MCCAPreview

1.5

Utilities/IRMValidationUtility.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
                                
using module "..\MCCA.psm1"

<#

 This function returns list of parent labels and sublabels

#>

Function Get-IRMConfigurationPolicy {

    Param(

        $Config,

        $Templates,

        $LogFile

    )

    $ConfigObjectList = @()

    try {

        $AnyPolicyEnabled = $false

        $IRMPolicy = @()

        foreach($Template in $templates)

        {

            $IRMPolicy += $Config["GetInsiderRiskPolicy"] | Where-Object { $_.InsiderRiskScenario -eq $Template }

        }

        foreach ($Policy in $IRMPolicy) {

            if ($($Policy.Mode) -eq "Enable") {

                if ($AnyPolicyEnabled -eq $false) {

                    $AnyPolicyEnabled = $true

                }

                $ConfigObject = [MCCACheckConfig]::new()

                $ConfigObject.Object = "Policy"

                $ConfigObject.ConfigItem = "$($Policy.Name)"

                $UsergroupsEnabled = ""

                $ExchangeLocation = $Policy.ExchangeLocation

                foreach ($Location in $ExchangeLocation) {

                    if ($UsergroupsEnabled -eq "") {

                        $UsergroupsEnabled += "$Location"

                    }

                    else {

                        $UsergroupsEnabled += ", $Location"

                    }

                }

                if ($($Policy.InsiderRiskScenario) -eq "HighValueEmployeeDataLeak") {

                    $PolicyGroups = $Policy.CustomTags

                    foreach ($PolicyGroup in $PolicyGroups) {

                        $Group = $PolicyGroup.Split("""")#The policy group details come as string hence parsing to get group name

                        if ($UsergroupsEnabled -eq "") {

                            $UsergroupsEnabled += "$($Group[3])"

                        }

                        else {

                            $UsergroupsEnabled += ", $($Group[3])"

                        }

                    }

                }

                $ConfigObject.ConfigData = "$UsergroupsEnabled"

                $ConfigObject.SetResult([MCCAConfigLevel]::Ok, "Pass")            

                $ConfigObjectList += $ConfigObject

            }

        }

        if ($AnyPolicyEnabled -eq $false) {

            $ConfigObject = [MCCACheckConfig]::new()

            $ConfigObject.Object = "Policy"

            $ConfigObject.ConfigItem = "<B>No active policy defined<B>"

            $ConfigObject.ConfigData = ""

            $ConfigObject.SetResult([MCCAConfigLevel]::OK, "Fail")            

            $ConfigObjectList += $ConfigObject

        }

    }

    catch {

        Write-Host "Error:$(Get-Date) There was an issue while running MCCA. Please try running the tool again after some time." -ForegroundColor:Red

        $ErrorMessage = $_.ToString()

        $StackTraceInfo = $_.ScriptStackTrace

        Write-Log -IsError -ErrorMessage $ErrorMessage -StackTraceInfo $StackTraceInfo -LogFile $LogFile -ErrorAction:SilentlyContinue

    }

    return $ConfigObjectList

}