public/Invoke-VPASAuditSafeTest.ps1
<#
.Synopsis RUN AUDIT SAFE TESTS CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RUN AUDIT TESTS FOR SAFES .LINK https://vpasmodule.com/commands/Invoke-VPASAuditSafeTest .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .EXAMPLE $RunAuditSafeTests = Invoke-VPASAuditSafeTest .OUTPUTS $true if successful --- $false if failed #> function Invoke-VPASAuditSafeTest{ [OutputType([bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ $OutputResultsToFile = $true $ErrorInAudit = $false $AuditFailCount = 0 $curUser = $env:UserName $ConfigFilePath = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits" $ConfigFile = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits\AuditSafeTestConfigs.txt" if($OutputResultsToFile){ $OutputFile = "C:\Users\$curUser\AppData\Local\VPASModuleOutputs\Audits\AuditSafesResults.txt" $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : BEGINNING AUDIT TEST" | Set-Content $OutputFile } Write-Verbose "CONSTRUCTING FILEPATHS FOR AuditSafeTestConfigs" #FILE CREATION try{ if(Test-Path -Path $ConfigFilePath){ #DO NOTHING Write-Verbose "AuditSafeTestConfigs DIRECTORY EXISTS" if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : SAFE AUDIT PRECHECK 1 PASSED" | Add-Content $OutputFile } } else{ Write-Verbose "AuditSafeTestConfigs DIRECTORY DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTest COMMAND TO INITIATE TEST CASES" Write-Verbose "Returning False" Write-VPASOutput -str "AuditSafeTestConfigs DIRECTORY DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTes COMMAND TO INITIATE TEST CASES" -type E Write-VPASOutput -str "EXITING UTILITY" -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile } return $false } if(Test-Path -Path $ConfigFile){ if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : SAFE AUDIT PRECHECK 2 PASSED" | Add-Content $OutputFile } #START PARSING FILE HERE $AllLines = Get-Content -Path $ConfigFile $AuditSafeNameConvention = "" $AuditNumberOfSafeMembers = 0 $AuditSafeMembers = @{} $AuditSafeMember = "" $AuditPermissions = @() $AuditCPMName = "" $AuditIgnoreSafes = @() foreach($line in $AllLines){ #SafeNamingConvention if($line -match "SafeNamingConvention="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditSafeNameConvention = $tempValSplit[1] Write-Verbose "SafeNamingConvention = $AuditSafeNameConvention" } #NumberOfSafeMembers if($line -match "NumberOfSafeMembers="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditNumberOfSafeMembers = [int]$tempValSplit[1] Write-Verbose "NumberOfSafeMembers = $AuditNumberOfSafeMembers" } #SafeMember if($line -match "SafeMember="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditSafeMember = $tempValSplit[1] Write-Verbose "SafeMember = $AuditSafeMember" } #Permissions if($line -match "Permissions="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditPermissionsTemp = $tempValSplit[1] Write-Verbose "Permissions = $AuditPermissionsTemp" $pUseAccounts = $false $pRetrieveAccounts = $false $pListAccounts = $false $pAddAccounts = $false $pUpdateAccountContent = $false $pUpdateAccountProperties = $false $pInitiateCPMAccountManagementOperations = $false $pSpecifyNextAccountContent = $false $pRenameAccounts = $false $pDeleteAccounts = $false $pUnlockAccounts = $false $pManageSafe = $false $pManageSafeMembers = $false $pBackupSafe = $false $pViewAuditLog = $false $pViewSafeMembers = $false $pAccessWithoutConfirmation = $false $pCreateFolders = $false $pDeleteFolders = $false $pMoveAccountsAndFolders = $false $pRequestsAuthorizationLevel1 = $false $pRequestsAuthorizationLevel2 = $false $AuditPermissions = $AuditPermissionsTemp -split ";" foreach($perm in $AuditPermissions){ if($perm -eq "UseAccounts"){ $pUseAccounts = $true } if($perm -eq "RetrieveAccounts"){ $pRetrieveAccounts = $true } if($perm -eq "ListAccounts"){ $pListAccounts = $true } if($perm -eq "AddAccounts"){ $pAddAccounts = $true } if($perm -eq "UpdateAccountContent"){ $pUpdateAccountContent = $true } if($perm -eq "UpdateAccountProperties"){ $pUpdateAccountProperties = $true } if($perm -eq "InitiateCPMAccountManagementOperations"){ $pInitiateCPMAccountManagementOperations = $true } if($perm -eq "SpecifyNextAccountContent"){ $pSpecifyNextAccountContent = $true } if($perm -eq "RenameAccounts"){ $pRenameAccounts = $true } if($perm -eq "DeleteAccounts"){ $pDeleteAccounts = $true } if($perm -eq "UnlockAccounts"){ $pUnlockAccounts = $true } if($perm -eq "ManageSafe"){ $pManageSafe = $true } if($perm -eq "ManageSafeMembers"){ $pManageSafeMembers = $true } if($perm -eq "BackupSafe"){ $pBackupSafe = $true } if($perm -eq "ViewAuditLog"){ $pViewAuditLog = $true } if($perm -eq "ViewSafeMembers"){ $pViewSafeMembers = $true } if($perm -eq "AccessWithoutConfirmation"){ $pAccessWithoutConfirmation = $true } if($perm -eq "CreateFolders"){ $pCreateFolders = $true } if($perm -eq "DeleteFolders"){ $pDeleteFolders = $true } if($perm -eq "MoveAccountsAndFolders"){ $pMoveAccountsAndFolders = $true } if($perm -eq "RequestsAuthorizationLevel1"){ $pRequestsAuthorizationLevel1 = $true } if($perm -eq "RequestsAuthorizationLevel2"){ $pRequestsAuthorizationLevel2 = $true } } $Perms = @{ UseAccounts = $pUseAccounts RetrieveAccounts = $pRetrieveAccounts ListAccounts = $pListAccounts AddAccounts = $pAddAccounts UpdateAccountContent = $pUpdateAccountContent UpdateAccountProperties = $pUpdateAccountProperties InitiateCPMAccountManagementOperations = $pInitiateCPMAccountManagementOperations SpecifyNextAccountContent = $pSpecifyNextAccountContent RenameAccounts = $pRenameAccounts DeleteAccounts = $pDeleteAccounts UnlockAccounts = $pUnlockAccounts ManageSafe = $pManageSafe ManageSafeMembers = $pManageSafeMembers BackupSafe = $pBackupSafe ViewAuditLog = $pViewAuditLog ViewSafeMembers = $pViewSafeMembers AccessWithoutConfirmation = $pAccessWithoutConfirmation CreateFolders = $pCreateFolders DeleteFolders = $pDeleteFolders MoveAccountsAndFolders = $pMoveAccountsAndFolders RequestsAuthorizationLevel1 = $pRequestsAuthorizationLevel1 RequestsAuthorizationLevel2 = $pRequestsAuthorizationLevel2 } $AuditSafeMembers += @{ $AuditSafeMember = $Perms } $AuditSafeMember = "" $AuditPermissions = @() } #CPMName if($line -match "CPMName="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditCPMName = $tempValSplit[1] Write-Verbose "CPMName = $AuditCPMName" } #IgnoreSafes if($line -match "IgnoreSafes="){ $tempVal = $line $tempValSplit = $tempVal -split "=" $AuditIgnoreSafesTemp = $tempValSplit[1] Write-Verbose "IgnoreSafes = $AuditIgnoreSafesTemp" $AuditIgnoreSafes = $AuditIgnoreSafesTemp -split ";" } } } else{ Write-Verbose "AuditSafeTestConfigs.txt DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTes COMMAND TO INITIATE TEST CASES" Write-Verbose "Returning False" Write-VPASOutput -str "AuditSafeTestConfigs.txt DOES NOT EXIST...PLEASE RUN Set-VPASAuditSafeTes COMMAND TO INITIATE TEST CASES" -type E Write-VPASOutput -str "EXITING UTILITY" -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile } return $false } }catch{ Write-VPASOutput -str "ERROR READING AuditSafeTestConfigs FILE" -type E Write-VPASOutput -str $_ -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile write-output "$_" | Add-Content $OutputFile } return $false } if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDITING SAFES AGAINST THE FOLLOWING PARAMETERS:" | Add-Content $OutputFile write-output "$timestamp : `tSafeNameConvention = $AuditSafeNameConvention" | Add-Content $OutputFile write-output "$timestamp : `tCPMName = $AuditCPMName" | Add-Content $OutputFile write-output "$timestamp : `tIgnoreSafes = $AuditIgnoreSafes" | Add-Content $OutputFile write-output "$timestamp : `tNumberOfSafeMembers = $AuditNumberOfSafeMembers" | Add-Content $OutputFile $AllKeys = $AuditSafeMembers.Keys $targetMembers = @() $MemberCheckArr = @{} foreach($rec in $AllKeys){ $targetUser = $rec $str = "" $pUseAccounts = $AuditSafeMembers.