fix: 2.1.2 simplified output and added object comment
This commit is contained in:
@@ -222,6 +222,12 @@ function Get-CISExoOutput {
|
|||||||
# Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
# Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
||||||
# Retrieve the attachment filter policy
|
# Retrieve the attachment filter policy
|
||||||
|
# $attachmentFilter Mock Object
|
||||||
|
<#
|
||||||
|
$attachmentFilter = [PSCustomObject]@{
|
||||||
|
EnableFileFilter = $true
|
||||||
|
}
|
||||||
|
#>
|
||||||
$attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
|
$attachmentFilter = Get-MalwareFilterPolicy -Identity Default | Select-Object EnableFileFilter
|
||||||
$result = $attachmentFilter.EnableFileFilter
|
$result = $attachmentFilter.EnableFileFilter
|
||||||
# [bool]
|
# [bool]
|
||||||
|
@@ -8,38 +8,35 @@ function Test-CommonAttachmentFilter {
|
|||||||
|
|
||||||
begin {
|
begin {
|
||||||
<#
|
<#
|
||||||
Conditions for 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
Conditions for 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
||||||
|
Validate test for a pass:
|
||||||
Validate test for a pass:
|
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
- Specific conditions to check:
|
||||||
- Specific conditions to check:
|
- Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
- Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
- Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
||||||
- Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
- Condition C: Ensure that the setting is enabled in the highest priority policy listed if custom policies exist.
|
||||||
- Condition C: Ensure that the setting is enabled in the highest priority policy listed if custom policies exist.
|
Validate test for a fail:
|
||||||
|
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||||
Validate test for a fail:
|
- Specific conditions to check:
|
||||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
- Condition A: The Common Attachment Types Filter is not enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
- Specific conditions to check:
|
- Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `False`.
|
||||||
- Condition A: The Common Attachment Types Filter is not enabled in the Microsoft 365 Security & Compliance Center.
|
- Condition C: Ensure that the setting is not enabled in the highest priority policy listed if custom policies exist.
|
||||||
- Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `False`.
|
|
||||||
- Condition C: Ensure that the setting is not enabled in the highest priority policy listed if custom policies exist.
|
|
||||||
#>
|
#>
|
||||||
|
|
||||||
# Dot source the class script if necessary
|
# Dot source the class script if necessary
|
||||||
#. .\source\Classes\CISAuditResult.ps1
|
#. .\source\Classes\CISAuditResult.ps1
|
||||||
# Initialization code, if needed
|
# Initialization code, if needed
|
||||||
$recnum = "2.1.2"
|
$recnum = "2.1.2"
|
||||||
|
Write-Verbose "Running Test-CommonAttachmentFilter for $recnum..."
|
||||||
}
|
}
|
||||||
|
|
||||||
process {
|
process {
|
||||||
try {
|
try {
|
||||||
# 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
# 2.1.2 (L1) Ensure the Common Attachment Types Filter is enabled
|
||||||
# Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
# Condition A: The Common Attachment Types Filter is enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
# Condition B: Using Exchange Online PowerShell, verify that the `EnableFileFilter` property of the default malware filter policy is set to `True`.
|
||||||
|
|
||||||
# Retrieve the attachment filter policy
|
# Retrieve the attachment filter policy
|
||||||
|
# $result Mock Object
|
||||||
|
# $result = $true
|
||||||
$result = Get-CISExoOutput -Rec $recnum
|
$result = Get-CISExoOutput -Rec $recnum
|
||||||
|
|
||||||
# Prepare failure reasons and details based on compliance
|
# Prepare failure reasons and details based on compliance
|
||||||
$failureReasons = if (-not $result) {
|
$failureReasons = if (-not $result) {
|
||||||
# Condition A: The Common Attachment Types Filter is not enabled in the Microsoft 365 Security & Compliance Center.
|
# Condition A: The Common Attachment Types Filter is not enabled in the Microsoft 365 Security & Compliance Center.
|
||||||
@@ -49,14 +46,12 @@ function Test-CommonAttachmentFilter {
|
|||||||
else {
|
else {
|
||||||
"N/A"
|
"N/A"
|
||||||
}
|
}
|
||||||
|
|
||||||
$details = if ($result) {
|
$details = if ($result) {
|
||||||
"File Filter Enabled: True"
|
"File Filter Enabled: True"
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
"File Filter Enabled: False"
|
"File Filter Enabled: False"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create and populate the CISAuditResult object
|
# Create and populate the CISAuditResult object
|
||||||
$params = @{
|
$params = @{
|
||||||
Rec = $recnum
|
Rec = $recnum
|
||||||
@@ -72,7 +67,6 @@ function Test-CommonAttachmentFilter {
|
|||||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end {
|
end {
|
||||||
# Return the audit result
|
# Return the audit result
|
||||||
return $auditResult
|
return $auditResult
|
||||||
|
Reference in New Issue
Block a user