Skip to content

Commit f3cc50b

Browse files
authored
Merge pull request #945 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 5e4fd22 + a96f209 commit f3cc50b

3 files changed

Lines changed: 93 additions & 5 deletions

File tree

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
function Get-CIPPAlertCheckExtension {
2+
<#
3+
.FUNCTIONALITY
4+
Entrypoint
5+
#>
6+
[CmdletBinding()]
7+
param (
8+
[Parameter(Mandatory)]
9+
$TenantFilter,
10+
[Alias('input')]
11+
$InputValue
12+
)
13+
14+
try {
15+
$CheckTable = Get-CippTable -tablename 'CheckExtensionAlerts'
16+
$LastRunTable = Get-CippTable -tablename 'AlertLastRun'
17+
$LastRunKey = "$TenantFilter-Get-CIPPAlertCheckExtension"
18+
19+
# Get the last run timestamp for this tenant to only fetch new alerts
20+
$LastRun = Get-CIPPAzDataTableEntity @LastRunTable -Filter "PartitionKey eq 'AlertLastRun' and RowKey eq '$LastRunKey'" | Select-Object -First 1
21+
$Since = if ($LastRun.Timestamp) {
22+
$LastRun.Timestamp.UtcDateTime
23+
} else {
24+
(Get-Date).AddDays(-1).ToUniversalTime()
25+
}
26+
$SinceString = $Since.ToString('yyyy-MM-ddTHH:mm:ssZ')
27+
28+
$CheckAlerts = Get-CIPPAzDataTableEntity @CheckTable -Filter "PartitionKey eq 'CheckAlert' and tenantFilter eq '$TenantFilter' and Timestamp ge datetime'$SinceString'"
29+
30+
$AlertData = foreach ($Alert in $CheckAlerts) {
31+
[PSCustomObject]@{
32+
Message = "Phishing alert: $($Alert.type) detected for user $($Alert.potentialUserName) at URL $($Alert.url) - $($Alert.reason)"
33+
Type = $Alert.type
34+
URL = $Alert.url
35+
Reason = $Alert.reason
36+
Score = $Alert.score
37+
Threshold = $Alert.threshold
38+
PotentialUserName = $Alert.potentialUserName
39+
PotentialUserDisplayName = $Alert.potentialUserDisplayName
40+
ReportedByIP = $Alert.reportedByIP
41+
Tenant = $TenantFilter
42+
}
43+
}
44+
45+
if ($AlertData) {
46+
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
47+
}
48+
} catch {
49+
$ErrorMessage = Get-CippException -Exception $_
50+
Write-AlertMessage -message "Check Extension alert failed: $($ErrorMessage.NormalizedError)" -tenant $TenantFilter -LogData $ErrorMessage
51+
}
52+
}

