Checks/check-ORCA122.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
using module "..\ORCA.psm1"

class ORCA122 : ORCACheck
{
    <#
     
        CONSTRUCTOR with Check Header Data
     
    #>


    ORCA122()
    {
        $this.Control=122
        $this.Area="Tenant Settings"
        $this.Name="Unified Audit Log"
        $this.PassText="Unified Audit Log is enabled"
        $this.FailRecommendation="Enable the Unified Audit Log"
        $this.Importance="The Unified Audit Log collects logs from most Office 365 services and provides one central place to correlate and pull logs from Office 365."
        $this.ChiValue=[ORCACHI]::VeryHigh
    }

    <#
     
        RESULTS
     
    #>


    GetResults($Config)
    {
        If($Config["AdminAuditLogConfig"].UnifiedAuditLogIngestionEnabled -eq $false) 
        {

            # Check objects
            $ConfigObject = [ORCACheckConfig]::new()
            $ConfigObject.ConfigItem="UnifiedAuditLogIngestionEnabled"
            $ConfigObject.ConfigData=$Config["AdminAuditLogConfig"].UnifiedAuditLogIngestionEnabled
            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
        
            $this.AddConfig($ConfigObject)
    
        }   

    }

}