tests/Test-AntiPhishingPolicy.ps1

function Test-AntiPhishingPolicy {
    [CmdletBinding()]
    param (
        # Parameters can be added if needed
    )

    begin {
        # Dot source the class script

        $auditResults = @()
    }

    process {
        # 2.1.7 Ensure that an anti-phishing policy has been created

        # Retrieve and validate the anti-phishing policies
        $antiPhishPolicies = Get-AntiPhishPolicy
        $validatedPolicies = $antiPhishPolicies | Where-Object {
            $_.Enabled -eq $true -and
            $_.PhishThresholdLevel -ge 2 -and
            $_.EnableMailboxIntelligenceProtection -eq $true -and
            $_.EnableMailboxIntelligence -eq $true -and
            $_.EnableSpoofIntelligence -eq $true
        }

        # Check if there is at least one policy that meets the requirements
        $isCompliant = $validatedPolicies.Count -gt 0

        # Prepare failure details if policies are not compliant
        $failureDetails = if (-not $isCompliant) {
            "No anti-phishing policy is fully compliant with CIS benchmark requirements."
        } else {
            "Compliant Anti-Phish Policy Names: " + ($validatedPolicies.Name -join ', ')
        }

        # Create an instance of CISAuditResult and populate it
        $auditResult = [CISAuditResult]::new()
        $auditResult.Status = if ($isCompliant) { "Pass" } else { "Fail" }
        $auditResult.ELevel = "E5"
        $auditResult.ProfileLevel = "L1"
        $auditResult.Rec = "2.1.7"
        $auditResult.RecDescription = "Ensure that an anti-phishing policy has been created"
        $auditResult.CISControlVer = "v8"
        $auditResult.CISControl = "9.7"
        $auditResult.CISDescription = "Deploy and Maintain Email Server Anti-Malware Protections"
        $auditResult.IG1 = $false
        $auditResult.IG2 = $false
        $auditResult.IG3 = $true
        $auditResult.Result = $isCompliant
        $auditResult.Details = $failureDetails
        $auditResult.FailureReason = if (-not $isCompliant) { "Anti-phishing policies do not meet CIS benchmark requirements." } else { "N/A" }

        $auditResults += $auditResult
    }

    end {
        # Return auditResults
        return $auditResults
    }
}