fix: formatting
This commit is contained in:
@@ -5,23 +5,20 @@ function Test-AuditLogSearch {
|
||||
# Aligned
|
||||
# Parameters can be added if needed
|
||||
)
|
||||
|
||||
begin {
|
||||
# Dot source the class script if necessary
|
||||
#. .\source\Classes\CISAuditResult.ps1
|
||||
# Initialization code, if needed
|
||||
$recnum = "3.1.1"
|
||||
|
||||
Write-Verbose "Running Test-AuditLogSearch for $recnum..."
|
||||
<#
|
||||
Conditions for 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
||||
|
||||
Validate test for a pass:
|
||||
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
|
||||
- Specific conditions to check:
|
||||
- Condition A: Audit log search is enabled in the Microsoft Purview compliance portal.
|
||||
- Condition B: The audit log retains user and admin activity for 90 days.
|
||||
- Condition C: Audit log search capabilities are functional (search results are displayed for activities within the past 30 days).
|
||||
|
||||
Validate test for a fail:
|
||||
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
|
||||
- Specific conditions to check:
|
||||
@@ -30,14 +27,10 @@ function Test-AuditLogSearch {
|
||||
- Condition C: Audit log search capabilities are non-functional (no search results are displayed for activities within the past 30 days).
|
||||
#>
|
||||
}
|
||||
|
||||
process {
|
||||
|
||||
try {
|
||||
# 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
|
||||
|
||||
$auditLogResult = Get-CISExoOutput -Rec $recnum
|
||||
|
||||
# Prepare failure reasons and details based on compliance
|
||||
$failureReasons = if (-not $auditLogResult) {
|
||||
# Condition A (Fail): Audit log search is not enabled in the Microsoft Purview compliance portal
|
||||
@@ -46,7 +39,6 @@ function Test-AuditLogSearch {
|
||||
else {
|
||||
"N/A"
|
||||
}
|
||||
|
||||
$details = if ($auditLogResult) {
|
||||
# Condition A (Pass): Audit log search is enabled in the Microsoft Purview compliance portal
|
||||
"UnifiedAuditLogIngestionEnabled: True"
|
||||
@@ -54,7 +46,6 @@ function Test-AuditLogSearch {
|
||||
else {
|
||||
"UnifiedAuditLogIngestionEnabled: False"
|
||||
}
|
||||
|
||||
# Create and populate the CISAuditResult object
|
||||
$params = @{
|
||||
Rec = $recnum
|
||||
@@ -70,9 +61,8 @@ function Test-AuditLogSearch {
|
||||
$auditResult = Get-TestError -LastError $LastError -recnum $recnum
|
||||
}
|
||||
}
|
||||
|
||||
end {
|
||||
# Return the audit result
|
||||
return $auditResult
|
||||
}
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user