Modules/CIPPAlerts/Public/Alerts/Get-CIPPAlertSecureScore.ps1

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,11 @@ function Get-CippAlertSecureScore {
1212
$TenantFilter
1313
)
1414
try {
15-
$SecureScore = New-GraphGetRequest -uri 'https://graph.microsoft.com/v1.0/security/secureScores?$top=1' -tenantid $TenantFilter -noPagination $true
16-
if ($InputValue.ThresholdType.value -eq "absolute") {
15+
$TopCount = if ($InputValue.ThresholdType.value -eq 'drop') { 2 } else { 1 }
16+
$SecureScores = @(New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/security/secureScores?`$top=$TopCount" -tenantid $TenantFilter -noPagination $true)
17+
$SecureScore = $SecureScores[0]
18+
19+
if ($InputValue.ThresholdType.value -eq 'absolute') {
1720
if ($SecureScore.currentScore -lt $InputValue.InputValue) {
1821
$SecureScoreResult = [PSCustomObject]@{
1922
Message = "Secure Score is below acceptable threshold"
@@ -24,21 +27,46 @@ function Get-CippAlertSecureScore {
2427
} else {
2528
$SecureScoreResult = @()
2629
}
27-
} elseif ($InputValue.ThresholdType.value -eq "percent") {
28-
$PercentageScore = [math]::Round((($SecureScore.currentScore / $SecureScore.maxScore) * 100),2)
30+
} elseif ($InputValue.ThresholdType.value -eq 'percent') {
31+
$PercentageScore = [math]::Round((($SecureScore.currentScore / $SecureScore.maxScore) * 100), 2)
2932
if ($PercentageScore -lt $InputValue.InputValue) {
3033
$SecureScoreResult = [PSCustomObject]@{
3134
Message = "Secure Score is below acceptable threshold"
3235
Tenant = $TenantFilter
3336
CurrentScore = $SecureScore.currentScore
3437
MaxScore = $SecureScore.maxScore
35-
CurrentScorePercentage = [math]::Round($PercentageScore,2)
38+
CurrentScorePercentage = [math]::Round($PercentageScore, 2)
3639
ScoreThresholdPercentage = $InputValue.InputValue
3740
}
3841
} else {
3942
$SecureScoreResult = @()
4043
}
44+
} elseif ($InputValue.ThresholdType.value -eq 'drop') {
45+
if ($SecureScores.Count -ge 2) {
46+
$PreviousScore = $SecureScores[1]
47+
if ($PreviousScore.currentScore -gt 0) {
48+
$DropPercentage = [math]::Round((($PreviousScore.currentScore - $SecureScore.currentScore) / $PreviousScore.currentScore) * 100, 2)
49+
if ($DropPercentage -ge $InputValue.InputValue) {
50+
$SecureScoreResult = [PSCustomObject]@{
51+
Message = "Secure Score dropped by $DropPercentage% (from $($PreviousScore.currentScore) to $($SecureScore.currentScore))"
52+
Tenant = $TenantFilter
53+
CurrentScore = $SecureScore.currentScore
54+
PreviousScore = $PreviousScore.currentScore
55+
MaxScore = $SecureScore.maxScore
56+
DropPercentage = $DropPercentage
57+
DropThreshold = $InputValue.InputValue
58+
}
59+
} else {
60+
$SecureScoreResult = @()
61+
}
62+
} else {
63+
$SecureScoreResult = @()
64+
}
65+
} else {
66+
$SecureScoreResult = @()
67+
}
4168
}
69+
4270
if ($SecureScoreResult) {
4371
Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $SecureScoreResult -PartitionKey SecureScore
4472
}

Modules/CIPPCore/Public/Entrypoints/Timer Functions/Start-CIPPStatsTimer.ps1

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,11 @@ function Start-CIPPStatsTimer {
2323
$RawExt = @{}
2424
}
2525

26+
$ConfigTable = Get-CIPPTable -tablename 'Config'
27+
$FunctionOffloading = (Get-CIPPAzDataTableEntity @ConfigTable -Filter "RowKey eq 'OffloadFunctions' and PartitionKey eq 'OffloadFunctions'").state
28+
$OffloadingEnabled = $false
29+
[bool]::TryParse($FunctionOffloading, [ref]$OffloadingEnabled) | Out-Null
30+
2631
# Get counts of various entities across all tenants
2732
$counts = Get-CIPPDbItem -TenantFilter AllTenants -CountsOnly
2833
$userCount = ($counts | Where-Object { $_.RowKey -eq 'Users-Count' } | Measure-Object -Property DataCount -Sum).Sum
@@ -34,6 +39,8 @@ function Start-CIPPStatsTimer {
3439
$SendingObject = [PSCustomObject]@{
3540
rgid = $env:WEBSITE_SITE_NAME
3641
SetupComplete = $SetupComplete
42+
Hosted = $env:CIPP_HOSTED -eq 'true'
43+
OffloadingEnabled = $OffloadingEnabled
3744
RunningVersionAPI = $APIVersion.trim()
3845
CountOfTotalTenants = $TenantCount
3946
uid = $env:TenantID
@@ -53,6 +60,7 @@ function Start-CIPPStatsTimer {
5360
CFZTNA = $RawExt.CFZTNA.Enabled
5461
GitHub = $RawExt.GitHub.Enabled
5562
} | ConvertTo-Json
63+
5664
try {
5765
Invoke-CIPPRestMethod -Uri 'https://management.cipp.app/api/stats' -Method POST -Body $SendingObject -ContentType 'application/json'
5866
} catch {

0 commit comments

Comments
 (0)