From 7664d187795e59ed7eff63760706f334d0daa063 Mon Sep 17 00:00:00 2001 From: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:46:48 -0400 Subject: [PATCH] Refactor Defender Unit test to pull from central Jsons (#1282) * update defender test 01 pt 1 * defender 01 tests update pt 2 * refactor policy group 3 * refactor policy group 5 * refactor policy group 6 * Refactor defender control group 2 * Refactor defender control group 1 * Refactor defender control group 4 * fix minor inconsistancies * fix minor inconsistancies * fix minor inconsistancies --- .../Rego/Defender/DefenderBaseConfig.rego | 219 ++ .../Rego/Defender/DefenderConfig_01_test.rego | 2169 ++++++----------- .../Rego/Defender/DefenderConfig_02_test.rego | 1146 ++------- .../Rego/Defender/DefenderConfig_03_test.rego | 23 +- .../Rego/Defender/DefenderConfig_04_test.rego | 1253 ++-------- .../Rego/Defender/DefenderConfig_05_test.rego | 170 +- .../Rego/Defender/DefenderConfig_06_test.rego | 38 +- 7 files changed, 1355 insertions(+), 3663 deletions(-) create mode 100644 PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderBaseConfig.rego diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderBaseConfig.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderBaseConfig.rego new file mode 100644 index 000000000..c0e28681f --- /dev/null +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderBaseConfig.rego @@ -0,0 +1,219 @@ +package defender_test +import rego.v1 + +ProtectionPolicyRules := [ + { + "Identity": "Standard Preset Security Policy", + "State": "Enabled", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + }, + { + "Identity": "Strict Preset Security Policy", + "State": "Enabled", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null, + "State": "Enabled" + } +] + +AtpPolicyRules := [ + { + "Identity": "Standard Preset Security Policy", + "State": "Enabled", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null + }, + { + "Identity": "Strict Preset Security Policy", + "State": "Enabled", + "SentTo": null, + "SentToMemberOf": null, + "RecipientDomainIs": null, + "ExceptIfSentTo": null, + "ExceptIfSentToMemberOf": null, + "ExceptIfRecipientDomainIs": null, + "Conditions": null, + "Exceptions": null + } +] + +ScubaConfig := { + "OutPath": ".", + "OutRegoFileName": "TestResults", + "Defender": { + "MS.DEFENDER.1.4v1": { + "SensitiveAccounts": { + "IncludedUsers": [], + "IncludedGroups": [], + "IncludedDomains": [], + "ExcludedUsers": [], + "ExcludedGroups": [], + "ExcludedDomains": [] + } + }, + "MS.DEFENDER.1.5v1": { + "SensitiveAccounts": { + "IncludedUsers": [], + "IncludedGroups": [], + "IncludedDomains": [], + "ExcludedUsers": [], + "ExcludedGroups": [], + "ExcludedDomains": [] + } + }, + "MS.DEFENDER.2.1v1": { + "SensitiveUsers": [ + "John Doe;jdoe@someemail.com", + "Jane Doe;jadoe@someemail.com" + ] + }, + "MS.DEFENDER.2.2v1": { + "AgencyDomains": [ + "random.mail.example.com", + "random.example.com" + ] + }, + "MS.DEFENDER.2.3v1": { + "PartnerDomains": [ + "random.mail.example.com", + "random.example.com" + ] + } + } +} + +AntiPhishPolicies := [ + { + "Identity": "Standard Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedUserProtection": true, + "TargetedUsersToProtect": [ + "John Doe;jdoe@someemail.com", + "Jane Doe;jadoe@someemail.com" + ], + "TargetedUserProtectionAction": "Quarantine", + "EnableTargetedDomainsProtection": true, + "TargetedDomainsToProtect": [ + "random.mail.example.com", + "random.example.com" + ], + "TargetedDomainProtectionAction": "Quarantine" + }, + { + "Identity": "Strict Preset Security Policy1659535429826", + "Enabled": true, + "EnableTargetedUserProtection": true, + "TargetedUsersToProtect": [ + "John Doe;jdoe@someemail.com", + "Jane Doe;jadoe@someemail.com" + ], + "TargetedUserProtectionAction": "Quarantine", + "EnableTargetedDomainsProtection": true, + "TargetedDomainsToProtect": [ + "random.mail.example.com", + "random.example.com" + ], + "TargetedDomainProtectionAction": "Quarantine" + } +] + +AtpPolicyForO365 := { + "EnableATPForSPOTeamsODB": true, + "Identity": "Default" +} + +ProtectionAlerts := [ + { + "Name": "Suspicious email sending patterns detected", + "Disabled": false + }, + { + "Name": "Unusual increase in email reported as phish", + "Disabled": false + }, + { + "Name": "Suspicious Email Forwarding Activity", + "Disabled": false + }, + { + "Name": "Messages have been delayed", + "Disabled": false + }, + { + "Name": "Tenant restricted from sending unprovisioned email", + "Disabled": false + }, + { + "Name": "User restricted from sending email", + "Disabled": false + }, + { + "Name": "Malware campaign detected after delivery", + "Disabled": false + }, + { + "Name": "A potentially malicious URL click was detected", + "Disabled": false + }, + { + "Name": "Suspicious connector activity", + "Disabled": false + } +] + +AdminAuditLogConfig := { + "Identity": "Admin Audit Log Settings", + "UnifiedAuditLogIngestionEnabled": true +} + +DlpComplianceRules := { + "ContentContainsSensitiveInformation": [ + {"name": "U.S. Social Security Number (SSN)"}, + {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, + {"name": "Credit Card Number"} + ], + "Name": "Baseline Rule", + "Disabled": false, + "ParentPolicyName": "Default Office 365 DLP policy", + "BlockAccess": true, + "BlockAccessScope": "All", + "NotifyUser": [ + "SiteAdmin", + "LastModifier", + "Owner" + ], + "NotifyUserType": "NotSet", + "IsAdvancedRule": false +} + +DlpCompliancePolicies := { + "ExchangeLocation": ["All"], + "SharePointLocation": ["All"], + "TeamsLocation": ["All"], + "EndpointDlpLocation": ["All"], + "OneDriveLocation": ["All"], + "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", + "Name": "Default Office 365 DLP policy", + "Mode": "Enable", + "Enabled": true +} \ No newline at end of file diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego index 71a501a35..126b86ed5 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_01_test.rego @@ -11,125 +11,71 @@ import rego.v1 # Policy MS.DEFENDER.1.1v1 #-- test_Enabled_Correct_V1 if { - Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Enabled" - }, - { - "Identity": "Strict Preset Security Policy", - "State": "Enabled" - } - ], - "atp_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Enabled" - }, - { - "Identity": "Strict Preset Security Policy", - "State": "Enabled" - } - ], - "defender_license": true - } + Output := defender.tests with input.protection_policy_rules as ProtectionPolicyRules + with input.atp_policy_rules as AtpPolicyRules + with input.defender_license as true TestResult("MS.DEFENDER.1.1v1", Output, PASS, true) == true } test_Enabled_Correct_V2 if { - Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Enabled" - }, - { - "Identity": "Strict Preset Security Policy", - "State": "Enabled" - } - ], - "atp_policy_rules": [], - "defender_license": true - } + Output := defender.tests with input.protection_policy_rules as ProtectionPolicyRules + with input.atp_policy_rules as [] + with input.defender_license as true TestResult("MS.DEFENDER.1.1v1", Output, PASS, true) == true } test_Enabled_Correct_V3 if { - Output := defender.tests with input as { - "protection_policy_rules": [], - "atp_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Enabled" - }, - { - "Identity": "Strict Preset Security Policy", - "State": "Enabled" - } - ], - "defender_license": true - } + Output := defender.tests with input.protection_policy_rules as [] + with input.atp_policy_rules as AtpPolicyRules + with input.defender_license as true TestResult("MS.DEFENDER.1.1v1", Output, PASS, true) == true } test_Enabled_Incorrect_V1 if { - Output := defender.tests with input as { - "protection_policy_rules": [], - "atp_policy_rules": [], - "defender_license": true - } + Output := defender.tests with input.protection_policy_rules as [] + with input.atp_policy_rules as [] + with input.defender_license as true ReportDetailString := "Standard and Strict preset policies are both disabled" TestResult("MS.DEFENDER.1.1v1", Output, ReportDetailString, false) == true } test_Enabled_Incorrect_V2 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Standard Preset Security