Maester

1.3.114-preview

public/cisa/exchange/Get-MtExoThreatPolicyMalware.ps1

                                <#

.SYNOPSIS

    Retrieves cached and extended (priority, enabled) of 'Get-MtExo -Request MalwareFilterPolicy'

.DESCRIPTION

    Helper to make use of 'Get-MtExo -Request MalwareFilterPolicy' easier

.EXAMPLE

    Get-MtExoThreatPolicyMalware

    Returns Malware filter policies sorted by priority with added IsEnabled and Priority properties

.LINK

    https://maester.dev/docs/commands/Get-MtExoThreatPolicyMalware

#>

function Get-MtExoThreatPolicyMalware {

    [CmdletBinding()]

    [OutputType([object])]

    param()

    $Request = 'MtExoThreatPolicyMalware'

    if ($null -eq $__MtSession.ExoCache.$Request) {

        Write-Verbose "$request not in cache, requesting."

        # Call directly 'Get-MalwareFilterPolicy' to avoid changing the cache of 'Get-MtExo -Request MalwareFilterPolicy'

        $policies = Get-MalwareFilterPolicy

        $rules = Get-MtExo -Request MalwareFilterRule

        $presetSecurityPolicies = Get-MtExo -Request EOPProtectionPolicyRule

        $isStrictPresetSecurityPolicyEnabled = $null -ne ($presetSecurityPolicies | Where-Object { $_.Name -match 'Strict' -and $_.State -eq 'Enabled' })

        $isStandardPresetSecurityPolicyEnabled = $null -ne ($presetSecurityPolicies | Where-Object { $_.Name -match 'Standard' -and $_.State -eq 'Enabled' })

        $items = foreach ($item in $policies) {

            # Wow :-( Am I missing an easy way to do that?

            $isEnabled, $priority = if ($item.RecommendedPolicyType -eq 'Strict') {

                $isStrictPresetSecurityPolicyEnabled, -2

            } elseif ($item.RecommendedPolicyType -eq 'Standard') {

                $isStandardPresetSecurityPolicyEnabled, -1

            } elseif ($item.IsDefault) {

                $true, 99999

            } else {

                $rule = $rules | Where-Object { $_.Identity -eq $item.Identity }

                if ($null -eq $rule) {

                    # Apparently it's possible to create a policy without rule.

                    # It won't be shown in the portal but we can get it with Powershell ...

                    # No idea if it's enabled or not ...

                    $true, 90000

                } else {

                    # Parentheses are required here

                    ($rule.State -eq 'Enabled'), $rule.Priority

                }

            }

            $item | Add-Member -NotePropertyMembers @{IsEnabled = $isEnabled; Priority = $priority } -PassThru

        }

        $response = $items | Sort-Object Priority

        $__MtSession.ExoCache.$Request = $response

    } else {

        Write-Verbose "$request in cache."

        $response = $__MtSession.ExoCache.$Request

    }

    $response

}