Framework/Models/SubscriptionCore/AzureSecurityCenter.ps1
|
Set-StrictMode -Version Latest class AzureSecurityCenter { [PSObject] $Policies [PSObject] $Alerts [PSObject] $Tasks hidden static [PSObject] GetASCPolicies([PSObject] $policyObjects) { $pols =@() if($null -ne $policyObjects -and ($policyObjects | Measure-Object).Count -gt 0) { $policyObjects | ForEach-Object { $out = "" | Select-Object PolicyLevel, Name, Unique, DataCollection, SystemUpdates, OSVulnerabilities, EndpointProtection, DiskEncryption, NetworkSecurityGroups, WebApplicationFirewall, NextGenerationFirewall, VulnerabilityAssessment, SQLAuditingAndThreatDetection, SQLTDE, StorageSSE, SecurityContactEmails, SecurityContactPhone, AreEmailNotificationsOn, SendToSubscriptionOwners, IsCompliant Set-Variable -Name policyLevel -Value $_.properties.policyLevel Set-Variable -Name logCollection -Value $_.properties.logCollection Set-Variable -Name name -Value $_.name Set-Variable -Name patch -Value $_.properties.recommendations.patch Set-Variable -Name unique -Value $_.properties.unique Set-Variable -Name baseline -Value $_.properties.recommendations.baseline Set-Variable -Name antimalware -Value $_.properties.recommendations.antimalware Set-Variable -Name diskEncryption -Value $_.properties.recommendations.diskEncryption Set-Variable -Name acls -Value $_.properties.recommendations.acls Set-Variable -Name waf -Value $_.properties.recommendations.waf Set-Variable -Name sqlAuditing -Value $_.properties.recommendations.sqlAuditing Set-Variable -Name sqlTde -Value $_.properties.recommendations.sqlTde Set-Variable -Name ngfw -Value $_.properties.recommendations.ngfw Set-Variable -Name vulnerabilityAssessment -Value $_.properties.recommendations.vulnerabilityAssessment Set-Variable -Name storageEncryption -Value $_.properties.recommendations.storageEncryption Set-Variable -Name securityContactEmails -Value $_.properties.securityContactConfiguration.securityContactEmails Set-Variable -Name securityContactEmailsString Set-Variable -Name securityContactPhone -Value $_.properties.securityContactConfiguration.securityContactPhone Set-Variable -Name areNotificationsOn -Value $_.properties.securityContactConfiguration.areNotificationsOn Set-Variable -Name sendToAdminOn -Value $_.properties.securityContactConfiguration.sendToAdminOn Set-Variable -Name isPolicyViolation -Value $false $out.PolicyLevel = $policyLevel $out.Name = $name $out.Unique = $unique if($logCollection -eq "off" -or $patch -eq "off" -or $baseline -eq "off" -or $antimalware -eq "off" -or $diskEncryption -eq "off" -or $acls -eq "off" -or $waf -eq "off" -or $ngfw -eq "off" -or $vulnerabilityAssessment -eq "off" -or $sqlAuditing -eq "off" -or $storageEncryption -eq "off" -or $sqlTde -eq "off" ) { $out.IsCompliant = $false } $out.DataCollection = $logCollection $out.SystemUpdates = $patch $out.OSVulnerabilities = $baseline $out.EndpointProtection = $antimalware $out.DiskEncryption = $diskEncryption $out.NetworkSecurityGroups = $acls $out.WebApplicationFirewall = $waf $out.NextGenerationFirewall = $ngfw $out.VulnerabilityAssessment = $vulnerabilityAssessment $out.SQLAuditingAndThreatDetection = $sqlAuditing $out.SQLTDE = $sqlTde $out.StorageSSE = $storageEncryption #SecurityContactEmails, SecurityContactPhone, AreEmailNotificationsOn, SendToSubscriptionOwners $securityContactEmailsString = "" if(($securityContactEmails | Measure-Object).Count -gt 0) { $securityContactEmails | ForEach-Object{ $securityContactEmailsString = $securityContactEmailsString + "," + $_.Trim() } } $securityContactEmailsString = $securityContactEmailsString.Replace(',','') if([System.String]::IsNullOrWhiteSpace($securityContactEmailsString) -or [System.String]::IsNullOrWhiteSpace($securityContactPhone) -or $areNotificationsOn -eq $false -or $sendToAdminOn -eq $false ) { $out.IsCompliant = $false } $out.SecurityContactEmails = $securityContactEmailsString $out.SecurityContactPhone = $securityContactPhone $out.AreEmailNotificationsOn = $areNotificationsOn $out.SendToSubscriptionOwners = $sendToAdminOn $pols += $out } } return $pols; } hidden static [PSObject] GetASCAlerts([PSObject] $alertObjects) { $activeAlerts =@() if($null -ne $alertObjects -and ($alertObjects | Measure-Object).Count -gt 0) { $alertObjects | ForEach-Object { $out = "" | Select-Object AlertDisplayName, AlertName, Description, State, ReportedTimeUTC, RemediationSteps Set-Variable -Name AlertDisplayName -Value $_.properties.alertDisplayName Set-Variable -Name AlertName -Value $_.properties.alertName Set-Variable -Name Description -Value $_.properties.description Set-Variable -Name State -Value $_.properties.state Set-Variable -Name ReportedTimeUTC -Value $_.properties.reportedTimeUtc Set-Variable -Name RemediationSteps -Value $_.properties.remediationSteps $out.AlertDisplayName = $AlertDisplayName $out.AlertName = $AlertName $out.Description = $Description $out.State = $State $out.ReportedTimeUTC = $ReportedTimeUTC $out.RemediationSteps = $RemediationSteps $activeAlerts += $out } } return $activeAlerts; } hidden static [PSObject] GetASCTasks([PSObject] $taskObjects) { $activeTasks =@() if($null -ne $taskObjects -and ($taskObjects | Measure-Object).Count -gt 0) { $taskObjects | ForEach-Object { $out = "" | Select-Object Name, State, ResourceId Set-Variable -Name Name -Value $_.properties.securityTaskParameters.name Set-Variable -Name State -Value $_.properties.state Set-Variable -Name ResourceId -Value $_.properties.securityTaskParameters.resourceId $out.Name = $Name $out.State = $State $out.ResourceId = $ResourceId $activeTasks += $out } } return $activeTasks } } |