Skip to content

Commit fc678be

Browse files
pull[bot]pull[bot]
authored
Merge pull request #19 from KelvinTegelaar/dev
[pull] dev from KelvinTegelaar:dev
2 parents 3c5a0f8 + 743916b commit fc678be

12 files changed

Lines changed: 192 additions & 37 deletions

Modules/CIPPCore/Public/Alerts/Get-CIPPAlertHuntressRogueApps.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ function Get-CIPPAlertHuntressRogueApps {
1818
)
1919

2020
try {
21-
$RogueApps = Invoke-RestMethod -Uri 'https://raw.githubusercontent.com/huntresslabs/rogueapps/main/public/rogueapps.json'
21+
$RogueApps = Invoke-RestMethod -Uri 'https://huntresslabs.github.io/rogueapps/rogueapps.json'
2222
$RogueAppFilter = $RogueApps.appId -join "','"
2323
$ServicePrincipals = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/servicePrincipals?`$filter=appId in ('$RogueAppFilter')" -tenantid $TenantFilter
2424
# If IgnoreDisabledApps is true, filter out disabled service principals

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecSnoozeAlert.ps1

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -22,16 +22,16 @@ function Invoke-ExecSnoozeAlert {
2222

2323
if ([string]::IsNullOrWhiteSpace($CmdletName) -or [string]::IsNullOrWhiteSpace($TenantFilter) -or $null -eq $AlertItem) {
2424
return ([HttpResponseContext]@{
25-
StatusCode = [HttpStatusCode]::BadRequest
26-
Body = @{ Results = 'CmdletName, TenantFilter, and AlertItem are required.' }
27-
})
25+
StatusCode = [HttpStatusCode]::BadRequest
26+
Body = @{ Results = 'CmdletName, TenantFilter, and AlertItem are required.' }
27+
})
2828
}
2929

3030
if ($Duration -notin @(7, 14, 30, -1)) {
3131
return ([HttpResponseContext]@{
32-
StatusCode = [HttpStatusCode]::BadRequest
33-
Body = @{ Results = 'Duration must be 7, 14, 30, or -1 (forever).' }
34-
})
32+
StatusCode = [HttpStatusCode]::BadRequest
33+
Body = @{ Results = 'Duration must be 7, 14, 30, or -1 (forever).' }
34+
})
3535
}
3636

3737
# Compute content hash for this alert item
@@ -67,20 +67,20 @@ function Invoke-ExecSnoozeAlert {
6767
Write-LogMessage -headers $Headers -API $APIName -message $Result -Sev 'Info' -tenant $TenantFilter
6868

6969
return ([HttpResponseContext]@{
70-
StatusCode = [HttpStatusCode]::OK
71-
Body = @{
72-
Results = $Result
73-
ContentHash = $HashResult.ContentHash
74-
SnoozeUntil = $SnoozeUntil
75-
SnoozedBy = $SnoozedBy
76-
}
77-
})
70+
StatusCode = [HttpStatusCode]::OK
71+
Body = @{
72+
Results = $Result
73+
ContentHash = $HashResult.ContentHash
74+
SnoozeUntil = $SnoozeUntil
75+
SnoozedBy = $SnoozedBy
76+
}
77+
})
7878
} catch {
7979
$ErrorMessage = Get-CippException -Exception $_
8080
Write-LogMessage -headers $Headers -API $APIName -message "Failed to snooze alert: $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter
8181
return ([HttpResponseContext]@{
82-
StatusCode = [HttpStatusCode]::InternalServerError
83-
Body = @{ Results = "Failed to snooze alert: $($ErrorMessage.NormalizedError)" }
84-
})
82+
StatusCode = [HttpStatusCode]::InternalServerError
83+
Body = @{ Results = "Failed to snooze alert: $($ErrorMessage.NormalizedError)" }
84+
})
8585
}
8686
}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListSnoozedAlerts.ps1

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,6 @@ function Invoke-ListSnoozedAlerts {
4343
SnoozedBy = $_.SnoozedBy
4444
SnoozedAt = $_.SnoozedAt
4545
SnoozeUntil = $_.SnoozeUntil
46-
IsForever = $IsForever
4746
IsExpired = $IsExpired
4847
RemainingDays = $RemainingDays
4948
Status = if ($IsForever) { 'Forever' } elseif ($IsExpired) { 'Expired' } else { 'Active' }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Endpoint/MEM/Invoke-AddDefenderTemplate.ps1

Lines changed: 136 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,136 @@
1+
function Invoke-AddDefenderTemplate {
2+
<#
3+
.FUNCTIONALITY
4+
Entrypoint
5+
.ROLE
6+
Endpoint.MEM.ReadWrite
7+
#>
8+
[CmdletBinding()]
9+
param($Request, $TriggerMetadata)
10+
11+
$APIName = $Request.Params.CIPPEndpoint
12+
$Headers = $Request.Headers
13+
14+
$TemplateName = $Request.Body.templateName
15+
if (-not $TemplateName) {
16+
return ([HttpResponseContext]@{
17+
StatusCode = [HttpStatusCode]::BadRequest
18+
Body = @{ Results = 'A template name prefix is required.' }
19+
})
20+
}
21+
22+
$PolicySettings = $Request.Body.Policy
23+
$DefenderExclusions = $Request.Body.Exclusion
24+
$ASR = $Request.Body.ASR
25+
$EDR = $Request.Body.EDR
26+
$Package = [string]$Request.Body.package
27+
28+
$Table = Get-CippTable -tablename 'templates'
29+
$Table.Force = $true
30+
31+
$Results = [System.Collections.Generic.List[string]]::new()
32+
33+
try {
34+
if ($PolicySettings) {
35+
$GUID = (New-Guid).GUID
36+
$PolicyJson = Set-CIPPDefenderAVPolicy -PolicySettings $PolicySettings -TemplateOnly
37+
$Object = [PSCustomObject]@{
38+
Displayname = '{0} - AV Policy' -f $TemplateName
39+
Description = ''
40+
RAWJson = (ConvertTo-Json -Depth 15 -Compress -InputObject $PolicyJson)
41+
Type = 'Catalog'
42+
GUID = $GUID
43+
ReusableSettings = @()
44+
} | ConvertTo-Json -Compress
45+
Add-CIPPAzDataTableEntity @Table -Entity @{
46+
JSON = "$Object"
47+
RowKey = "$GUID"
48+
PartitionKey = 'IntuneTemplate'
49+
GUID = "$GUID"
50+
Package = $Package
51+
}
52+
$Results.Add('Successfully created AV Policy template')
53+
Write-LogMessage -headers $Headers -API $APIName -message ("Created Defender AV Policy template '{0} - AV Policy'" -f $TemplateName) -Sev 'Info'
54+
}
55+
56+
if ($ASR) {
57+
$GUID = (New-Guid).GUID
58+
$AsrJson = Set-CIPPDefenderASRPolicy -ASR $ASR -TemplateOnly
59+
$Object = [PSCustomObject]@{
60+
Displayname = '{0} - ASR Policy' -f $TemplateName
61+
Description = ''
62+
RAWJson = (ConvertTo-Json -Depth 15 -Compress -InputObject $AsrJson)
63+
Type = 'Catalog'
64+
GUID = $GUID
65+
ReusableSettings = @()
66+
} | ConvertTo-Json -Compress
67+
Add-CIPPAzDataTableEntity @Table -Entity @{
68+
JSON = "$Object"
69+
RowKey = "$GUID"
70+
PartitionKey = 'IntuneTemplate'
71+
GUID = "$GUID"
72+
Package = $Package
73+
}
74+
$Results.Add('Successfully created ASR Policy template')
75+
Write-LogMessage -headers $Headers -API $APIName -message ("Created Defender ASR Policy template '{0} - ASR Policy'" -f $TemplateName) -Sev 'Info'
76+
}
77+
78+
if ($EDR) {
79+
$GUID = (New-Guid).GUID
80+
$EdrJson = Set-CIPPDefenderEDRPolicy -EDR $EDR -TemplateOnly
81+
if ($EdrJson) {
82+
$Object = [PSCustomObject]@{
83+
Displayname = '{0} - EDR Policy' -f $TemplateName
84+
Description = ''
85+
RAWJson = (ConvertTo-Json -Depth 15 -Compress -InputObject $EdrJson)
86+
Type = 'Catalog'
87+
GUID = $GUID
88+
ReusableSettings = @()
89+
} | ConvertTo-Json -Compress
90+
Add-CIPPAzDataTableEntity @Table -Entity @{
91+
JSON = "$Object"
92+
RowKey = "$GUID"
93+
PartitionKey = 'IntuneTemplate'
94+
GUID = "$GUID"
95+
Package = $Package
96+
}
97+
$Results.Add('Successfully created EDR Policy template')
98+
Write-LogMessage -headers $Headers -API $APIName -message ("Created Defender EDR Policy template '{0} - EDR Policy'" -f $TemplateName) -Sev 'Info'
99+
}
100+
}
101+
102+
if ($DefenderExclusions) {
103+
$GUID = (New-Guid).GUID
104+
$ExclusionJson = Set-CIPPDefenderExclusionPolicy -DefenderExclusions $DefenderExclusions -TemplateOnly
105+
if ($ExclusionJson) {
106+
$Object = [PSCustomObject]@{
107+
Displayname = '{0} - AV Exclusion Policy' -f $TemplateName
108+
Description = ''
109+
RAWJson = (ConvertTo-Json -Depth 15 -Compress -InputObject $ExclusionJson)
110+
Type = 'Catalog'
111+
GUID = $GUID
112+
ReusableSettings = @()
113+
} | ConvertTo-Json -Compress
114+
Add-CIPPAzDataTableEntity @Table -Entity @{
115+
JSON = "$Object"
116+
RowKey = "$GUID"
117+
PartitionKey = 'IntuneTemplate'
118+
GUID = "$GUID"
119+
Package = $Package
120+
}
121+
$Results.Add('Successfully created AV Exclusion Policy template')
122+
Write-LogMessage -headers $Headers -API $APIName -message ("Created Defender AV Exclusion Policy template '{0} - AV Exclusion Policy'" -f $TemplateName) -Sev 'Info'
123+
}
124+
}
125+
} catch {
126+
$ErrorMessage = Get-CippException -Exception $_
127+
$FullError = "Failed to create template: $($ErrorMessage.NormalizedMessage) | $($_.InvocationInfo.ScriptName):$($_.InvocationInfo.ScriptLineNumber) | $($_.Exception.GetType().FullName)"
128+
$Results.Add($FullError)
129+
Write-LogMessage -headers $Headers -API $APIName -message $FullError -Sev 'Error' -LogData $ErrorMessage
130+
}
131+
132+
return ([HttpResponseContext]@{
133+
StatusCode = [HttpStatusCode]::OK
134+
Body = @{ Results = @($Results) }
135+
})
136+
}