$rec.UseAccounts $pRetrieveAccounts = $AuditSafeMembers.$rec.RetrieveAccounts $pListAccounts = $AuditSafeMembers.$rec.ListAccounts $pAddAccounts = $AuditSafeMembers.$rec.AddAccounts $pUpdateAccountContent = $AuditSafeMembers.$rec.UpdateAccountContent $pUpdateAccountProperties = $AuditSafeMembers.$rec.UpdateAccountProperties $pInitiateCPMAccountManagementOperations = $AuditSafeMembers.$rec.InitiateCPMAccountManagementOperations $pSpecifyNextAccountContent = $AuditSafeMembers.$rec.SpecifyNextAccountContent $pRenameAccounts = $AuditSafeMembers.$rec.RenameAccounts $pDeleteAccounts = $AuditSafeMembers.$rec.DeleteAccounts $pUnlockAccounts = $AuditSafeMembers.$rec.UnlockAccounts $pManageSafe = $AuditSafeMembers.$rec.ManageSafe $pManageSafeMembers = $AuditSafeMembers.$rec.ManageSafeMembers $pBackupSafe = $AuditSafeMembers.$rec.BackupSafe $pViewAuditLog = $AuditSafeMembers.$rec.ViewAuditLog $pViewSafeMembers = $AuditSafeMembers.$rec.ViewSafeMembers $pAccessWithoutConfirmation = $AuditSafeMembers.$rec.AccessWithoutConfirmation $pCreateFolders = $AuditSafeMembers.$rec.CreateFolders $pDeleteFolders = $AuditSafeMembers.$rec.DeleteFolders $pMoveAccountsAndFolders = $AuditSafeMembers.$rec.MoveAccountsAndFolders $pRequestsAuthorizationLevel1 = $AuditSafeMembers.$rec.RequestsAuthorizationLevel1 $pRequestsAuthorizationLevel2 = $AuditSafeMembers.$rec.RequestsAuthorizationLevel2 if($pUseAccounts){ $str += "UseAccounts;" } if($pRetrieveAccounts){ $str += "RetrieveAccounts;" } if($pListAccounts){ $str += "ListAccounts;" } if($pAddAccounts){ $str += "AddAccounts;" } if($pUpdateAccountContent){ $str += "UpdateAccountContent;" } if($pUpdateAccountProperties){ $str += "UpdateAccountProperties;" } if($pInitiateCPMAccountManagementOperations){ $str += "InitiateCPMAccountManagementOperations;" } if($pSpecifyNextAccountContent){ $str += "SpecifyNextAccountContent;" } if($pRenameAccounts){ $str += "RenameAccounts;" } if($pDeleteAccounts){ $str += "DeleteAccounts;" } if($pUnlockAccounts){ $str += "UnlockAccounts;" } if($pManageSafe){ $str += "ManageSafe;" } if($pManageSafeMembers){ $str += "ManageSafeMembers;" } if($pBackupSafe){ $str += "BackupSafe;" } if($pViewAuditLog){ $str += "ViewAuditLog;" } if($pViewSafeMembers){ $str += "ViewSafeMembers;" } if($pAccessWithoutConfirmation){ $str += "AccessWithoutConfirmation;" } if($pCreateFolders){ $str += "CreateFolders;" } if($pDeleteFolders){ $str += "DeleteFolders;" } if($pMoveAccountsAndFolders){ $str += "MoveAccountsAndFolders;" } if($pRequestsAuthorizationLevel1){ $str += "RequestsAuthorizationLevel1;" } if($pRequestsAuthorizationLevel2){ $str += "RequestsAuthorizationLevel2;" } $targetPermissions = $AuditSafeMembers.$rec write-output "$timestamp : `tTargetSafeMember = $targetUser" | Add-Content $OutputFile write-output "$timestamp : `tTargetPermissions = $str" | Add-Content $OutputFile $targetMembers += $targetUser.ToLower() $MemberCheckArr += @{ $targetUser = $false } } } $AllSafes = Get-VPASSafes -token $token -searchQuery "$AuditSafeNameConvention" if($AllSafes){ #WE HAVE A BUNCH OF SAFES NOW $counter = $AllSafes.count if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : $counter SAFES FOUND CONTAINING *$AuditSafeNameConvention* " | Add-Content $OutputFile Write-Verbose "FOUND $counter SAFES CONTAINING *$AuditSafeNameConvention* " } foreach($saferes in $AllSafes.value){ $safe = $saferes.safename $CPM = $saferes.managingCPM write-verbose "ANALYZING SAFE: $safe" if($AuditIgnoreSafes.Contains($safe)){ #DO NOTHING...SKIPPING SAFE Write-Verbose "SKIPPING $safe...PART OF IGNORE SAFE SET" } else{ #CONTINUE QUERYING CYBERARK FOR MEMBERS AND OTHER CHECKS if($AuditCPMName -eq "NULL"){ #SKIPPING CPM AUDIT } else{ if($CPM -ne $AuditCPMName){ if([String]::IsNullOrEmpty($CPM)){ $CPM = "None" } if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (CPM) - $safe - CURRENT CPM ASSIGNED $CPM...SHOULD BE $AuditCPMName" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 Write-Verbose "CPM USER IS INCORRECT ON SAFE: $safe" } } } if($AuditNumberOfSafeMembers -eq "0"){ #SKIPPING SAFE MEMBERS CHECK } else{ $AllSafemembers = Get-VPASSafeMembers -token $token -safe $safe -IncludePredefinedMembers foreach($foundMember in $AllSafemembers.value){ $MemberName = $foundMember.memberName $permissions = $foundMember.permissions Write-Verbose "ANALYZING SAFE MEMBER: $MemberName ON SAFE: $safe" $MemberName = $MemberName.ToLower() if($targetMembers.Contains($MemberName)){ #FOUND TARGET MEMBER $MemberCheckArr.$MemberName = $true Write-Verbose "FOUND TARGET MEMBER: $MemberName ON SAFE: $safe" #CURRENT PERMS $pUseAccounts = $permissions.UseAccounts $pRetrieveAccounts = $permissions.RetrieveAccounts $pListAccounts = $permissions.ListAccounts $pAddAccounts = $permissions.AddAccounts $pUpdateAccountContent = $permissions.UpdateAccountContent $pUpdateAccountProperties = $permissions.UpdateAccountProperties $pInitiateCPMAccountManagementOperations = $permissions.InitiateCPMAccountManagementOperations $pSpecifyNextAccountContent = $permissions.SpecifyNextAccountContent $pRenameAccounts = $permissions.RenameAccounts $pDeleteAccounts = $permissions.DeleteAccounts $pUnlockAccounts = $permissions.UnlockAccounts $pManageSafe = $permissions.ManageSafe $pManageSafeMembers = $permissions.ManageSafeMembers $pBackupSafe = $permissions.BackupSafe $pViewAuditLog = $permissions.ViewAuditLog $pViewSafeMembers = $permissions.ViewSafeMembers $pAccessWithoutConfirmation = $permissions.AccessWithoutConfirmation $pCreateFolders = $permissions.CreateFolders $pDeleteFolders = $permissions.DeleteFolders $pMoveAccountsAndFolders = $permissions.MoveAccountsAndFolders $pRequestsAuthorizationLevel1 = $permissions.RequestsAuthorizationLevel1 $pRequestsAuthorizationLevel2 = $permissions.RequestsAuthorizationLevel2 #AUDIT PERMS $cUseAccounts = $AuditSafeMembers.$MemberName.UseAccounts $cRetrieveAccounts = $AuditSafeMembers.$MemberName.RetrieveAccounts $cListAccounts = $AuditSafeMembers.$MemberName.ListAccounts $cAddAccounts = $AuditSafeMembers.$MemberName.AddAccounts $cUpdateAccountContent = $AuditSafeMembers.$MemberName.UpdateAccountContent $cUpdateAccountProperties = $AuditSafeMembers.$MemberName.UpdateAccountProperties $cInitiateCPMAccountManagementOperations = $AuditSafeMembers.$MemberName.InitiateCPMAccountManagementOperations $cSpecifyNextAccountContent = $AuditSafeMembers.$MemberName.SpecifyNextAccountContent $cRenameAccounts = $AuditSafeMembers.$MemberName.RenameAccounts $cDeleteAccounts = $AuditSafeMembers.$MemberName.DeleteAccounts $cUnlockAccounts = $AuditSafeMembers.$MemberName.UnlockAccounts $cManageSafe = $AuditSafeMembers.$MemberName.ManageSafe $cManageSafeMembers = $AuditSafeMembers.$MemberName.ManageSafeMembers $cBackupSafe = $AuditSafeMembers.$MemberName.BackupSafe $cViewAuditLog = $AuditSafeMembers.$MemberName.ViewAuditLog $cViewSafeMembers = $AuditSafeMembers.$MemberName.ViewSafeMembers $cAccessWithoutConfirmation = $AuditSafeMembers.$MemberName.AccessWithoutConfirmation $cCreateFolders = $AuditSafeMembers.$MemberName.CreateFolders $cDeleteFolders = $AuditSafeMembers.$MemberName.DeleteFolders $cMoveAccountsAndFolders = $AuditSafeMembers.$MemberName.MoveAccountsAndFolders $cRequestsAuthorizationLevel1 = $AuditSafeMembers.$MemberName.RequestsAuthorizationLevel1 $cRequestsAuthorizationLevel2 = $AuditSafeMembers.