gundog

1.0.0

gundog.psm1

                                # bring in the code from the other modules

. $PSScriptRoot\gundoghunt-alertpresentation.ps1

. $PSScriptRoot\hunting-functions.ps1

. $PSScriptRoot\TiProvider-functions.ps1

. $PSScriptRoot\get-config.ps1

. $PSScriptRoot\public-functions.ps1

# read config data and set it to vars

$useKeyVault = $config.connectionData.useKeyVault

$keyvaulttenant = $config.connectionData.keyvaulttenant

$keyvaultsubscriptionId = $config.connectionData.keyvaultsubscriptionId

$clientID = $config.connectionData.clientID

$keyVaultName = $config.connectionData.keyVaultName 

$keyvaultsecretname = $config.connectionData.keyvaultsecretname

$registryOn = $config.globalVars.registryOn

$networkOn = $config.globalVars.networkOn

$processesOn = $config.globalVars.processesOn

$vulnerabilitiesOn = $config.globalVars.vulnerabilitiesOn

$signinsOn = $config.globalVars.signinsOn

$officeOn = $config.globalVars.officeOn

$riskySignInsOn = $config.globalVars.riskySignInsOn

$emailsOn = $config.globalVars.emailsOn

$apiGeoLocation = $config.globalVars.apiGeoLocation

$numberOfEvents = $config.globalVars.numberOfEvents

$debugOn = $config.globalVars.debugOn

$irmTimeout = $config.globalVars.irmTimeout

$signinsT1 = $config.globalVars.signinst1

$signinsT1u = $config.globalVars.signinsT1u 

$signinsT2 = $config.globalVars.signinsT2 

$signinsT2u = $config.globalVars.signinsT2u  

$registryT1 = $config.globalVars.registryT1 

$registryT1u = $config.globalVars.registryT1u 

$registryT2 = $config.globalVars.registryT2 

$registryT2u = $config.globalVars.registryT2u 

$networkT1 = $config.globalVars.networkT1 

$networkT1u = $config.globalVars.networkT1u 

$networkT2 = $config.globalVars.networkT2 

$networkT2u = $config.globalVars.networkT2u 

$processesT1 = $config.globalVars.processesT1 

$processesT1u = $config.globalVars.processesT1u 

$processesT2 = $config.globalVars.processesT2 

$processesT2u = $config.globalVars.processesT2u 

$officeT1 = $config.globalVars.officeT1 

$officeT1u = $config.globalVars.officeT1u 

$officeT2 = $config.globalVars.officeT2 

$officeT2u = $config.globalVars.officeT2u 

$emailsT1 = $config.globalVars.emailsT1 

$emailsT1u = $config.globalVars.emailsT1u 

$emailsT2 = $config.globalVars.emailsT2 

$emailsT2u = $config.globalVars.emailsT2u 

$notMatchThese = $config.globalVars.notMatchThese

$error.clear()

# import the azure modules

$AzAccountsPsm = Get-Module -Name Az.Accounts -ListAvailable;

$AzKeyVaultPsm = Get-Module -Name Az.KeyVault -ListAvailable;

if ($AzAccountsPsm.length -eq 0 -or $AzKeyVaultPsm.length -eq 0){

    Write-Host "PowerShell Modules are missing. Install-Module Az.Accounts and Install-Module Az.KeyVault. This is the way." -ForegroundColor Red

    exit

}

else{

    Import-Module -Name Az.Accounts -ErrorAction SilentlyContinue;

    Import-Module -Name Az.KeyVault -ErrorAction SilentlyContinue;

}

if($keyvaulttenant -ne "tenantID")

{

    if($null -eq $clientSecret)

    {

        Login-AzAccount -TenantId $keyvaulttenant -Subscription $keyvaultsubscriptionId;

        $global:clientSecret = Get-AzKeyVaultSecret -VaultName $keyvaultname -Name $keyvaultsecretname -AsPlainText

        if(!$debugOn)

        {

            Clear-Host

        }

    }

} else {

    Write-Host "You need to configure your keyvault access. Run Set-GundogConfig and configure your tenant connections and the keyvault settings. I have spoken." -ForegroundColor Red

}