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Invoke-AddTestReport.ps1

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ function Invoke-AddTestReport {
1818
if ([string]::IsNullOrEmpty($Body.name)) {
1919
throw 'Report name is required'
2020
}
21+
if ($Body.name.Length -gt 256) {
22+
throw 'Report name must be 256 characters or fewer'
23+
}
2124

2225
$IsUpdate = -not [string]::IsNullOrWhiteSpace([string]$Body.ReportId)
2326
$ReportTable = Get-CippTable -tablename 'CippReportTemplates'

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tools/Invoke-ExecReportBuilderTemplate.ps1

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ function Invoke-ExecReportBuilderTemplate {
2222
if ([string]::IsNullOrEmpty($Body.Name)) {
2323
throw 'Template name is required'
2424
}
25+
if ($Body.Name.Length -gt 256) {
26+
throw 'Template name must be 256 characters or fewer'
27+
}
2528

2629
$GUID = if ($Body.GUID) { $Body.GUID } else { (New-Guid).GUID }
2730
$JSON = ConvertTo-Json -InputObject @{

Modules/CIPPCore/Public/Send-CIPPScheduledTaskAlert.ps1

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ function Send-CIPPScheduledTaskAlert {
9292
<td style="padding:0 6px 0 0;"><table cellpadding="0" cellspacing="0" border="0"><tr><td style="background-color:#0078d4;padding:6px 14px;"><a href="${BaseLink}&duration=7" style="color:#ffffff;font-size:12px;font-weight:600;text-decoration:none;white-space:nowrap;">7 Days</a></td></tr></table></td>
9393
<td style="padding:0 6px 0 0;"><table cellpadding="0" cellspacing="0" border="0"><tr><td style="background-color:#0078d4;padding:6px 14px;"><a href="${BaseLink}&duration=14" style="color:#ffffff;font-size:12px;font-weight:600;text-decoration:none;white-space:nowrap;">14 Days</a></td></tr></table></td>
9494
<td style="padding:0 6px 0 0;"><table cellpadding="0" cellspacing="0" border="0"><tr><td style="background-color:#ff9800;padding:6px 14px;"><a href="${BaseLink}&duration=30" style="color:#ffffff;font-size:12px;font-weight:600;text-decoration:none;white-space:nowrap;">30 Days</a></td></tr></table></td>
95-
<td style="padding:0;"><table cellpadding="0" cellspacing="0" border="0"><tr><td style="background-color:#d32f2f;padding:6px 14px;"><a href="${BaseLink}&duration=-1" style="color:#ffffff;font-size:12px;font-weight:600;text-decoration:none;white-space:nowrap;">Forever</a></td></tr></table></td>
95+
<td style="padding:0;"><table cellpadding="0" cellspacing="0" border="0"><tr><td style="background-color:#d32f2f;padding:6px 14px;"><a href="${BaseLink}&duration=90" style="color:#ffffff;font-size:12px;font-weight:600;text-decoration:none;white-space:nowrap;">90 Days</a></td></tr></table></td>
9696
</tr></table>
9797
</td></tr>
9898
</table>

