vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Comment conditions on each test

Browse Source
This commit is contained in:
DrIOS
2024-06-11 18:41:19 -05:00
parent e6b6e064bf
commit cf7fbadbe7
14 changed files with 307 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
source/tests/Test-AuditLogSearch.ps1
View File

@@ -11,6 +11,24 @@ function Test-AuditLogSearch {
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
$recnum = "3.1.1"
<#
Conditions for 3.1.1 (L1) Ensure Microsoft 365 audit log search is Enabled
Validate test for a pass:
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
- Specific conditions to check:
- Condition A: Audit log search is enabled in the Microsoft Purview compliance portal.
- Condition B: The audit log retains user and admin activity for 90 days.
- Condition C: Audit log search capabilities are functional (search results are displayed for activities within the past 30 days).
Validate test for a fail:
- Confirm that the failure conditions in the automated test are consistent with the manual audit results.
- Specific conditions to check:
- Condition A: Audit log search is not enabled in the Microsoft Purview compliance portal.
- Condition B: The audit log does not retain user and admin activity for 90 days.
- Condition C: Audit log search capabilities are non-functional (no search results are displayed for activities within the past 30 days).
#>
}
process {
@@ -24,6 +42,7 @@ function Test-AuditLogSearch {
# Prepare failure reasons and details based on compliance
$failureReasons = if (-not $auditLogResult) {
# Condition A (Fail): Audit log search is not enabled in the Microsoft Purview compliance portal
"Audit log search is not enabled"
}
else {
@@ -31,6 +50,7 @@ function Test-AuditLogSearch {
}
$details = if ($auditLogResult) {
# Condition A (Pass): Audit log search is enabled in the Microsoft Purview compliance portal
"UnifiedAuditLogIngestionEnabled: True"
}
else {