Utilities/IRMValidationUtility.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

using module "..\MCCA.psm1"
<#
 This function returns list of parent labels and sublabels
#>


Function Get-IRMConfigurationPolicy {
    Param(
        $Config,
        $Templates,
        $LogFile
    )
    $ConfigObjectList = @()
    try {
        $AnyPolicyEnabled = $false
        $IRMPolicy = @()
        foreach($Template in $templates)
        {
            $IRMPolicy += $Config["GetInsiderRiskPolicy"] | Where-Object { $_.InsiderRiskScenario -eq $Template }

        }

        foreach ($Policy in $IRMPolicy) {
            if ($($Policy.Mode) -eq "Enable") {
                if ($AnyPolicyEnabled -eq $false) {
                    $AnyPolicyEnabled = $true
                }
                
                $ConfigObject = [MCCACheckConfig]::new()
                $ConfigObject.Object = "Policy"
                $ConfigObject.ConfigItem = "$($Policy.Name)"

                $UsergroupsEnabled = ""
                $ExchangeLocation = $Policy.ExchangeLocation
                foreach ($Location in $ExchangeLocation) {
                    if ($UsergroupsEnabled -eq "") {
                        $UsergroupsEnabled += "$Location"
                    }
                    else {
                        $UsergroupsEnabled += ", $Location"
                    }
                }
                if ($($Policy.InsiderRiskScenario) -eq "HighValueEmployeeDataLeak") {
                    $PolicyGroups = $Policy.CustomTags
                    foreach ($PolicyGroup in $PolicyGroups) {
                        $Group = $PolicyGroup.Split("""")#The policy group details come as string hence parsing to get group name
                        if ($UsergroupsEnabled -eq "") {
                            $UsergroupsEnabled += "$($Group[3])"
                        }
                        else {
                            $UsergroupsEnabled += ", $($Group[3])"
                        }
                    }
                }
                $ConfigObject.ConfigData = "$UsergroupsEnabled"

                $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Pass")            
                $ConfigObjectList += $ConfigObject
            }
        }

        if ($AnyPolicyEnabled -eq $false) {
            $ConfigObject = [MCCACheckConfig]::new()
            $ConfigObject.Object = "Policy"
            $ConfigObject.ConfigItem = "<B>No active policy defined<B>"
            $ConfigObject.ConfigData = ""
            $ConfigObject.SetResult([MCCAConfigLevel]::OK, "Fail")            
            $ConfigObjectList += $ConfigObject
        }
        
    }
    catch {
        Write-Host "Error:$(Get-Date) There was an issue while running MCCA. Please try running the tool again after some time." -ForegroundColor:Red
        $ErrorMessage = $_.ToString()
        $StackTraceInfo = $_.ScriptStackTrace
        Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue
    }
    return $ConfigObjectList
}