Skip to content

Commit

Permalink
Merge pull request #384 from Snozzberries/Fix#376
Browse files Browse the repository at this point in the history 
Fix for feature in #376
  • Loading branch information
@f-bader
f-bader committed Jul 25, 2024
2 parents efb3f06 + 4d17d8c commit 6e89109
Showing 1 changed file with 21 additions and 1 deletion.
22 changes: 21 additions & 1 deletion powershell/public/cisa/entra/Test-MtCisaDiagnosticSettings.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,21 @@ function Test-MtCisaDiagnosticSettings {
return $null
}

$cisaLogs = @(
"AuditLogs",
"SignInLogs",
"RiskyUsers",
"UserRiskEvents",
"NonInteractiveUserSignInLogs",
"ServicePrincipalSignInLogs",
"ADFSSignInLogs",
"RiskyServicePrincipals",
"ServicePrincipalRiskEvents",
"EnrichedOffice365AuditLogs",
"MicrosoftGraphActivityLogs",
"ManagedIdentitySignInLogs"
)

$logs = Invoke-AzRestMethod -Method GET -Path "/providers/microsoft.aadiam/diagnosticSettingsCategories?api-version=2017-04-01-preview"
$logs = ($logs.Content|ConvertFrom-Json).value
$logs = ($logs | Where-Object { `
Expand Down Expand Up @@ -65,11 +80,14 @@ function Test-MtCisaDiagnosticSettings {
}
}

$testResult = $unsetLogs.Count -eq 0
$testResult = ($unsetLogs | Where-Object { `
$_ -in $cisaLogs
} | Measure-Object).Count -eq 0

$link = "https://entra.microsoft.com/#view/Microsoft_AAD_IAM/DiagnosticSettingsMenuBlade/~/General"
$resultFail = "❌ Fail"
$resultPass = "✅ Pass"
$resultOptional = "❔ Optional"

if ($testResult) {
$testResultMarkdown = "Well done. Your tenant has [diagnostic settings]($link) configured for all logs."
Expand All @@ -84,6 +102,8 @@ function Test-MtCisaDiagnosticSettings {
$itemResult = $resultFail
if($item.Enabled){
$itemResult = $resultPass
}elseif($item.Log -notin $cisaLogs){
$itemResult = $resultOptional
}
$result += "| $($item.Log) | $($itemResult) |`n"
}
Expand Down

0 comments on commit 6e89109

Please sign in to comment.