$MemberName.RequestsAuthorizationLevel2 if($pUseAccounts -ne $cUseAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UseAccounts IS SET TO $pUseAccounts...SHOULD BE SET TO $cUseAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UseAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRetrieveAccounts -ne $cRetrieveAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RetrieveAccounts IS SET TO $pRetrieveAccounts...SHOULD BE SET TO $cRetrieveAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RetrieveAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pListAccounts -ne $cListAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ListAccounts IS SET TO $pListAccounts...SHOULD BE SET TO $cListAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ListAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pAddAccounts -ne $cAddAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName AddAccounts IS SET TO $pAddAccounts...SHOULD BE SET TO $cAddAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "AddAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pUpdateAccountContent -ne $cUpdateAccountContent){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UpdateAccountContent IS SET TO $pUpdateAccountContent...SHOULD BE SET TO $cUpdateAccountContent" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UpdateAccountContent PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pUpdateAccountProperties -ne $cUpdateAccountProperties){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UpdateAccountProperties IS SET TO $pUpdateAccountProperties...SHOULD BE SET TO $cUpdateAccountProperties" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UpdateAccountProperties PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pInitiateCPMAccountManagementOperations -ne $cInitiateCPMAccountManagementOperations){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName InitiateCPMAccountManagementOperations IS SET TO $pInitiateCPMAccountManagementOperations...SHOULD BE SET TO $cInitiateCPMAccountManagementOperations" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "InitiateCPMAccountManagementOperations PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pSpecifyNextAccountContent -ne $cSpecifyNextAccountContent){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName SpecifyNextAccountContent IS SET TO $pSpecifyNextAccountContent...SHOULD BE SET TO $cSpecifyNextAccountContent" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "SpecifyNextAccountContent PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRenameAccounts -ne $cRenameAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RenameAccounts IS SET TO $pRenameAccounts...SHOULD BE SET TO $cRenameAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RenameAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pDeleteAccounts -ne $cDeleteAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName DeleteAccounts IS SET TO $pDeleteAccounts...SHOULD BE SET TO $cDeleteAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "DeleteAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pUnlockAccounts -ne $cUnlockAccounts){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName UnlockAccounts IS SET TO $pUnlockAccounts...SHOULD BE SET TO $cUnlockAccounts" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "UnlockAccounts PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pManageSafe -ne $cManageSafe){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ManageSafe IS SET TO $pManageSafe...SHOULD BE SET TO $cManageSafe" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ManageSafe PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pManageSafeMembers -ne $cManageSafeMembers){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ManageSafeMembers IS SET TO $pManageSafeMembers...SHOULD BE SET TO $cManageSafeMembers" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ManageSafeMembers PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pBackupSafe -ne $cBackupSafe){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName BackupSafe IS SET TO $pBackupSafe...SHOULD BE SET TO $cBackupSafe" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "BackupSafe PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pViewAuditLog -ne $cViewAuditLog){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ViewAuditLog