From 29418460bde6a1913b1de084770f761218801069 Mon Sep 17 00:00:00 2001 From: silverhack Date: Fri, 9 Aug 2024 15:36:22 +0200 Subject: [PATCH] update collectors --- .../Get-MonkeyAADDirectoryRole.ps1 | 36 +---- .../Get-MonkeyAADExternalCollaboration.ps1 | 32 ++++- .../aad/msgraph/groups/Get-MonkeyAADGroup.ps1 | 2 +- ...onkeyAADIdentityProtectionNotification.ps1 | 117 +++++++++++++++ .../pim/IAM/Get-MonkeyPIMRoleAssignment.ps1} | 4 +- .../security/Get-MonkeyAADSecureScore.ps1 | 2 +- ...Get-MonkeyAADSecureScoreControlProfile.ps1 | 6 +- .../Get-MonkeyADDirectoryProperty.ps1 | 9 ++ ...edApplicationUserConfiguration - Copy.ps1} | 0 ...MonkeyEntraIDPortalAdminConsentSetting.ps1 | 135 ++++++++++++++++++ .../Get-MonkeyCopilotForAzurePolicy.ps1 | 119 +++++++++++++++ .../Get-MonkeyEXOATPBuiltInProtectionRule.ps1 | 118 +++++++++++++++ .../Get-MonkeyEXOEmailTenantSetting.ps1 | 125 ++++++++++++++++ 13 files changed, 661 insertions(+), 44 deletions(-) create mode 100644 collectors/aad/msgraph/identity/Get-MonkeyAADIdentityProtectionNotification.ps1 rename collectors/aad/{pim/IAM/Get-MonkeyEntraRoleDefinition.ps1 => msgraph/pim/IAM/Get-MonkeyPIMRoleAssignment.ps1} (97%) rename collectors/aad/portal/managed_applications/{Get-MonkeyADManagedApplicationUserConfiguration.ps1 => Get-MonkeyADManagedApplicationUserConfiguration - Copy.ps1} (100%) create mode 100644 collectors/aad/portal/managed_applications/Get-MonkeyEntraIDPortalAdminConsentSetting.ps1 create mode 100644 collectors/azure/general/Get-MonkeyCopilotForAzurePolicy.ps1 create mode 100644 collectors/m365/ExchangeOnline/ATP/Get-MonkeyEXOATPBuiltInProtectionRule.ps1 create mode 100644 collectors/m365/ExchangeOnline/Organisation/Get-MonkeyEXOEmailTenantSetting.ps1 diff --git a/collectors/aad/msgraph/directoryroles/Get-MonkeyAADDirectoryRole.ps1 b/collectors/aad/msgraph/directoryroles/Get-MonkeyAADDirectoryRole.ps1 index b2fafec5..a845ae71 100644 --- a/collectors/aad/msgraph/directoryroles/Get-MonkeyAADDirectoryRole.ps1 +++ b/collectors/aad/msgraph/directoryroles/Get-MonkeyAADDirectoryRole.ps1 @@ -89,46 +89,20 @@ function Get-MonkeyAADDirectoryRole { MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Microsoft Entra ID Directory Roles",$O365Object.TenantID); callStack = (Get-PSCallStack | Select-Object -First 1); logLevel = 'info'; - InformationAction = $InformationAction; + InformationAction = $O365Object.InformationAction; Tags = @('AzureMSGraphDirectoryRole'); } Write-Information @msg - #Get Role Assignment - $p = @{ - APIVersion = $aadConf.api_version; - InformationAction = $O365Object.InformationAction; - Verbose = $O365Object.Verbose; - Debug = $O365Object.Debug; - } - $directory_roles = Get-MonkeyMSGraphAADRoleAssignment @p - #Get AAD role assignment + #Get Entra ID role assignment $p = @{ InformationAction = $O365Object.InformationAction; Verbose = $O365Object.Verbose; Debug = $O365Object.Debug; } - $aad_role_assignment = Get-MonkeyMSGraphAADDirectoryRole @p + $aad_role_assignment = Get-MonkeyMSGraphEntraRoleAssignment @p } - end { - if ($directory_roles) { - $directory_roles.