Framework/Helpers/SecurityCenterHelper.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
using namespace Microsoft.Azure.Commands.Resources.Models.Authorization
Set-StrictMode -Version Latest 
class SecurityCenterHelper
{
    static [string] $ProviderNamespace = "Microsoft.Security";
    static [string] $PolicyProviderNamespace = "Microsoft.PolicyInsights";
    static [string] $PoliciesApi = "policies/default";
    static [string] $AlertsApi = "alerts";
    static [string] $AutoProvisioningSettingsApi = "autoProvisioningSettings";
    static [string] $SecurityContactsApi = "securityContacts";
    static [string] $TasksApi = "tasks";
    static [string] $SecurityStatusApi = "securityStatuses";
    static [string] $ApiVersion = "?api-version=2015-06-01-preview";
    static [string] $ApiVersionNew = "?api-version=2017-08-01-preview";
    static [string] $ApiVersionLatest = "?api-version=2018-03-01";
    static [PSObject] $ASCSecurityStatus = $null;
    static [PSObject] $Recommendations = $null;
    

    static [Hashtable] AuthHeaderFromUri([string] $uri)
        {
        [System.Uri] $validatedUri = $null;
        if([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri))
        {
            return @{
                "Authorization"= ("Bearer " + [Helpers]::GetAccessToken($validatedUri.GetLeftPart([System.UriPartial]::Authority))); 
                "Content-Type"="application/json"
            };

        }
        
        return @{ "Content-Type"="application/json" };
    }
    
    static [System.Object[]] InvokeGetSecurityCenterRequest([string] $subscriptionId, [string] $apiType, [string] $apiVersion)
    {
        if([string]::IsNullOrWhiteSpace($subscriptionId))
        {
            throw [System.ArgumentException] ("The argument 'subscriptionId' is null");
        }

        if([string]::IsNullOrWhiteSpace($apiType))
        {
            throw [System.ArgumentException] ("The argument 'apiType' is null");
        }
        
        # Commenting this as it's costly call and expected to happen in Set-ASC/SSS/USS
        #[SecurityCenterHelper]::RegisterResourceProvider();
        $rmContext = [Helpers]::GetCurrentRMContext();
        $ResourceAppIdURI = [WebRequestHelper]::GetResourceManagerUrl()
        $uri = $ResourceAppIdURI + "subscriptions/$subscriptionId/providers/$([SecurityCenterHelper]::ProviderNamespace)/$($apiType)$($apiVersion)";
        return [WebRequestHelper]::InvokeGetWebRequest($uri);
    }

    static [System.Object[]] InvokePutSecurityCenterRequest([string] $resourceId, [System.Object] $body, [string] $apiVersion)
    {
        if([string]::IsNullOrWhiteSpace($resourceId))
        {
            throw [System.ArgumentException] ("The argument 'resourceId' is null");
        }

        # Commenting this as it's costly call and expected to happen in Set-ASC/SSS/USS
        #[SecurityCenterHelper]::RegisterResourceProvider();
        $rmContext = [Helpers]::GetCurrentRMContext();
        $ResourceAppIdURI = [WebRequestHelper]::GetResourceManagerUrl()
        $uri = $ResourceAppIdURI.TrimEnd("/") + $resourceId + $apiVersion;
        return [WebRequestHelper]::InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod]::Put, $uri, $body);
    }

    static [PSObject] InvokeSecurityCenterSecurityStatus([string] $subscriptionId)
    {
        try 
        {     
            if([SecurityCenterHelper]::ASCSecurityStatus -eq $null)
            {
                $rmContext = [Helpers]::GetCurrentRMContext();
                $ResourceAppIdURI = [WebRequestHelper]::GetResourceManagerUrl()
                $uri = [System.String]::Format("{0}subscriptions/{1}/providers/microsoft.Security/securityStatuses?api-version=2015-06-01-preview", $ResourceAppIdURI, $subscriptionId)
                $result = [WebRequestHelper]::InvokeGetWebRequest($uri);                    
                if(($result | Measure-Object).Count -gt 0)
                {
                    $statusDict = @{};
                    $result | ForEach-Object {
                        $resource = $_;
                        $key = ("$($resource.name):$($resource.properties.type)").ToLower();
                        if(-not $statusDict.ContainsKey($key))
                        {
                            $statusDict.Add($key,$resource);
                        }                            
                    }
                    [SecurityCenterHelper]::ASCSecurityStatus = $statusDict;                        
                }                                        
            }                
            return [SecurityCenterHelper]::ASCSecurityStatus;                
        } 
        catch
        { 
            return $null;
        }       
    }


    hidden static [PSObject] InvokeGetASCTasks([string] $subscriptionId)
    {
        # Commenting this as it's costly call and expected to happen in Set-ASC/SSS/USS
        #[SecurityCenterHelper]::RegisterResourceProvider();
        if(([SecurityCenterHelper]::Recommendations | Measure-Object).Count -eq 0)
        {
            $ascTasks = [SecurityCenterHelper]::InvokeGetSecurityCenterRequest($subscriptionId, [SecurityCenterHelper]::TasksApi, [SecurityCenterHelper]::ApiVersion)
            $tasks = [AzureSecurityCenter]::GetASCTasks($ascTasks);        
            [SecurityCenterHelper]::Recommendations = $tasks;
        }
        return [SecurityCenterHelper]::Recommendations;
    }

    static [void] RegisterResourceProvider()
    {
        [Helpers]::RegisterResourceProviderIfNotRegistered([SecurityCenterHelper]::PolicyProviderNamespace);
        [Helpers]::RegisterResourceProviderIfNotRegistered([SecurityCenterHelper]::ProviderNamespace);
    }

    static [void] RegisterResourceProviderNoException()
    {
        try
        {
            [SecurityCenterHelper]::RegisterResourceProvider();
        }
        catch
        { 
            [EventBase]::PublishGenericException($_);
        }
    }
}