posh-cef

0.9.0

test/posh-cef.Tests.ps1

                                
$ModuleManifestName = 'posh-cef.psd1'

$ModuleManifestPath = "$PSScriptRoot\..\$ModuleManifestName"

Describe 'Module Manifest Tests' {

    It 'Passes Test-ModuleManifest' {

        Test-ModuleManifest -Path $ModuleManifestPath

        $? | Should Be $true

    }

}

$ExpectedResult = 'CEF:0|Contoso|MyPowershellScript|1.0|Alert|Something bad was detected.|10|externalId=12345 src=192.168.1.1 deviceDirection=1 act=Blocked spriv=Administrator type=0 in=6213467 dmac=01:23:45:67:89:AF cfp1=3.141593 key=value'

$TestCollection = @()

$TestCollection += New-Object -TypeName PSObject -Property ([ordered]@{'DeviceVendor'='Contoso';'DeviceProduct'='MyPowershellScript';'DeviceVersion'='1.0';'DeviceEventClassId'='Alert';'Name'='Something bad was detected.';'Severity'=10;'externalId'='12345';'src'='192.168.1.1';'deviceDirection'='Outbound';'act'='Blocked';'spriv'='Administrator';'Type'='Base';'In'=6213467;'dmac'='01-23-45-67-89-AF';'cfp1'=3.141592653589;'CustomExtensionRawString'='key=value'})

Describe 'New-CEFMessage' {

    It 'Properly outputs CEF formatted message' {

        $Result = New-CEFMessage -DeviceVendor 'Contoso' -DeviceProduct 'MyPowershellScript' -DeviceVersion '1.0' -DeviceEventClassId 'Alert' -Name 'Something bad was detected.' -Severity 10 -externalId 12345 -src 192.168.1.1 -deviceDirection Outbound -act 'Blocked' -spriv 'Administrator' -Type Base -In 6213467 -dmac '01-23-45-67-89-AF' -cfp1 3.141592653589 -CustomExtensionRawString 'key=value'

        $Result | Should Be $ExpectedResult

    }

    It 'Accepts input via ForEach-Object' {

        $Result = $TestCollection | New-CEFMessage

        $Result | Should Be $ExpectedResult

    }

}

$TestCollection | New-CEFMessage -Verbose

$TestCollection

$TestCollection | %{$_}

#$TestCollection | %{New-CEFMessage -DeviceVendor $_.DeviceVendor -DeviceProduct $_.DeviceProduct -DeviceVersion $_.DeviceVersion -DeviceEventClassId $_.DeviceEventClassId -Name $_.Name -Severity $_.Severity -externalId 12345 -dmac '01-23-45-67-89-AF' -CustomExtensionRawString 'key=value' -deviceDirection Inbound }

#$TestCollection | %{New-CEFMessage -DeviceVendor $_.DeviceVendor -DeviceProduct $_.DeviceProduct -DeviceVersion $_.DeviceVersion -DeviceEventClassId $_.DeviceEventClassId -Name $_.Name -Severity $_.Severity -externalId $_.externalId -dmac $_.dmac -src $_.src -deviceDirection $_.deviceDirection -act $_.act -spriv $_.spriv -Type $_.Type -In $_.In -cfp1 $_.cfp1 -CustomExtensionRawString $_.CustomExtensionRawString}

#$TestCollection | New-CEFMessage -DeviceVendor 'JaredP' -DeviceProduct 'MyScript' -DeviceVersion '2.0' -DeviceEventClassId 'Detection' -Severity 8 -externalId 12345 -dmac '01-23-45-67-89-AF' -CustomExtensionRawString 'key=value' -deviceDirection Outbound  | Write-Host -ForegroundColor Red

#>