Policy", - "State": "Disabled" - }], - "atp_policy_rules": [], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "0/State", "value": "Disabled"}, + {"op": "remove", "path": "1"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.atp_policy_rules as [] + with input.defender_license as true ReportDetailString := "Standard and Strict preset policies are both disabled" TestResult("MS.DEFENDER.1.1v1", Output, ReportDetailString, false) == true } test_Enabled_Incorrect_V3 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Standard Preset Security Policy", - "State": "Enabled" - }], - "atp_policy_rules": [], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "remove", "path": "1"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.atp_policy_rules as [] + with input.defender_license as true ReportDetailString := "Strict preset policy is disabled" TestResult("MS.DEFENDER.1.1v1", Output, ReportDetailString, false) == true } test_Enabled_Incorrect_V4 if { - Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "State": "Disabled" - }, - { - "Identity": "Strict Preset Security Policy", - "State": "Disabled" - } - ], - "atp_policy_rules": [], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "0/State", "value": "Disabled"}, + {"op": "add", "path": "1/State", "value": "Disabled"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.atp_policy_rules as [] + with input.defender_license as true ReportDetailString := "Standard and Strict preset policies are both disabled" TestResult("MS.DEFENDER.1.1v1", Output, ReportDetailString, false) == true @@ -141,95 +87,59 @@ test_Enabled_Incorrect_V4 if { # Policy MS.DEFENDER.1.2v1 #-- test_AllEOP_Correct_V1 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - }], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "remove", "path": "1"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.2v1", Output, PASS, true) == true } test_AllEOP_Correct_V2 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - }], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.2v1", Output, PASS, true) == true } test_AllEOP_Correct_V3 if { - Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - }, - { - "Identity": "Strict Preset Security Policy", - "SentTo": ["user@example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["user@example.com"]}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.2v1", Output, PASS, true) == true } test_AllEOP_Incorrect_V1 if { - Output := defender.tests with input as { - "protection_policy_rules": [] - } + Output := defender.tests with input.protection_policy_rules as [] TestResult("MS.DEFENDER.1.2v1", Output, FAIL, false) == true } test_AllEOP_Incorrect_V2 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["user@example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null - }], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["user@example.com"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.2v1", Output, FAIL, false) == true } test_AllEOP_Incorrect_V3 if { - Output := defender.tests with input as { - "protection_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": ["user@example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null - }, - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": ["example.com"] - } - ], - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "0/RecipientDomainIs", "value": ["example.com"]}, + {"op": "add", "path": "1/SentTo", "value": ["user@example.com"]}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.2v1", Output, FAIL, false) == true } @@ -240,105 +150,62 @@ test_AllEOP_Incorrect_V3 if { # Policy MS.DEFENDER.1.3v1 #-- test_AllDefender_Correct_V1 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - }], - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "remove", "path": "1"}]) + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.3v1", Output, PASS, true) == true } test_AllDefender_Correct_V2 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - }], - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "remove", "path": "0"}]) + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.3v1", Output, PASS, true) == true } test_AllDefender_Correct_V3 if { - Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null - }, - { - "Identity": "Strict Preset Security Policy", - "SentTo": ["user@example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null - } - ], - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["user@example.com"]}]) + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.3v1", Output, PASS, true) == true } test_AllDefender_Incorrect_V1 if { - Output := defender.tests with input as { - "atp_policy_rules": [], - "defender_license": true - } + Output := defender.tests with input.atp_policy_rules as [] + with input.defender_license as true TestResult("MS.DEFENDER.1.3v1", Output, FAIL, false) == true } test_AllDefender_Incorrect_V2 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["user@example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null - }], - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["user@example.com"]}, + {"op": "remove", "path": "0"}]) + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.3v1", Output, FAIL, false) == true } test_AllDefender_Incorrect_V3 if { - Output := defender.tests with input as { - "atp_policy_rules": [ - { - "Identity": "Strict Preset Security Policy", - "SentTo": ["user@example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null - }, - { - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": ["example.com"] - } - ], - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "0/RecipientDomainIs", "value": ["example.com"]}, + {"op": "add", "path": "1/SentTo", "value": ["user@example.com"]}]) + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.defender_license as true TestResult("MS.DEFENDER.1.3v1", Output, FAIL, false) == true } test_AllDefender_Incorrect_V4 if { - Output := defender.tests with input as { - "atp_policy_rules": [], - "defender_license": false - } + Output := defender.tests with input.atp_policy_rules as [] + with input.defender_license as false ReportDetailString := concat(" ", [FAIL, DEFLICENSEWARNSTR]) @@ -351,787 +218,458 @@ test_AllDefender_Incorrect_V4 if { # Policy MS.DEFENDER.1.4v1 #-- test_SensitiveEOP_Correct_V1 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": [], - "IncludedGroups": [], - "IncludedDomains": [], - "ExcludedUsers": [], - "ExcludedGroups": [], - "ExcludedDomains": [] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V2 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts as {} + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V3 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V4 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {"IncludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ]}}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V5 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["johndoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "ExcludedUsers": [ - "johndoe@random.example.com" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["johndoe@random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V6 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "ExcludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentTo", "value": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V7 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V8 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune", - "Dune12" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedGroups": [ - "Dune", - "Dune12" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": [ + "Dune", + "Dune12" + ]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as [ + "Dune", + "Dune12" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V9 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune"], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "ExcludedGroups": [ - "Dune" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V10 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune", - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "ExcludedGroups": [ - "Dune", - "Dune12" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": [ + "Dune", + "Dune12" + ]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as [ + "Dune", + "Dune12" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V11 