$auditResult.Rec = '1.1.1' # Modify as needed
|
||||
$auditResult.RecDescription = "Description of the recommendation" # Modify as needed
|
||||
$auditResult.CISControlVer = 'v8' # Modify as needed
|
||||
$auditResult.CISControl = "5.4" # Modify as needed
|
||||
$auditResult.CISDescription = "Description of the CIS control" # Modify as needed
|
||||
$auditResult.IG1 = $true # Modify as needed
|
||||
$auditResult.IG2 = $true # Modify as needed
|
||||
$auditResult.IG3 = $true # Modify as needed
|
||||
$auditResult.Result = $nonCompliantItems.Count -eq 0
|
||||
$auditResult.Details = if ($nonCompliantItems) {
|
||||
"Non-Compliant Items: $($nonCompliantItems.Count)`nDetails:`n" + ($nonCompliantItems | ForEach-Object { $_.Details } -join "`n")
|
||||
} else {
|
||||
"Compliant Items: $($compliantItems.Count)`nDetails:`n$compliantDetails"
|
||||
}
|
||||
$auditResult.FailureReason = if ($nonCompliantItems) {
|
||||
"Non-compliant items:`n$failureReasons"
|
||||
} else {
|
||||
"N/A"
|
||||
}
|
||||
|
||||
# Example output object for a pass result
|
||||
# Status : Pass
|
||||
# ELevel : E3
|
||||
# ProfileLevel : L2
|
||||
# Rec : 8.1.1
|
||||
# RecDescription : Ensure external file sharing in Teams is enabled for only approved cloud storage services
|
||||
# CISControlVer : v8
|
||||
# CISControl : 3.3
|
||||
# CISDescription : Configure Data Access Control Lists
|
||||
# IG1 : True
|
||||
# IG2 : True
|
||||
# IG3 : True
|
||||
# Result : True
|
||||
# Details : Compliant Items: 5
|
||||
# Item: Team1 - Storage: OneDrive
|
||||
# Item: Team2 - Storage: SharePoint
|
||||
# FailureReason : N/A
|
||||
|
||||
# Example output object for a fail result
|
||||
# Status : Fail
|
||||
# ELevel : E3
|
||||
# ProfileLevel : L2
|
||||
# Rec : 8.1.1
|
||||
# RecDescription : Ensure external file sharing in Teams is enabled for only approved cloud storage services
|
||||
# CISControlVer : v8
|
||||
# CISControl : 3.3
|
||||
# CISDescription : Configure Data Access Control Lists
|
||||
# IG1 : True
|
||||
# IG2 : True
|
||||
# IG3 : True
|
||||
# Result : False
|
||||
# Details : Non-Compliant Items: 2
|
||||
# Item: Team3 - Storage: Dropbox (Unapproved)
|
||||
# Item: Team4 - Storage: Google Drive (Unapproved)
|
||||
# FailureReason : Non-compliant items:`nUsername | Roles | HybridStatus | Missing Licence
|
||||
}
|
||||
|
||||
end {
|
||||
# Return the audit result
|
||||
return $auditResult
|
||||
}
|
||||
}
|
||||
@@ -36,8 +36,8 @@ function Get-AdminRoleUserLicense {
|
||||
Connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome
|
||||
}
|
||||
|
||||
$adminRoleUsers = @()
|
||||
$userIds = @()
|
||||
$adminRoleUsers = [System.Collections.ArrayList]::new()
|
||||
$userIds = [System.Collections.ArrayList]::new()
|
||||
}
|
||||
|
||||
Process {
|
||||
@@ -50,8 +50,10 @@ function Get-AdminRoleUserLicense {
|
||||
$userDetails = Get-MgUser -UserId $user.PrincipalId -Property "DisplayName, UserPrincipalName, Id, onPremisesSyncEnabled" -ErrorAction SilentlyContinue
|
||||
|
||||
if ($userDetails) {
|
||||
$userIds += $user.PrincipalId
|
||||
$adminRoleUsers += [PSCustomObject]@{
|
||||
[void]($userIds.Add($user.PrincipalId))
|
||||
[void](
|
||||
$adminRoleUsers.Add(
|
||||
[PSCustomObject]@{
|
||||
RoleName = $role.DisplayName
|
||||
UserName = $userDetails.DisplayName
|
||||
UserPrincipalName = $userDetails.UserPrincipalName
|
||||
@@ -59,15 +61,17 @@ function Get-AdminRoleUserLicense {
|
||||
HybridUser = $userDetails.onPremisesSyncEnabled
|
||||
Licenses = $null # Initialize as $null
|
||||
}
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($userId in $userIds | Select-Object -Unique) {
|
||||
foreach ($userId in $userIds.ToArray() | Select-Object -Unique) {
|
||||
$licenses = Get-MgUserLicenseDetail -UserId $userId -ErrorAction SilentlyContinue
|
||||
if ($licenses) {
|
||||
$licenseList = ($licenses.SkuPartNumber -join '|')
|
||||
$adminRoleUsers | Where-Object { $_.UserId -eq $userId } | ForEach-Object {
|
||||
$adminRoleUsers.ToArray() | Where-Object { $_.UserId -eq $userId } | ForEach-Object {
|
||||
$_.Licenses = $licenseList
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user