Modules/CIPPCore/Public/Set-CIPPDefenderASRPolicy.ps1

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ function Set-CIPPDefenderASRPolicy {
88
[string]$TenantFilter,
99
$ASR,
1010
$Headers,
11-
[string]$APIName
11+
[string]$APIName,
12+
[switch]$TemplateOnly
1213
)
1314

1415
# Fallback to block mode
@@ -52,7 +53,7 @@ function Set-CIPPDefenderASRPolicy {
5253
}
5354
}
5455

55-
$ASRbody = ConvertTo-Json -Depth 15 -Compress -InputObject @{
56+
$ASRBodyObj = @{
5657
name = 'ASR Default rules'
5758
description = ''
5859
platforms = 'windows10'
@@ -70,6 +71,9 @@ function Set-CIPPDefenderASRPolicy {
7071
})
7172
}
7273

74+
if ($TemplateOnly) { return $ASRBodyObj }
75+
76+
$ASRbody = ConvertTo-Json -Depth 15 -Compress -InputObject $ASRBodyObj
7377
$CheckExistingASR = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $TenantFilter
7478
if ('ASR Default rules' -in $CheckExistingASR.Name) {
7579
"$($TenantFilter): ASR Policy already exists. Skipping"

Modules/CIPPCore/Public/Set-CIPPDefenderAVPolicy.ps1

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ function Set-CIPPDefenderAVPolicy {
88
[string]$TenantFilter,
99
$PolicySettings,
1010
$Headers,
11-
[string]$APIName
11+
[string]$APIName,
12+
[switch]$TemplateOnly
1213
)
1314

1415
# Builds a choice-type setting entry
@@ -157,19 +158,23 @@ function Set-CIPPDefenderAVPolicy {
157158
})
158159
}
159160

161+
$PolBodyObj = @{
162+
name = 'Default AV Policy'
163+
description = ''
164+
platforms = 'windows10'
165+
technologies = 'mdm,microsoftSense'
166+
roleScopeTagIds = @('0')
167+
templateReference = @{ templateId = '804339ad-1553-4478-a742-138fb5807418_1' }
168+
settings = @($Settings)
169+
}
170+
171+
if ($TemplateOnly) { return $PolBodyObj }
172+
160173
$CheckExisting = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $TenantFilter
161174
if ('Default AV Policy' -in $CheckExisting.Name) {
162175
"$($TenantFilter): AV Policy already exists. Skipping"
163176
} else {
164-
$PolBody = ConvertTo-Json -Depth 10 -Compress -InputObject @{
165-
name = 'Default AV Policy'
166-
description = ''
167-
platforms = 'windows10'
168-
technologies = 'mdm,microsoftSense'
169-
roleScopeTagIds = @('0')
170-
templateReference = @{ templateId = '804339ad-1553-4478-a742-138fb5807418_1' }
171-
settings = @($Settings)
172-
}
177+
$PolBody = ConvertTo-Json -Depth 10 -Compress -InputObject $PolBodyObj
173178

174179
$PolicyRequest = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $TenantFilter -type POST -body $PolBody
175180
if ($PolicySettings.AssignTo -ne 'None') {

Modules/CIPPCore/Public/Set-CIPPDefenderEDRPolicy.ps1

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ function Set-CIPPDefenderEDRPolicy {
88
[string]$TenantFilter,
99
$EDR,
1010
$Headers,
11-
[string]$APIName
11+
[string]$APIName,
12+
[switch]$TemplateOnly
1213
)
1314

1415
$EDRSettings = [System.Collections.Generic.List[object]]::new()
@@ -57,7 +58,7 @@ function Set-CIPPDefenderEDRPolicy {
5758
}
5859

5960
if (($EDRSettings | Measure-Object).Count -gt 0) {
60-
$EDRbody = ConvertTo-Json -Depth 15 -Compress -InputObject @{
61+
$EDRBodyObj = @{
6162
name = 'EDR Configuration'
6263
description = ''
6364
platforms = 'windows10'
@@ -66,6 +67,8 @@ function Set-CIPPDefenderEDRPolicy {
6667
templateReference = @{templateId = '0385b795-0f2f-44ac-8602-9f65bf6adede_1' }
6768
settings = @($EDRSettings)
6869
}
70+
if ($TemplateOnly) { return $EDRBodyObj }
71+
$EDRbody = ConvertTo-Json -Depth 15 -Compress -InputObject $EDRBodyObj
6972
Write-Host ($EDRbody)
7073
$CheckExistingEDR = New-GraphGETRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/configurationPolicies' -tenantid $TenantFilter | Where-Object -Property Name -EQ 'EDR Configuration'
7174
if ($CheckExistingEDR) {

0 commit comments

Comments
 (0)