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": ["random.mail.example.com"], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/RecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V12 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "IncludedDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/RecipientDomainIs", "value": [ + "random.mail.example.com", + "random.example.com" + ]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as [ + "random.mail.example.com", + "random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V13 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.4v1": { - "SensitiveAccounts": { - "ExcludedDomains": [ - "random.mail.example.com" - ] - } - } - } - }, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V14 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {"ExcludedDomains": [ - "random.mail.example.com", - "random.example.com" - ]}}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": [ + "random.mail.example.com", + "random.example.com" + ]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as [ + "random.mail.example.com", + "random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V15 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V16 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V17 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedDomains": ["random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V18 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedGroups": ["Dune"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V19 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "ExcludedGroups": ["Dune12"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V20 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedDomains": ["random.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V21 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V22 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "IncludedDomains": ["random.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V23 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Correct_V24 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "IncludedDomains": ["random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, PASS, true) == true } test_SensitiveEOP_Incorrect_V1 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Disabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/State", "value": "Disabled"}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, FAIL, false) == true } test_SensitiveEOP_Incorrect_V2 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "remove", "path": "1"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, FAIL, false) == true } test_SensitiveEOP_Incorrect_V3 if { - Output := defender.tests with input as { - "protection_policy_rules": [{}], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + Output := defender.tests with input.protection_policy_rules as [{}] + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, FAIL, false) == true } test_SensitiveEOP_Incorrect_V4 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["johndoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, FAIL, false) == true } test_SensitiveEOP_Incorrect_V5 if { - Output := defender.tests with input as { - "protection_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.4v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "IncludedDomains": ["random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + ProtectionPolicies := json.patch(ProtectionPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.protection_policy_rules as ProtectionPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.4v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.4v1", Output, FAIL, false) == true } @@ -1142,721 +680,482 @@ test_SensitiveEOP_Incorrect_V5 if { # Policy MS.DEFENDER.1.5v1 #-- test_SensitiveATP_Correct_V1 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": [], - "IncludedGroups": [], - "IncludedDomains": [], - "ExcludedUsers": [], - "ExcludedGroups": [], - "ExcludedDomains": [] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V2 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V3 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"] - } - } - } - }, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V4 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V5 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["johndoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "ExcludedUsers": ["johndoe@random.example.com"] - } - } - } - }, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["johndoe@random.example.com"] + with input.defender_license as true + + TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V6 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedUsers": [ - "johndoe@random.example.com", - "janedoe@random.example.com" - ]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentTo", "value": [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as [ + "johndoe@random.example.com", + "janedoe@random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V7 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedGroups": ["Dune"]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V8 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": [ - "Dune", - "Dune12" - ], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedGroups": [ - "Dune", - "Dune12" - ]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": [ + "Dune", + "Dune12" + ]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as [ + "Dune", + "Dune12" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V9 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune"], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedGroups": ["Dune"]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V10 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": [ - "Dune", - "Dune12" - ], - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedGroups": [ - "Dune", - "Dune12" - ]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": [ + "Dune", + "Dune12" + ]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as [ + "Dune", + "Dune12" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V11 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": ["random.mail.example.com"], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "IncludedDomains": ["random.mail.example.com"] - } - } - } - }, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/RecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V12 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"IncludedDomains": [ - "random.mail.example.com", - "random.example.com" - ]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/RecipientDomainIs", "value": [ + "random.mail.example.com", + "random.example.com" + ]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as [ + "random.mail.example.com", + "random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V13 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": { - "Defender": { - "MS.DEFENDER.1.5v1": { - "SensitiveAccounts": { - "ExcludedDomains": ["random.mail.example.com"] - } - } - } - }, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V14 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": [ - "random.mail.example.com", - "random.example.com" - ], - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {"ExcludedDomains": [ - "random.mail.example.com", - "random.example.com" - ]}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": [ + "random.mail.example.com", + "random.example.com" + ]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as [ + "random.mail.example.com", + "random.example.com" + ] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V15 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V16 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V17 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedDomains": ["random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V18 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedGroups": ["Dune"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V19 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "ExcludedGroups": ["Dune12"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V20 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedDomains": ["random.