@@ -12,8 +12,11 @@ function Get-CippAlertSecureScore {
1212 $TenantFilter
1313 )
1414 try {
15- $SecureScore = New-GraphGetRequest - uri ' https://graph.microsoft.com/v1.0/security/secureScores?$top=1' - tenantid $TenantFilter - noPagination $true
16- if ($InputValue.ThresholdType.value -eq " absolute" ) {
15+ $TopCount = if ($InputValue.ThresholdType.value -eq ' drop' ) { 2 } else { 1 }
16+ $SecureScores = @ (New-GraphGetRequest - uri " https://graph.microsoft.com/v1.0/security/secureScores?`$ top=$TopCount " - tenantid $TenantFilter - noPagination $true )
17+ $SecureScore = $SecureScores [0 ]
18+
19+ if ($InputValue.ThresholdType.value -eq ' absolute' ) {
1720 if ($SecureScore.currentScore -lt $InputValue.InputValue ) {
1821 $SecureScoreResult = [PSCustomObject ]@ {
1922 Message = " Secure Score is below acceptable threshold"
@@ -24,21 +27,46 @@ function Get-CippAlertSecureScore {
2427 } else {
2528 $SecureScoreResult = @ ()
2629 }
27- } elseif ($InputValue.ThresholdType.value -eq " percent" ) {
28- $PercentageScore = [math ]::Round((($SecureScore.currentScore / $SecureScore.maxScore ) * 100 ), 2 )
30+ } elseif ($InputValue.ThresholdType.value -eq ' percent' ) {
31+ $PercentageScore = [math ]::Round((($SecureScore.currentScore / $SecureScore.maxScore ) * 100 ), 2 )
2932 if ($PercentageScore -lt $InputValue.InputValue ) {
3033 $SecureScoreResult = [PSCustomObject ]@ {
3134 Message = " Secure Score is below acceptable threshold"
3235 Tenant = $TenantFilter
3336 CurrentScore = $SecureScore.currentScore
3437 MaxScore = $SecureScore.maxScore
35- CurrentScorePercentage = [math ]::Round($PercentageScore , 2 )
38+ CurrentScorePercentage = [math ]::Round($PercentageScore , 2 )
3639 ScoreThresholdPercentage = $InputValue.InputValue
3740 }
3841 } else {
3942 $SecureScoreResult = @ ()
4043 }
44+ } elseif ($InputValue.ThresholdType.value -eq ' drop' ) {
45+ if ($SecureScores.Count -ge 2 ) {
46+ $PreviousScore = $SecureScores [1 ]
47+ if ($PreviousScore.currentScore -gt 0 ) {
48+ $DropPercentage = [math ]::Round((($PreviousScore.currentScore - $SecureScore.currentScore ) / $PreviousScore.currentScore ) * 100 , 2 )
49+ if ($DropPercentage -ge $InputValue.InputValue ) {
50+ $SecureScoreResult = [PSCustomObject ]@ {
51+ Message = " Secure Score dropped by $DropPercentage % (from $ ( $PreviousScore.currentScore ) to $ ( $SecureScore.currentScore ) )"
52+ Tenant = $TenantFilter
53+ CurrentScore = $SecureScore.currentScore
54+ PreviousScore = $PreviousScore.currentScore
55+ MaxScore = $SecureScore.maxScore
56+ DropPercentage = $DropPercentage
57+ DropThreshold = $InputValue.InputValue
58+ }
59+ } else {
60+ $SecureScoreResult = @ ()
61+ }
62+ } else {
63+ $SecureScoreResult = @ ()
64+ }
65+ } else {
66+ $SecureScoreResult = @ ()
67+ }
4168 }
69+
4270 if ($SecureScoreResult ) {
4371 Write-AlertTrace - cmdletName $MyInvocation.MyCommand - tenantFilter $TenantFilter - data $SecureScoreResult - PartitionKey SecureScore
4472 }
0 commit comments