Skip to content

Commit a96f209

Browse files
Check Alert
1 parent 97bafbe commit a96f209

1 file changed

Lines changed: 52 additions & 0 deletions

File tree

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
function Get-CIPPAlertCheckExtension {
2+
<#
3+
.FUNCTIONALITY
4+
Entrypoint
5+
#>
6+
[CmdletBinding()]
7+
param (
8+
[Parameter(Mandatory)]
9+
$TenantFilter,
10+
[Alias('input')]
11+
$InputValue
12+
)
13+
14+
try {
15+
$CheckTable = Get-CippTable -tablename 'CheckExtensionAlerts'
16+
$LastRunTable = Get-CippTable -tablename 'AlertLastRun'
17+
$LastRunKey = "$TenantFilter-Get-CIPPAlertCheckExtension"
18+
19+
# Get the last run timestamp for this tenant to only fetch new alerts
20+
$LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter "PartitionKey eq 'AlertLastRun' and RowKey eq '$LastRunKey'" | Select-Object -First 1
21+
$Since = if ($LastRun.Timestamp) {
22+
$LastRun.Timestamp.UtcDateTime
23+
} else {
24+
(Get-Date).AddDays(-1).ToUniversalTime()
25+
}
26+
$SinceString = $Since.ToString('yyyy-MM-ddTHH:mm:ssZ')
27+
28+
$CheckAlerts = Get-CIPPAzDataTableEntity @CheckTable -Filter "PartitionKey eq 'CheckAlert' and tenantFilter eq '$TenantFilter' and Timestamp ge datetime'$SinceString'"
29+
30+
$AlertData = foreach ($Alert in $CheckAlerts) {
31+
[PSCustomObject]@{
32+
Message = "Phishing alert: $($Alert.type) detected for user $($Alert.potentialUserName) at URL $($Alert.url) - $($Alert.reason)"
33+
Type = $Alert.type
34+
URL = $Alert.url
35+
Reason = $Alert.reason
36+
Score = $Alert.score
37+
Threshold = $Alert.threshold
38+
PotentialUserName = $Alert.potentialUserName
39+
PotentialUserDisplayName = $Alert.potentialUserDisplayName
40+
ReportedByIP = $Alert.reportedByIP
41+
Tenant = $TenantFilter
42+
}
43+
}
44+
45+
if ($AlertData) {
46+
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
47+
}
48+
} catch {
49+
$ErrorMessage = Get-CippException -Exception $_
50+
Write-AlertMessage -message "Check Extension alert failed: $($ErrorMessage.NormalizedError)" -tenant $TenantFilter -LogData $ErrorMessage
51+
}
52+
}

0 commit comments

Comments
 (0)