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V21 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V22 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "IncludedDomains": ["random.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V23 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Correct_V24 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": ["Dune"], - "RecipientDomainIs": ["random.example.com"], - "ExceptIfSentTo": ["janedoe@random.example.com"], - "ExceptIfSentToMemberOf": ["Dune12"], - "ExceptIfRecipientDomainIs": ["random.mail.example.com"], - "Conditions": ["Rules.Tasks"], - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "IncludedDomains": ["random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/SentToMemberOf", "value": ["Dune"]}, + {"op": "add", "path": "1/RecipientDomainIs", "value": ["random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentTo", "value": ["janedoe@random.example.com"]}, + {"op": "add", "path": "1/ExceptIfSentToMemberOf", "value": ["Dune12"]}, + {"op": "add", "path": "1/ExceptIfRecipientDomainIs", "value": ["random.mail.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, PASS, true) == true } test_SensitiveATP_Incorrect_V1 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Disabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/State", "value": "Disabled"}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, FAIL, false) == true } test_SensitiveATP_Incorrect_V2 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Standard Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "remove", "path": "1"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, FAIL, false) == true } test_SensitiveATP_Incorrect_V3 if { - Output := defender.tests with input as { - "atp_policy_rules": [{}], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + Output := defender.tests with input.atp_policy_rules as [{}] + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, FAIL, false) == true } test_SensitiveATP_Incorrect_V4 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": null, - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": ["johndoe@random.example.com"], - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": null, - "Exceptions": ["Rules.Tasks"], - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": {}}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/ExceptIfSentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Exceptions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, FAIL, false) == true } test_SensitiveATP_Incorrect_V5 if { - Output := defender.tests with input as { - "atp_policy_rules": [{ - "Identity": "Strict Preset Security Policy", - "SentTo": ["johndoe@random.example.com"], - "SentToMemberOf": null, - "RecipientDomainIs": null, - "ExceptIfSentTo": null, - "ExceptIfSentToMemberOf": null, - "ExceptIfRecipientDomainIs": null, - "Conditions": ["Rules.Tasks"], - "Exceptions": null, - "State": "Enabled" - }], - "scuba_config": {"Defender": {"MS.DEFENDER.1.5v1": {"SensitiveAccounts": { - "IncludedUsers": ["johndoe@random.example.com"], - "ExcludedUsers": ["janedoe@random.example.com"], - "IncludedGroups": ["Dune"], - "ExcludedGroups": ["Dune12"], - "IncludedDomains": ["random.example.com"], - "ExcludedDomains": ["random.mail.example.com"] - }}}}, - "defender_license": true - } + AtpPolicies := json.patch(AtpPolicyRules, + [{"op": "add", "path": "1/SentTo", "value": ["johndoe@random.example.com"]}, + {"op": "add", "path": "1/Conditions", "value": ["Rules.Tasks"]}, + {"op": "remove", "path": "0"}]) + + Output := defender.tests with input.atp_policy_rules as AtpPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedUsers as ["johndoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedUsers as ["janedoe@random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedGroups as ["Dune"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedGroups as ["Dune12"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.IncludedDomains as ["random.example.com"] + with input.scuba_config.Defender["MS.DEFENDER.1.5v1"].SensitiveAccounts.ExcludedDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.1.5v1", Output, FAIL, false) == true } diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego index fbc8311a6..edc001549 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_02_test.rego @@ -9,374 +9,96 @@ import data.utils.key.PASS # Policy MS.DEFENDER.2.1v1 #-- test_TargetedUsers_Correct_V1 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.2.1v1", Output, PASS, true) == true } test_TargetedUsers_Correct_V2 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.1v1"].SensitiveUsers as ["John Doe;jdoe@someemail.com"] + with input.defender_license as true TestResult("MS.DEFENDER.2.1v1", Output, PASS, true) == true } test_TargetedUsers_Correct_V3 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.2.1v1", Output, PASS, true) == true } test_TargetedUsers_Incorrect_V1 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "0"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all sensitive users are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } test_TargetedUsers_Incorrect_V2 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all sensitive users are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } test_TargetedUsers_Incorrect_V3 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Some Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1"}, + {"op": "add", "path": "0/Identity", "value": "Some Preset Security Policy1659535429826"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all sensitive users are included for targeted protection in Strict or Standard policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } test_TargetedUsers_Incorrect_V4 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": false, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/Enabled", "value": false}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all sensitive users are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } test_TargetedUsers_Incorrect_V5 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": false, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/EnableTargetedUserProtection", "value": false}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all sensitive users are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } test_TargetedUsers_Incorrect_V6 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1/TargetedUsersToProtect/1"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all sensitive users are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.1v1", Output, ReportDetailString, false) == true } test_TargetedUsers_Incorrect_V7 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedUserProtection": true, - "TargetedUsersToProtect": [ - "John Doe;jdoe@someemail.com" - ], - "TargetedUserProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.1v1": { - "SensitiveUsers": [ - "John Doe;jdoe@someemail.com", - "Jane Doe;jadoe@someemail.com" - ] - } - } - }, - "defender_license": false - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1/TargetedUsersToProtect/1"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as false ReportDetailString := concat(" ", [ "Requirement not met **NOTE: Either you do not have sufficient permissions or", @@ -391,360 +113,100 @@ test_TargetedUsers_Incorrect_V7 if { # Policy MS.DEFENDER.2.2v1 #-- test_AgencyDomains_Correct_V1 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.2.2v1", Output, PASS, true) == true } test_AgencyDomains_Correct_V2 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.2v1"].AgencyDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.2.2v1", Output, PASS, true) == true } test_AgencyDomains_Incorrect_V1 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "0"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V2 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V3 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Some Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1"}, + {"op": "add", "path": "0/Identity", "value": "Some Preset Security Policy1659535429826"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Strict or Standard policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V4 