IS SET TO $pViewAuditLog...SHOULD BE SET TO $cViewAuditLog" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ViewAuditLog PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pViewSafeMembers -ne $cViewSafeMembers){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName ViewSafeMembers IS SET TO $pViewSafeMembers...SHOULD BE SET TO $cViewSafeMembers" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "ViewSafeMembers PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pAccessWithoutConfirmation -ne $cAccessWithoutConfirmation){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName AccessWithoutConfirmation IS SET TO $pAccessWithoutConfirmation...SHOULD BE SET TO $cAccessWithoutConfirmation" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "AccessWithoutConfirmation PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pCreateFolders -ne $cCreateFolders){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName CreateFolders IS SET TO $pCreateFolders...SHOULD BE SET TO $cCreateFolders" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "CreateFolders PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pDeleteFolders -ne $cDeleteFolders){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName DeleteFolders IS SET TO $pDeleteFolders...SHOULD BE SET TO $cDeleteFolders" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "DeleteFolders PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pMoveAccountsAndFolders -ne $cMoveAccountsAndFolders){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName MoveAccountsAndFolders IS SET TO $pMoveAccountsAndFolders...SHOULD BE SET TO $cMoveAccountsAndFolders" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "MoveAccountsAndFolders PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRequestsAuthorizationLevel1 -ne $cRequestsAuthorizationLevel1){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RequestsAuthorizationLevel1 IS SET TO $pRequestsAuthorizationLevel1...SHOULD BE SET TO $cRequestsAuthorizationLevel1" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RequestsAuthorizationLevel1 PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } if($pRequestsAuthorizationLevel2 -ne $cRequestsAuthorizationLevel2){ $ErrorInAudit = $true if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER PERMISSION) - $safe - $MemberName RequestsAuthorizationLevel2 IS SET TO $pRequestsAuthorizationLevel2...SHOULD BE SET TO $cRequestsAuthorizationLevel2" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } Write-Verbose "RequestsAuthorizationLevel2 PERMISSION FOR $MemberName ON SAFE: $safe IS INCORRECT" } } } $AllCheckKeys = $MemberCheckArr.Keys foreach($CheckKey in $AllCheckKeys){ if($MemberCheckArr.$CheckKey -eq $false){ if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : AUDIT FAIL (SAFE MEMBER) - $safe - MISSING SAFE MEMBER: $CheckKey" | Add-Content $OutputFile $ErrorInAudit = $true $AuditFailCount += 1 } } } } } } } else{ Write-Verbose "FAILED TO QUERY CYBERARK FOR SAFES" Write-Verbose "Returning False" Write-VPASOutput -str "FAILED TO QUERY CYBERARK FOR SAFES" -type E Write-VPASOutput -str "EXITING UTILITY" -type E if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : FAILED TO RUN SAFE AUDIT TEST" | Add-Content $OutputFile } return $false } if($OutputResultsToFile){ $timestamp = Get-Date -Format "(MM-dd-yyyy HH:mm:ss)" write-output "$timestamp : $AuditFailCount FAILED AUDIT TESTS" | Add-Content $OutputFile } if($ErrorInAudit){ Write-Verbose "SOME AUDIT CHECKS FAILED...RETURNING FALSE" Write-VPASOutput -str "AuditSafeTest RAN SUCCESSFULLY, BUT SOME ERRORS WERE DISCOVERED" -type M Write-VPASOutput -str "VIEW AUDIT LOG LOCATED HERE TO VIEW MORE DETAILS: $OutputFile" -type M return $false } else{ Write-Verbose "ALL AUDIT CHECKS PASSED...RETURNING TRUE" Write-VPASOutput -str "ALL AUDIT CHECKS PASSED!!!" -type G return $true } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |