53 lines
2.0 KiB
PowerShell
53 lines
2.0 KiB
PowerShell
function Test-NotifyMalwareInternal_2.1.3_E3L1_IG2_IG3 {
|
|
[CmdletBinding()]
|
|
param (
|
|
# Parameters can be added if needed
|
|
)
|
|
|
|
begin {
|
|
. ".\source\Classes\CISAuditResult.ps1"
|
|
$auditResults = @()
|
|
}
|
|
|
|
process {
|
|
# Retrieve all 'Custom' malware filter policies and check notification settings
|
|
$malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' }
|
|
$policiesToReport = @()
|
|
|
|
foreach ($policy in $malwareNotifications) {
|
|
if ($policy.EnableInternalSenderAdminNotifications -ne $true) {
|
|
$policiesToReport += "$($policy.Identity): Notifications Disabled"
|
|
}
|
|
}
|
|
|
|
# Determine the result based on the presence of custom policies without notifications
|
|
$result = $policiesToReport.Count -eq 0
|
|
$details = if ($result) { "All custom malware policies have notifications enabled." } else { "Misconfigured Policies: $($policiesToReport -join ', ')" }
|
|
$failureReason = if ($result) { "N/A" } else { "Some custom policies do not have notifications for internal users sending malware enabled." }
|
|
|
|
# Create an instance of CISAuditResult and populate it
|
|
$auditResult = [CISAuditResult]::new()
|
|
$auditResult.Status = if ($result) { "Pass" } else { "Fail" }
|
|
$auditResult.ELevel = "E3"
|
|
$auditResult.Profile = "L1"
|
|
$auditResult.Rec = "2.1.3"
|
|
$auditResult.RecDescription = "Ensure notifications for internal users sending malware is Enabled"
|
|
$auditResult.CISControlVer = "v8"
|
|
$auditResult.CISControl = "17.5"
|
|
$auditResult.CISDescription = "Assign Key Roles and Responsibilities"
|
|
$auditResult.IG1 = $false
|
|
$auditResult.IG2 = $true
|
|
$auditResult.IG3 = $true
|
|
$auditResult.Result = $result
|
|
$auditResult.Details = $details
|
|
$auditResult.FailureReason = $failureReason
|
|
|
|
$auditResults += $auditResult
|
|
}
|
|
|
|
end {
|
|
# Return auditResults
|
|
return $auditResults
|
|
}
|
|
}
|