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": false, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/Enabled", "value": false}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V5 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": false, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/EnableTargetedDomainsProtection", "value": false}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V6 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": { - "AgencyDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1/TargetedDomainsToProtect/1"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V7 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": {} - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.2v1"] as {} + with input.defender_license as true ReportDetailString := "Not all agency domains are included for targeted protection in Strict or Standard policy." TestResult("MS.DEFENDER.2.2v1", Output, ReportDetailString, false) == true } test_AgencyDomains_Incorrect_V8 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": null, - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": null, - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": {} - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/TargetedDomainsToProtect", "value": null}, + {"op": "add", "path": "1/TargetedDomainsToProtect", "value": null}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.2v1"] as {} + with input.defender_license as true ReportDetailString := concat(" ", [ "No agency domains defined for impersonation protection assessment.", @@ -754,30 +216,12 @@ test_AgencyDomains_Incorrect_V8 if { } test_AgencyDomains_Incorrect_V9 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": null, - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": null, - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.2v1": {} - } - }, - "defender_license": false - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/TargetedDomainsToProtect", "value": null}, + {"op": "add", "path": "1/TargetedDomainsToProtect", "value": null}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.2v1"] as {} + with input.defender_license as false ReportDetailString := concat(" ", [ "Requirement not met **NOTE: Either you do not have sufficient permissions or", @@ -792,435 +236,117 @@ test_AgencyDomains_Incorrect_V9 if { # Policy MS.DEFENDER.2.3v1 #-- test_CustomDomains_Correct_V1 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true } test_CustomDomains_Correct_V2 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.3v1"].PartnerDomains as ["random.mail.example.com"] + with input.defender_license as true TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true } test_CustomDomains_Correct_V3 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.defender_license as true TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true } test_CustomDomains_Correct_V4 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": null, - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": null, - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": {} - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/TargetedDomainsToProtect", "value": null}, + {"op": "add", "path": "1/TargetedDomainsToProtect", "value": null}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.3v1"] as {} + with input.defender_license as true TestResult("MS.DEFENDER.2.3v1", Output, PASS, true) == true } test_CustomDomains_Incorrect_V1 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "0", "value": null}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V2 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1", "value": null}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V3 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Some Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "1/Identity", "value": "Some Preset Security Policy1659535429826"}, + {"op": "remove", "path": "0", "value": null}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Strict or Standard policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V4 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": false, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/Enabled", "value": false}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V5 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": false, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "add", "path": "0/EnableTargetedDomainsProtection", "value": false}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Standard policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V6 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": { - "PartnerDomains": [ - "random.mail.example.com", - "random.example.com" - ] - } - } - }, - "defender_license": true - } + AntiPhish := json.patch(AntiPhishPolicies, [{"op": "remove", "path": "1/TargetedDomainsToProtect/1"}]) + Output := defender.tests with input.anti_phish_policies as AntiPhish + with input.scuba_config as ScubaConfig + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Strict policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V7 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": {} - } - }, - "defender_license": true - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.3v1"] as {} + with input.defender_license as true ReportDetailString := "Not all partner domains are included for targeted protection in Strict or Standard policy." TestResult("MS.DEFENDER.2.3v1", Output, ReportDetailString, false) == true } test_CustomDomains_Incorrect_V8 if { - Output := defender.tests with input as { - "anti_phish_policies": [ - { - "Identity": "Standard Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - }, - { - "Identity": "Strict Preset Security Policy1659535429826", - "Enabled": true, - "EnableTargetedDomainsProtection": true, - "TargetedDomainsToProtect": [ - "random.mail.example.com", - "random.example.com" - ], - "TargetedDomainProtectionAction": "Quarantine" - } - ], - "scuba_config": { - "Defender": { - "MS.DEFENDER.2.3v1": {} - } - }, - "defender_license": false - } + Output := defender.tests with input.anti_phish_policies as AntiPhishPolicies + with input.scuba_config as ScubaConfig + with input.scuba_config.Defender["MS.DEFENDER.2.3v1"] as {} + with input.defender_license as false ReportDetailString := concat(" ", [ "Requirement not met **NOTE: Either you do not have sufficient permissions or", diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_03_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_03_test.rego index 44e28754d..0347a92b6 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_03_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_03_test.rego @@ -10,29 +10,16 @@ import data.utils.key.PASS # Policy MS.DEFENDER.3.1v1 #-- test_Spot_Correct if { - Output := defender.tests with input as { - "atp_policy_for_o365": [ - { - "EnableATPForSPOTeamsODB": true, - "Identity": "Default" - } - ], - "defender_license": true - } + Output := defender.tests with input.atp_policy_for_o365 as [AtpPolicyForO365] + with input.defender_license as true TestResult("MS.DEFENDER.3.1v1", Output, PASS, true) == true } test_Spot_Incorrect if { - Output := defender.tests with input as { - "atp_policy_for_o365": [ - { - "EnableATPForSPOTeamsODB": false, - "Identity": "Default" - } - ], - "defender_license": true - } + AtpPolicy := json.patch(AtpPolicyForO365, [{"op": "add", "path": "EnableATPForSPOTeamsODB", "value": false}]) + Output := defender.tests with input.atp_policy_for_o365 as [AtpPolicy] + with input.defender_license as true TestResult("MS.DEFENDER.3.1v1", Output, FAIL, false) == true } diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego index edeea3c29..77a030a88 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_04_test.rego @@ -12,199 +12,77 @@ import rego.v1 # Policy MS.DEFENDER.4.1v1 #-- test_ContentContainsSensitiveInformation_Correct_V1 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.1v1", Output, PASS, true) == true } test_AdvancedRule_Correct_V2 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": null, - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": true, - # regal ignore:line-length - "AdvancedRule": "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + # regal ignore:line-length + AdvancedRule := "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "ContentContainsSensitiveInformation", "value": null}, + {"op": "add", "path": "IsAdvancedRule", "value": true}, + {"op": "add", "path": "AdvancedRule", "value": AdvancedRule}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.1v1", Output, PASS, true) == true } test_ContentContainsSensitiveInformation_Incorrect_V1 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "remove", "path": "ContentContainsSensitiveInformation/0"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No matching rules found for: U.S. Social Security Number (SSN)" TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true } test_ContentContainsSensitiveInformation_Incorrect_V2 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "remove", "path": "ContentContainsSensitiveInformation/1"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No matching rules found for: U.S. Individual Taxpayer Identification Number (ITIN)" TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true } test_ContentContainsSensitiveInformation_Incorrect_V3 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "remove", "path": "ContentContainsSensitiveInformation/2"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No matching rules found for: Credit Card Number" TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true } test_ContentContainsSensitiveInformation_Incorrect_V4 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "ContentContainsSensitiveInformation", "value": []}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat(" ", [ "No matching rules found for: Credit Card Number,", @@ -215,34 +93,13 @@ test_ContentContainsSensitiveInformation_Incorrect_V4 if { } test_ContentContainsSensitiveInformation_Incorrect_V5 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": false - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Enabled", "value": false}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat(" ", [ "No matching rules found for: Credit Card Number,", @@ -253,34 +110,13 @@ test_ContentContainsSensitiveInformation_Incorrect_V5 if { } test_ContentContainsSensitiveInformation_Incorrect_V6 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "TestWithNotifications", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Mode", "value": "TestWithNotifications"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat(" ", [ "No matching rules found for: Credit Card Number,", @@ -291,10 +127,8 @@ test_ContentContainsSensitiveInformation_Incorrect_V6 if { } test_NoDLPLicense_Incorrect_4_1_V1 if { - Output := defender.tests with input as { - "defender_license": false, - "defender_dlp_license": false - } + Output := defender.tests with input.defender_license as false + with input.defender_dlp_license as false ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) TestResult("MS.DEFENDER.4.1v1", Output, ReportDetailString, false) == true @@ -306,207 +140,58 @@ test_NoDLPLicense_Incorrect_4_1_V1 if { # Policy MS.DEFENDER.4.2v1 #-- test_Locations_Correct_V1 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true } test_Locations_Correct_V2 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": null, - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": true, - # regal ignore:line-length - "AdvancedRule": "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + # regal ignore:line-length + AdvancedRule := "{rn 'Version': '1.0',rn 'Condition': {rn 'Operator': 'And',rn 'SubConditions': [rn {rn 'ConditionName': 'ContentContainsSensitiveInformation',rn 'Value': [rn {rn 'Groups': [rn {rn 'Name': 'Default',rn 'Operator': 'Or',rn 'Sensitivetypes': [rn {rn 'Name': 'Credit Card Number',rn 'Id': '50842eb7-edc8-4019-85dd-5a5c1f2bb085',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'High',rn 'Minconfidence': 85,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Individual Taxpayer Identification Number (ITIN)',rn 'Id': 'e55e2a32-f92d-4985-a35d-a0b269eb687b',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn },rn {rn 'Name': 'U.S. Social Security Number (SSN)',rn 'Id': 'a44669fe-0d48-453d-a9b1-2cc83f2cba77',rn 'Mincount': 1,rn 'Maxcount': -1,rn 'Confidencelevel': 'Medium',rn 'Minconfidence': 75,rn 'Maxconfidence': 100rn }rn ]rn }rn ],rn 'Operator': 'And'rn }rn ]rn }rn ]rn }rn}" + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "ContentContainsSensitiveInformation", "value": null}, + {"op": "add", "path": "IsAdvancedRule", "value": true}, + {"op": "add", "path": "AdvancedRule", "value": AdvancedRule}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true } -# regal ignore:rule-length test_Locations_Correct_V3 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }, - { - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule 2", - "Disabled": false, - "ParentPolicyName": "Some Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }, - { - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Some Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - } - ], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "Name", "value": "Baseline Rule 2"}, + {"op": "add", "path": "ParentPolicyName", "value": "Some Office 365 DLP policy"}]) + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Name", "value": "Some Office 365 DLP policy"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules, DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies, DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.2v1", Output, PASS, true) == true } # Policy exists, but Exchange location is null test_Locations_Incorrect_V1 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": [""], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "ExchangeLocation", "value": [""]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "DLP custom policy applied to the following locations: Devices, OneDrive, SharePoint, Teams", @@ -519,44 +204,14 @@ test_Locations_Incorrect_V1 if { # Policy exists, but SharePoint is not included test_Locations_Incorrect_V2 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": [""], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "SharePointLocation", "value": [""]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "DLP custom policy applied to the following locations: Devices, Exchange, OneDrive, Teams", @@ -569,44 +224,14 @@ test_Locations_Incorrect_V2 if { # Policy exists, but OneDrive location not included test_Locations_Incorrect_V3 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": [""], - "Workload": "Exchange, SharePoint, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "OneDriveLocation", "value": [""]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "DLP custom policy applied to the following locations: Devices, Exchange, SharePoint, Teams", @@ -619,44 +244,14 @@ test_Locations_Incorrect_V3 if { # Policy exists, but Teams location not included test_Locations_Incorrect_V4 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": [""], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "TeamsLocation", "value": [""]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "DLP custom policy applied to the following locations: Devices, Exchange, OneDrive, SharePoint", @@ -670,44 +265,14 @@ test_Locations_Incorrect_V4 if { # Policy exists, but Devices location not included test_Locations_Incorrect_V5 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": [""], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "EndpointDlpLocation", "value": [""]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams", @@ -721,44 +286,14 @@ test_Locations_Incorrect_V5 if { # Policy exists, but is not enabled test_Locations_Incorrect_V6 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": false - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Enabled", "value": false}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "Custom policy protecting sensitive info types NOT applied to: Devices, Exchange, OneDrive, SharePoint, Teams", @@ -771,44 +306,14 @@ test_Locations_Incorrect_V6 if { # Policy exists and is enabled, but block rules are disabled test_Locations_Incorrect_V7 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": true, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "Disabled", "value": true}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "Custom policy protecting sensitive info types