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.DirectoryRoles') - [pscustomobject]$obj = @{ - Data = $directory_roles; - Metadata = $monkey_metadata; - } - $returnData.aad_directory_roles = $obj - } - else { - $msg = @{ - MessageData = ($message.MonkeyEmptyResponseMessage -f "Directory roles",$O365Object.TenantID); - callStack = (Get-PSCallStack | Select-Object -First 1); - logLevel = 'verbose'; - Tags = @('AzureGraphUsersEmptyResponse'); - Verbose = $O365Object.Verbose; - } - Write-Verbose @msg - } - if ($aad_role_assignment) { + End { + If ($aad_role_assignment) { $aad_role_assignment.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.RoleAssignment') [pscustomobject]$obj = @{ Data = $aad_role_assignment; diff --git a/collectors/aad/msgraph/externalCollaboration/Get-MonkeyAADExternalCollaboration.ps1 b/collectors/aad/msgraph/externalCollaboration/Get-MonkeyAADExternalCollaboration.ps1 index 769d62ee..5ff49287 100644 --- a/collectors/aad/msgraph/externalCollaboration/Get-MonkeyAADExternalCollaboration.ps1 +++ b/collectors/aad/msgraph/externalCollaboration/Get-MonkeyAADExternalCollaboration.ps1 @@ -83,6 +83,8 @@ function Get-MonkeyAADExternalCollaboration { break } $externalCollaboration = $ctAccessPolicy = $null + #Set PsObject + $crossTenantAccessPolicyObj = New-MonkeyEntraCrossTenantAccessPolicyObject } process { $msg = @{ @@ -101,27 +103,45 @@ function Get-MonkeyAADExternalCollaboration { Debug = $O365Object.Debug; } $externalCollaboration = Get-MonkeyMSGraphExternalCollaborationSetting @p + #Get default cross-tenant access policy + $p = @{ + APIVersion = $aadConf.api_version; + Default = $true; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Debug = $O365Object.Debug; + } + $crossTenantAccessPolicyObj.defaultCrossTenantAccessPolicy = Get-MonkeyMSGraphcrossTenantAccessPolicy @p + #Get cross-tenant access policies for partners + $p = @{ + APIVersion = $aadConf.api_version; + Partner = $true; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Debug = $O365Object.Debug; + } + $crossTenantAccessPolicyObj.partnerCrossTenantAccessPolicy = Get-MonkeyMSGraphcrossTenantAccessPolicy @p #Get cross-tenant access policy - $p = @{ + $p = @{ APIVersion = $aadConf.api_version; InformationAction = $O365Object.InformationAction; Verbose = $O365Object.Verbose; Debug = $O365Object.Debug; } - $ctAccessPolicy = Get-MonkeyMSGraphcrossTenantAccessPolicy @p + $crossTenantAccessPolicyObj.crossTenantAccessPolicy = Get-MonkeyMSGraphcrossTenantAccessPolicy @p } end { - if ($null -ne $ctAccessPolicy) { - $ctAccessPolicy.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.CrossTenantAccessPolicy') + if ($null -ne $crossTenantAccessPolicyObj) { + $crossTenantAccessPolicyObj.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.CrossTenantAccessPolicy') [pscustomobject]$obj = @{ - Data = $ctAccessPolicy; + Data = $crossTenantAccessPolicyObj; Metadata = $monkey_metadata; } $returnData.aad_cross_tenant_accessPolicy = $obj; } else { $msg = @{ - MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Entra ID Cross-Tenant access policy",$O365Object.TenantID); + MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Entra ID cross-tenant access policy",$O365Object.TenantID); callStack = (Get-PSCallStack | Select-Object -First 1); logLevel = "verbose"; InformationAction = $O365Object.InformationAction; diff --git a/collectors/aad/msgraph/groups/Get-MonkeyAADGroup.ps1 b/collectors/aad/msgraph/groups/Get-MonkeyAADGroup.ps1 index 67006645..47460c59 100644 --- a/collectors/aad/msgraph/groups/Get-MonkeyAADGroup.ps1 +++ b/collectors/aad/msgraph/groups/Get-MonkeyAADGroup.ps1 @@ -103,7 +103,7 @@ function Get-MonkeyAADGroup { } end { if ($null -ne $groups) { - $domains.