docs: Comment conditions on each test

2024-06-11 13:03:59 -05:00
parent f85101d0de
commit e6b6e064bf
13 changed files with 298 additions and 82 deletions
--- a/source/tests/Test-NotifyMalwareInternal.ps1
+++ b/source/tests/Test-NotifyMalwareInternal.ps1
@@ -7,6 +7,22 @@ function Test-NotifyMalwareInternal {
    )

    begin {
+        <#
+        # Conditions for 2.1.3 (L1) Ensure notifications for internal users sending malware is Enabled
+        #
+        # Validate test for a pass:
+        # - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
+        # - Specific conditions to check:
+        #   - Condition A: Notifications for internal users sending malware are enabled in the Microsoft 365 Security & Compliance Center.
+        #   - Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
+        #
+        # Validate test for a fail:
+        # - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
+        # - Specific conditions to check:
+        #   - Condition A: Notifications for internal users sending malware are not enabled in the Microsoft 365 Security & Compliance Center.
+        #   - Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `False` or does not include any valid email addresses for notifications.
+        #>
+
        # Dot source the class script if necessary
        #. .\source\Classes\CISAuditResult.ps1
        # Initialization code, if needed
@@ -19,8 +35,9 @@ function Test-NotifyMalwareInternal {

            # Retrieve all 'Custom' malware filter policies and check notification settings
            $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
-            $policiesToReport = @()

+            # Condition B: Using PowerShell, the `NotifyInternal` property in the anti-malware policy is set to `True` and includes at least one valid email address for notifications.
+            $policiesToReport = @()
            foreach ($policy in $malwareNotifications) {
                if ($policy.EnableInternalSenderAdminNotifications -ne $true) {
                    $policiesToReport += "$($policy.Identity): Notifications Disabled"
@@ -35,6 +52,7 @@ function Test-NotifyMalwareInternal {
                "N/A"
            }
            else {
+                # Condition A: Notifications for internal users sending malware are not enabled in the Microsoft 365 Security & Compliance Center.
                "Some custom policies do not have notifications for internal users sending malware enabled."
            }