NOT applied to: Devices, Exchange, OneDrive, SharePoint, Teams", @@ -822,44 +327,14 @@ test_Locations_Incorrect_V7 if { # Policy exists but set to TestWithNotifications rather than Enable test_Locations_Incorrect_V8 if { - Output := defender.tests with input as { - "scuba_config": { - "OutPath": ".", - "OutRegoFileName": "TestResults" - }, - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"}, - {"name": "U.S. Social Security Number (SSN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "ExchangeLocation": ["All"], - "SharePointLocation": ["All"], - "TeamsLocation": ["All"], - "EndpointDlpLocation": ["All"], - "OneDriveLocation": ["All"], - "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", - "Name": "Default Office 365 DLP policy", - "Mode": "TestWithNotifications", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Mode", "value": "TestWithNotifications"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat("", [ "Custom policy protecting sensitive info types NOT applied to: Devices, Exchange, OneDrive, SharePoint, Teams", @@ -872,10 +347,8 @@ test_Locations_Incorrect_V8 if { } test_NoDLPLicense_Incorrect_4_2_V1 if { - Output := defender.tests with input as { - "defender_license": false, - "defender_dlp_license": false - } + Output := defender.tests with input.defender_license as false + with input.defender_dlp_license as false ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) TestResult("MS.DEFENDER.4.2v1", Output, ReportDetailString, false) == true @@ -889,68 +362,25 @@ test_NoDLPLicense_Incorrect_4_2_V1 if { # All sensitive rules present and blocking test_BlockAccess_Correct_V1 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.3v1", Output, PASS, true) == true } # Sensitive rules present, but not blocking test_BlockAccess_Incorrect_V1 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": false, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "BlockAccess", "value": false}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat(" ", [ "1 rule(s) found that do(es) not block access or", @@ -962,34 +392,14 @@ test_BlockAccess_Incorrect_V1 if { # Sensitive rules present and blocking, but only to people outside org test_BlockAccess_Incorrect_V2 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "PerUser", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "BlockAccessScope", "value": "PerUser"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := concat(" ", [ "1 rule(s) found that do(es) not block access or associated policy not set to enforce block action:", @@ -1001,34 +411,14 @@ test_BlockAccess_Incorrect_V2 if { # Sensitive rules present and blocking, but policy set to test test_BlockAccess_Incorrect_V3 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "TestWithNotifications", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Mode", "value": "TestWithNotifications"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No DLP policy matching all types found for evaluation." TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true @@ -1036,33 +426,14 @@ test_BlockAccess_Incorrect_V3 if { # All rules are blocking, but don't contain all sensitive types test_BlockAccess_Incorrect_V4 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "remove", "path": "ContentContainsSensitiveInformation/2"}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No DLP policy matching all types found for evaluation." TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true @@ -1070,102 +441,39 @@ test_BlockAccess_Incorrect_V4 if { # Multiple policies combined that contain all sensitive rules blocking test_BlockAccess_Incorrect_V5 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [ - { - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }, - { - # regal ignore:line-length - "ContentContainsSensitiveInformation": [{"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}], - "Name": "Baseline Rule2", - "Disabled": false, - "ParentPolicyName": "ITIN specific policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - } - ], - "dlp_compliance_policies": [ - { - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }, - { - "Name": "ITIN specific policy", - "Mode": "Enable", - "Enabled": true - } - ], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule1 := json.patch(DlpComplianceRules, + [{"op": "remove", "path": "ContentContainsSensitiveInformation/1"}]) + DlpComplianceRule2 := json.patch(DlpComplianceRules, + [{"op": "add", "path": "ContentContainsSensitiveInformation", + "value": [{"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule1, DlpComplianceRule2] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No DLP policy matching all types found for evaluation." TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true } test_BlockAccess_Incorrect_V6 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owner" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": false - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Enabled", "value": false}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No DLP policy matching all types found for evaluation." TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true } test_NoDLPLicense_Incorrect_4_3_V1 if { - Output := defender.tests with input as { - "defender_license": false, - "defender_dlp_license": false - } + Output := defender.tests with input.defender_license as false + with input.defender_dlp_license as false ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) TestResult("MS.DEFENDER.4.3v1", Output, ReportDetailString, false) == true @@ -1179,98 +487,39 @@ test_NoDLPLicense_Incorrect_4_3_V1 if { # Sensitive policy present, and set to notify site admin test_NotifyUser_Correct_V1 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": ["SiteAdmin"], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "NotifyUser", "value": ["SiteAdmin"]}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.4v1", Output, PASS, true) == true } # Sensitive policy present, and set to notify multiple users test_NotifyUser_Correct_V2 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owners" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true TestResult("MS.DEFENDER.4.4v1", Output, PASS, true) == true } # Sensitive policy not enabled test_NotifyUser_Incorrect_V1 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [ - "SiteAdmin", - "LastModifier", - "Owners" - ], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Disable", - "Enabled": false - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpCompliancePolicy := json.patch(DlpCompliancePolicies, + [{"op": "add", "path": "Enabled", "value": false}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRules] + with input.dlp_compliance_policies as [DlpCompliancePolicy] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "No DLP policy matching all types found for evaluation." TestResult("MS.DEFENDER.4.4v1", Output, ReportDetailString, false) == true @@ -1278,40 +527,22 @@ test_NotifyUser_Incorrect_V1 if { # Sensitive policy enabled, no users set to notify test_NotifyUser_Incorrect_V2 if { - Output := defender.tests with input as { - "dlp_compliance_rules": [{ - "ContentContainsSensitiveInformation": [ - {"name": "U.S. Social Security Number (SSN)"}, - {"name": "U.S. Individual Taxpayer Identification Number (ITIN)"}, - {"name": "Credit Card Number"} - ], - "Name": "Baseline Rule", - "Disabled": false, - "ParentPolicyName": "Default Office 365 DLP policy", - "BlockAccess": true, - "BlockAccessScope": "All", - "NotifyUser": [], - "NotifyUserType": "NotSet", - "IsAdvancedRule": false - }], - "dlp_compliance_policies": [{ - "Name": "Default Office 365 DLP policy", - "Mode": "Enable", - "Enabled": true - }], - "defender_license": true, - "defender_dlp_license": true - } + DlpComplianceRule := json.patch(DlpComplianceRules, + [{"op": "add", "path": "NotifyUser", "value": []}]) + + Output := defender.tests with input.dlp_compliance_rules as [DlpComplianceRule] + with input.dlp_compliance_policies as [DlpCompliancePolicies] + with input.scuba_config as ScubaConfig + with input.defender_license as true + with input.defender_dlp_license as true ReportDetailString := "1 rule(s) found that do(es) not notify at least one user: Baseline Rule" TestResult("MS.DEFENDER.4.4v1", Output, ReportDetailString, false) == true } test_NoDLPLicense_Incorrect_4_4_V1 if { - Output := defender.tests with input as { - "defender_license": false, - "defender_dlp_license": false - } + Output := defender.tests with input.defender_license as false + with input.defender_dlp_license as false ReportDetailString := concat(" ", [FAIL, DLPLICENSEWARNSTR]) TestResult("MS.DEFENDER.4.4v1", Output, ReportDetailString, false) == true diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_05_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_05_test.rego index 065e09262..c87dc705d 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_05_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_05_test.rego @@ -10,182 +10,32 @@ import data.utils.key.PASS # Policy MS.DEFENDER.5.1v1 #-- test_Disabled_Correct_V1 if { - Output := defender.tests with input as { - "protection_alerts": [ - { - "Name": "Suspicious email sending patterns detected", - "Disabled": false - }, - { - "Name": "Unusual increase in email reported as phish", - "Disabled": false - }, - { - "Name": "Suspicious Email Forwarding Activity", - "Disabled": false - }, - { - "Name": "Messages have been delayed", - "Disabled": false - }, - { - "Name": "Tenant restricted from sending unprovisioned email", - "Disabled": false - }, - { - "Name": "User restricted from sending email", - "Disabled": false - }, - { - "Name": "Malware campaign detected after delivery", - "Disabled": false - }, - { - "Name": "A potentially malicious URL click was detected", - "Disabled": false - }, - { - "Name": "Suspicious connector activity", - "Disabled": false - } - ] - } + Output := defender.tests with input.protection_alerts as ProtectionAlerts TestResult("MS.DEFENDER.5.1v1", Output, PASS, true) == true } test_Disabled_Correct_V2 if { - Output := defender.tests with input as { - "protection_alerts": [ - { - "Name": "Suspicious email sending patterns detected", - "Disabled": false - }, - { - "Name": "Unusual increase in email reported as phish", - "Disabled": false - }, - { - "Name": "Suspicious Email Forwarding Activity", - "Disabled": false - }, - { - "Name": "Messages have been delayed", - "Disabled": false - }, - { - "Name": "Tenant restricted from sending unprovisioned email", - "Disabled": false - }, - { - "Name": "User restricted from sending email", - "Disabled": false - }, - { - "Name": "Malware campaign detected after delivery", - "Disabled": false - }, - { - "Name": "A potentially malicious URL click was detected", - "Disabled": false - }, - { - "Name": "Suspicious connector activity", - "Disabled": false - }, - { - "Name": "Successful exact data match upload", - "Disabled": false - } - ] - } + Alerts := json.patch(ProtectionAlerts, [{"op": "add", "path": "9", "value": { + "Disabled": false, + "Name": "Successful exact data match upload" + }}]) + Output := defender.tests with input.protection_alerts as Alerts TestResult("MS.DEFENDER.5.1v1", Output, PASS, true) == true } test_Disabled_Incorrect_V1 if { - Output := defender.tests with input as { - "protection_alerts": [ - { - "Name": "Suspicious email sending patterns detected", - "Disabled": true - }, - { - "Name": "Unusual increase in email reported as phish", - "Disabled": false - }, - { - "Name": "Suspicious Email Forwarding Activity", - "Disabled": false - }, - { - "Name": "Messages have been delayed", - "Disabled": false - }, - { - "Name": "Tenant restricted from sending unprovisioned email", - "Disabled": false - }, - { - "Name": "User restricted from sending email", - "Disabled": false - }, - { - "Name": "Malware campaign detected after delivery", - "Disabled": false - }, - { - "Name": "A potentially malicious URL click was detected", - "Disabled": false - }, - { - "Name": "Suspicious connector activity", - "Disabled": false - } - ] - } + Alerts := json.patch(ProtectionAlerts, [{"op": "add", "path": "0/Disabled", "value": true}]) + Output := defender.tests with input.protection_alerts as Alerts ReportDetailString := "1 disabled required alert(s) found: Suspicious email sending patterns detected" TestResult("MS.DEFENDER.5.1v1", Output, ReportDetailString, false) == true } test_Disabled_Incorrect_V2 if { - Output := defender.tests with input as { - "protection_alerts": [ - { - "Name": "Unusual increase in email reported as phish", - "Disabled": false - }, - { - "Name": "Suspicious Email Forwarding Activity", - "Disabled": false - }, - { - "Name": "Messages have been delayed", - "Disabled": false - }, - { - "Name": "Tenant restricted from sending unprovisioned email", - "Disabled": false - }, - { - "Name": "User restricted from sending email", - "Disabled": false - }, - { - "Name": "Malware campaign detected after delivery", - "Disabled": false - }, - { - "Name": "A potentially malicious URL click was detected", - "Disabled": false - }, - { - "Name": "Suspicious connector activity", - "Disabled": false - } - ] - } + Alerts := json.patch(ProtectionAlerts, [{"op": "remove", "path": "0"}]) + Output := defender.tests with input.protection_alerts as Alerts ReportDetailString := "1 disabled required alert(s) found: Suspicious email sending patterns detected" TestResult("MS.DEFENDER.5.1v1", Output, ReportDetailString, false) == true diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_06_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_06_test.rego index 0217d6bf6..db3ef51f0 100644 --- a/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_06_test.rego +++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Defender/DefenderConfig_06_test.rego @@ -11,27 +11,14 @@ import data.utils.report.PolicyLink # Policy MS.DEFENDER.6.1v1 #-- test_AdminAuditLogEnabled_Correct if { - Output := defender.tests with input as { - "admin_audit_log_config": [ - { - "Identity": "Admin Audit Log Settings", - "UnifiedAuditLogIngestionEnabled": true - } - ] - } + Output := defender.tests with input.admin_audit_log_config as [AdminAuditLogConfig] TestResult("MS.DEFENDER.6.1v1", Output, PASS, true) == true } test_AdminAuditLogEnabled_Incorrect if { - Output := defender.tests with input as { - "admin_audit_log_config": [ - { - "Identity": "Admin Audit Log Settings", - "UnifiedAuditLogIngestionEnabled": false - } - ] - } + AdminAudit := json.patch(AdminAuditLogConfig, [{"op": "add", "path": "UnifiedAuditLogIngestionEnabled", "value": false}]) + Output := defender.tests with input.admin_audit_log_config as [AdminAudit] TestResult("MS.DEFENDER.6.1v1", Output, FAIL, false) == true } @@ -41,24 +28,20 @@ test_AdminAuditLogEnabled_Incorrect if { # Policy MS.DEFENDER.6.2v1 #-- test_AdvAudit_Correct if { - Output := defender.tests with input as { - "total_users_without_advanced_audit": 0 - } + Output := defender.tests with input.total_users_without_advanced_audit as 0 TestResult("MS.DEFENDER.6.2v1", Output, PASS, true) == true } test_AdvAudit_Incorrect_V1 if { - Output := defender.tests with input as { - "total_users_without_advanced_audit": 10 - } + Output := defender.tests with input.total_users_without_advanced_audit as 10 + ErrorDetails := concat(" ", [ "Requirement not met.", "10", "tenant users without M365 Advanced Auditing feature assigned.", "To review and assign users the Microsoft 365 Advanced Auditing feature, see %v.", "To get a list of all users without the license feature run the following:", concat("", ["Get-MgBetaUser -Filter \"not assignedPlans/any(a:a/servicePlanId eq ", - "2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')\""] - ), + "2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')\""]), "-ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName" ]) @@ -67,8 +50,7 @@ test_AdvAudit_Incorrect_V1 if { } test_AdvAudit_Incorrect_V2 if { - Output := defender.tests with input as { - } + Output := defender.tests with input as { } ReportDetailString := concat(" ", [ "Requirement not met. Error retrieving license information from tenant. ", @@ -78,9 +60,7 @@ test_AdvAudit_Incorrect_V2 if { } test_AdvAudit_Incorrect_V3 if { - Output := defender.tests with input as { - "total_users_without_advanced_audit": -1 - } + Output := defender.tests with input.total_users_without_advanced_audit as -1 ReportDetailString := concat(" ", [ "Requirement not met. Error retrieving license information from tenant. ",