tests/Test-NotifyMalwareInternal.ps1
|
function Test-NotifyMalwareInternal { [CmdletBinding()] param ( # Parameters can be added if needed ) begin { $auditResults = @() } process { # Retrieve all 'Custom' malware filter policies and check notification settings $malwareNotifications = Get-MalwareFilterPolicy | Where-Object { $_.RecommendedPolicyType -eq 'Custom' } $policiesToReport = @() foreach ($policy in $malwareNotifications) { if ($policy.EnableInternalSenderAdminNotifications -ne $true) { $policiesToReport += "$($policy.Identity): Notifications Disabled" } } # Determine the result based on the presence of custom policies without notifications $result = $policiesToReport.Count -eq 0 $details = if ($result) { "All custom malware policies have notifications enabled." } else { "Misconfigured Policies: $($policiesToReport -join ', ')" } $failureReason = if ($result) { "N/A" } else { "Some custom policies do not have notifications for internal users sending malware enabled." } # Create an instance of CISAuditResult and populate it $auditResult = [CISAuditResult]::new() $auditResult.Status = if ($result) { "Pass" } else { "Fail" } $auditResult.ELevel = "E3" $auditResult.ProfileLevel = "L1" $auditResult.Rec = "2.1.3" $auditResult.RecDescription = "Ensure notifications for internal users sending malware is Enabled" $auditResult.CISControlVer = "v8" $auditResult.CISControl = "17.5" $auditResult.CISDescription = "Assign Key Roles and Responsibilities" $auditResult.IG1 = $false $auditResult.IG2 = $true $auditResult.IG3 = $true $auditResult.Result = $result $auditResult.Details = $details $auditResult.FailureReason = $failureReason $auditResults += $auditResult } end { # Return auditResults return $auditResults } } |