105 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			PowerShell
		
	
	
	
	
	
			
		
		
	
	
			105 lines
		
	
	
		
			4.1 KiB
		
	
	
	
		
			PowerShell
		
	
	
	
	
	
| function Test-AntiPhishingPolicy {
 | |
|     [CmdletBinding()]
 | |
|     [OutputType([CISAuditResult])]
 | |
|     param (
 | |
|         # Aligned
 | |
|         # Parameters can be added if needed
 | |
|     )
 | |
| 
 | |
|     begin {
 | |
|         # Dot source the class script if necessary
 | |
|         #. .\source\Classes\CISAuditResult.ps1
 | |
|         # Initialization code, if needed
 | |
|         #$auditResults = @()
 | |
|         $recnum = "2.1.7"
 | |
| 
 | |
|         <#
 | |
|         Conditions for 2.1.7 (L1) Ensure that an anti-phishing policy has been created
 | |
| 
 | |
|         Validate test for a pass:
 | |
|         - Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
 | |
|         - Specific conditions to check:
 | |
|           - Condition A: Verify that an anti-phishing policy exists in the Microsoft 365 Security Center.
 | |
|           - Condition B: Using PowerShell, ensure the anti-phishing policy is configured with appropriate settings such as enabling impersonation protection and spoof intelligence.
 | |
| 
 | |
|         Validate test for a fail:
 | |
|         - Confirm that the failure conditions in the automated test are consistent with the manual audit results.
 | |
|         - Specific conditions to check:
 | |
|           - Condition A: No anti-phishing policy exists in the Microsoft 365 Security Center.
 | |
|           - Condition B: Using PowerShell, the anti-phishing policy is not configured with the required settings.
 | |
|         #>
 | |
|     }
 | |
| 
 | |
|     process {
 | |
| 
 | |
|         try {
 | |
|             # Condition A: Ensure that an anti-phishing policy has been created
 | |
|             $antiPhishPolicies = Get-CISExoOutput -Rec $recnum
 | |
| 
 | |
|             # Condition B: Verify the anti-phishing policy settings using PowerShell
 | |
|             $validatedPolicies = $antiPhishPolicies | Where-Object {
 | |
|                 $_.Enabled -eq $true -and
 | |
|                 $_.PhishThresholdLevel -ge 2 -and
 | |
|                 $_.EnableMailboxIntelligenceProtection -eq $true -and
 | |
|                 $_.EnableMailboxIntelligence -eq $true -and
 | |
|                 $_.EnableSpoofIntelligence -eq $true
 | |
|             }
 | |
| 
 | |
|             # Check if there is at least one policy that meets the requirements
 | |
|             $nonCompliantItems = $antiPhishPolicies | Where-Object {
 | |
|                 $_.Enabled -ne $true -or
 | |
|                 $_.PhishThresholdLevel -lt 2 -or
 | |
|                 $_.EnableMailboxIntelligenceProtection -ne $true -or
 | |
|                 $_.EnableMailboxIntelligence -ne $true -or
 | |
|                 $_.EnableSpoofIntelligence -ne $true
 | |
|             }
 | |
|             $compliantItems = $validatedPolicies
 | |
|             $isCompliant = $compliantItems.Count -gt 0
 | |
| 
 | |
|             # Prepare failure reasons for non-compliant items
 | |
|             $nonCompliantNames = $nonCompliantItems | ForEach-Object { $_.Name }
 | |
|             $failureReasons = if ($nonCompliantNames.Count -gt 0) {
 | |
|                 "Reason: Does not meet one or more compliance criteria.`nNon-compliant Policies:`n" + ($nonCompliantNames -join "`n")
 | |
|             }
 | |
|             else {
 | |
|                 "N/A"
 | |
|             }
 | |
| 
 | |
|             # Prepare details for non-compliant items
 | |
|             $nonCompliantDetails = $nonCompliantItems | ForEach-Object {
 | |
|                 "Policy: $($_.Name)"
 | |
|             }
 | |
|             $nonCompliantDetails = $nonCompliantDetails -join "`n"
 | |
| 
 | |
|             # Prepare details based on compliance
 | |
|             $details = if ($nonCompliantItems) {
 | |
|                 "Non-Compliant Items: $($nonCompliantItems.Count)`nDetails:`n$nonCompliantDetails"
 | |
|             }
 | |
|             else {
 | |
|                 "Compliant Items: $($compliantItems.Count)"
 | |
|             }
 | |
| 
 | |
|             # Parameter splat for Initialize-CISAuditResult function
 | |
|             $params = @{
 | |
|                 Rec           = $recnum
 | |
|                 Result        = $nonCompliantItems.Count -eq 0
 | |
|                 Status        = if ($isCompliant) { "Pass" } else { "Fail" }
 | |
|                 Details       = $details
 | |
|                 FailureReason = $failureReasons
 | |
|             }
 | |
| 
 | |
|             # Create and populate the CISAuditResult object
 | |
|             $auditResult = Initialize-CISAuditResult @params
 | |
|         }
 | |
|         catch {
 | |
|             $LastError = $_
 | |
|             $auditResult = Get-TestError -LastError $LastError -recnum $recnum
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     end {
 | |
|         # Return auditResult
 | |
|         return $auditResult
 | |
|     }
 | |
| }
 |