Checks/check-ORCA120_phish.ps1
|
using module "..\ORCA.psm1" class ORCA120_phish : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA120_phish() { $this.Control="120-phish" $this.Area="Zero Hour Autopurge" $this.Name="Zero Hour Autopurge Enabled for Phish" $this.PassText="Zero Hour Autopurge is Enabled" $this.FailRecommendation="Enable Zero Hour Autopurge" $this.Importance="Zero Hour Autopurge can assist removing false-negatives post detection from mailboxes. By default, it is enabled." $this.ExpandResults=$True $this.ItemName="Policy" $this.DataType="ZapEnabled Setting" $this.Links= @{ "Zero-hour auto purge - protection against spam and malware"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/zero-hour-auto-purge" "Recommended settings for EOP and Office 365 ATP security"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp#anti-spam-anti-malware-and-anti-phishing-protection-in-eop" } } <# RESULTS #> GetResults($Config) { ForEach($Policy in $Config["HostedContentFilterPolicy"]) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.ConfigItem=$($Policy.Name) $ConfigObject.ConfigData=$($Policy.PhishZapEnabled) if($Policy.PhishZapEnabled -eq $true) { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } # Add config to check $this.AddConfig($ConfigObject) } } } |