Private/Initialize-MPThreats.ps1
|
function Initialize-MPThreats { try { #Write-Verbose "Initializing MP Threats..." # Get threat detection and threat information $Script:mptd = Get-MpThreatDetection | Select-Object -Property InitialDetectionTime, ThreatID, Resources, ProcessName $Script:mpt = Get-MpThreat | Select-Object -Property ThreatID, ThreatName # Add ThreatName property to each threat detection foreach ($item in $mptd) { foreach ($obj in $item) { try { $obj | Add-Member -MemberType NoteProperty -Name 'ThreatName' -Value ($mpt | Where-Object { $_.ThreatID -eq $obj.ThreatID }).ThreatName } catch { Write-Warning "Initialize-MPThreats Failed to add ThreatName to threat: $($obj.ThreatID). Error: $_" } } } # Process and organize the data $Script:mpdetected = $mptd | Select-Object -Property InitialDetectionTime, ThreatID, ThreatName, Resources, ProcessName | Sort-Object -Property InitialDetectionTime $Script:mpthreats = $mpdetected | Select-Object -Property ThreatID, ThreatName -Unique $Script:mpallow = Get-MpPreference | Select-Object -Property ThreatIDDefaultAction_Ids, ThreatIDDefaultAction_Actions -Unique #Write-Verbose "MP Threats initialization completed successfully." return $true } catch { Write-Error "Initialize-MPThreats Failed to initialize MP Threats: $_" return $false } } |