Skip to content

Commit 97bafbe

Browse files
Add "Drop" method
1 parent 117c0ef commit 97bafbe

1 file changed

Lines changed: 33 additions & 5 deletions

File tree

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertSecureScore.ps1

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,11 @@ function Get-CippAlertSecureScore {
1212
$TenantFilter
1313
)
1414
try {
15-
$SecureScore = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/security/secureScores?$top=1' -tenantid $TenantFilter -noPagination $true
16-
if ($InputValue.ThresholdType.value -eq "absolute") {
15+
$TopCount = if ($InputValue.ThresholdType.value -eq 'drop') { 2 } else { 1 }
16+
$SecureScores = @(New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/security/secureScores?`$top=$TopCount" -tenantid $TenantFilter -noPagination $true)
17+
$SecureScore = $SecureScores[0]
18+
19+
if ($InputValue.ThresholdType.value -eq 'absolute') {
1720
if ($SecureScore.currentScore -lt $InputValue.InputValue) {
1821
$SecureScoreResult = [PSCustomObject]@{
1922
Message = "Secure Score is below acceptable threshold"
@@ -24,21 +27,46 @@ function Get-CippAlertSecureScore {
2427
} else {
2528
$SecureScoreResult = @()
2629
}
27-
} elseif ($InputValue.ThresholdType.value -eq "percent") {
28-
$PercentageScore = [math]::Round((($SecureScore.currentScore / $SecureScore.maxScore) * 100),2)
30+
} elseif ($InputValue.ThresholdType.value -eq 'percent') {
31+
$PercentageScore = [math]::Round((($SecureScore.currentScore / $SecureScore.maxScore) * 100), 2)
2932
if ($PercentageScore -lt $InputValue.InputValue) {
3033
$SecureScoreResult = [PSCustomObject]@{
3134
Message = "Secure Score is below acceptable threshold"
3235
Tenant = $TenantFilter
3336
CurrentScore = $SecureScore.currentScore
3437
MaxScore = $SecureScore.maxScore
35-
CurrentScorePercentage = [math]::Round($PercentageScore,2)
38+
CurrentScorePercentage = [math]::Round($PercentageScore, 2)
3639
ScoreThresholdPercentage = $InputValue.InputValue
3740
}
3841
} else {
3942
$SecureScoreResult = @()
4043
}
44+
} elseif ($InputValue.ThresholdType.value -eq 'drop') {
45+
if ($SecureScores.Count -ge 2) {
46+
$PreviousScore = $SecureScores[1]
47+
if ($PreviousScore.currentScore -gt 0) {
48+
$DropPercentage = [math]::Round((($PreviousScore.currentScore - $SecureScore.currentScore) / $PreviousScore.currentScore) * 100, 2)
49+
if ($DropPercentage -ge $InputValue.InputValue) {
50+
$SecureScoreResult = [PSCustomObject]@{
51+
Message = "Secure Score dropped by $DropPercentage% (from $($PreviousScore.currentScore) to $($SecureScore.currentScore))"
52+
Tenant = $TenantFilter
53+
CurrentScore = $SecureScore.currentScore
54+
PreviousScore = $PreviousScore.currentScore
55+
MaxScore = $SecureScore.maxScore
56+
DropPercentage = $DropPercentage
57+
DropThreshold = $InputValue.InputValue
58+
}
59+
} else {
60+
$SecureScoreResult = @()
61+
}
62+
} else {
63+
$SecureScoreResult = @()
64+
}
65+
} else {
66+
$SecureScoreResult = @()
67+
}
4168
}
69+
4270
if ($SecureScoreResult) {
4371
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $SecureScoreResult -PartitionKey SecureScore
4472
}

0 commit comments

Comments
 (0)