Parsers/SCM/Audit.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Function Write-SCMAuditXMLData
{
    [CmdletBinding()]
    [OutputType([hashtable])]
    param
    (
        [Parameter(Mandatory=$true)]   
        [System.Xml.XmlElement]$DiscoveryData,

        [Parameter(Mandatory=$true)]
        [System.Xml.XmlElement]$ValueData
    )
    
    # Grab the ExistensialRule and Validation Rule.
    $ExistensialRule = $valueData.SelectNodes("..").ExistentialRule
    $ValidationRules = $valueData.SelectNodes("..").ValidationRules
    
    $Comments = Get-NodeComments -Node $DiscoveryData
    $Name = $DiscoveryData.SelectNodes("../..").Name
    $Name = "$((Get-NodeDataFromComments -Comments $Comments).'CCEID-50'): $Name"
            
    # Grab the Value and Operator
    $TempValue = $ValidationRules.SettingRule.Value.ValueA
    $Operator = $ValidationRules.SettingRule.Operator

    $retHash = @{}
    $retHash.AuditFlag = ""
    $retHash.Name = ""
        
    $AuditFlag = ((("$($TempValue)" -replace "[^\u0020-\u007E]", "") -replace "Success And Failure", "SuccessAndFailure") -replace "No Auditing", "NoAuditing")
    $AuditID = $DiscoveryData.AdvancedAuditDiscoveryInfo.advancedauditsettingid.Trim("{").TrimEnd("}")

    if ($AuditSubCategoryHash.ContainsKey($AuditID))
    {
        $retHash.Name = $AuditSubCategoryHash["$AuditID"]
    }
    else
    {
        Write-Error "Cannot parse Subcategory for $AuditID with AuditFlag ($AuditFlag)"
        return ""
    }

    if (![string]::IsNullOrEmpty($AuditFlag))
    {
        $retHash.AuditFlag = $AuditFlag    
    }
    
    switch ($retHash.AuditFlag)
    {
        "SuccessAndFailure" 
        {
            $retHash.AuditFlag = "Success"
            $retHash.Ensure = "Present"
            $duplicate = $retHash.Clone()
            $duplicate.AuditFlag = "Failure"
            Write-DSCString -Resource -Name "$Name (Success)" -Type AuditPolicySubcategory -Parameters $retHash -Comment $Comments
            Write-DSCString -Resource -Name "$Name (Failure)" -Type AuditPolicySubcategory -Parameters $duplicate -Comment $Comments
        }
        
        "NoAuditing" 
        {
            $retHash.Ensure = "Absent"
            $retHash.AuditFlag = "Success"
            $duplicate = $retHash.Clone()
            $duplicate.AuditFlag = "Failure"
            Write-DSCString -Resource -Name "$Name (Success)" -Type AuditPolicySubcategory -Parameters $retHash -Comment $Comments
            Write-DSCString -Resource -Name "$Name (Failure)" -Type AuditPolicySubcategory -Parameters $duplicate -Comment $Comments
        } 

        Default
        {
            $retHash.Ensure = "Present"
            Write-DSCString -Resource -Name $Name -Type AuditPolicySubcategory -Parameters $retHash -Comment $Comments
        }
    }
}