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.GroupInfo') + $groups.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.GroupInfo') [pscustomobject]$obj = @{ Data = $groups; Metadata = $monkey_metadata; diff --git a/collectors/aad/msgraph/identity/Get-MonkeyAADIdentityProtectionNotification.ps1 b/collectors/aad/msgraph/identity/Get-MonkeyAADIdentityProtectionNotification.ps1 new file mode 100644 index 00000000..64bff7eb --- /dev/null +++ b/collectors/aad/msgraph/identity/Get-MonkeyAADIdentityProtectionNotification.ps1 @@ -0,0 +1,117 @@ +# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +function Get-MonkeyAADIdentityProtectionNotification { +<# + .SYNOPSIS + Collector to get notification settings for Entra ID Identity Protection + + .DESCRIPTION + Collector to get notification settings for Entra ID Identity Protection + + .INPUTS + + .OUTPUTS + + .EXAMPLE + + .NOTES + Author : Juan Garrido + Twitter : @tr1ana + File Name : Get-MonkeyAADIdentityProtectionNotification + Version : 1.0 + + .LINK + https://github.com/silverhack/monkey365 + #> + + [CmdletBinding()] + param( + [Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")] + [string]$collectorId + ) + Begin { + #Collector metadata + $monkey_metadata = @{ + Id = "aad0045"; + Provider = "EntraID"; + Resource = "EntraID"; + ResourceType = $null; + resourceName = $null; + collectorName = "Get-MonkeyAADIdentityProtectionNotification"; + ApiType = "MSGraph"; + description = "Collector to get notification settings for Entra ID Identity Protection"; + Group = @( + "EntraID" + ); + Tags = @{ + "enabled" = $true + }; + Docs = "https://silverhack.github.io/monkey365/"; + ruleSuffixes = @( + "aad_identityprotection_notifications" + ); + dependsOn = @( + + ); + } + $notifications = $null + } + Process { + $msg = @{ + MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Microsoft Entra ID Identity Protection Notifications",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = 'info'; + InformationAction = $O365Object.InformationAction; + Tags = @('EntraIDIdentityProtectionNotificationInfo'); + } + Write-Information @msg + $p = @{ + APIVersion = 'beta'; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Debug = $O365Object.Debug; + } + $notifications = Get-MonkeyMSGraphIdentityProtectionNotification @p + } + End { + if ($null -ne $notifications) { + $notifications.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.IdentityProtection.Notifications') + [pscustomobject]$obj = @{ + Data = $notifications; + Metadata = $monkey_metadata; + } + $returnData.aad_identityprotection_notifications = $obj; + } + else { + $msg = @{ + MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Entra ID Identity Protection Notifications",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = "verbose"; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Tags = @('EntraIDIdentityProtectionNotificationEmptyResponse') + } + Write-Verbose @msg + } + } +} + + + + + + + diff --git a/collectors/aad/pim/IAM/Get-MonkeyEntraRoleDefinition.ps1 b/collectors/aad/msgraph/pim/IAM/Get-MonkeyPIMRoleAssignment.ps1 similarity index 97% rename from collectors/aad/pim/IAM/Get-MonkeyEntraRoleDefinition.ps1 rename to collectors/aad/msgraph/pim/IAM/Get-MonkeyPIMRoleAssignment.ps1 index 2d11732a..6656e9d6 100644 --- a/collectors/aad/pim/IAM/Get-MonkeyEntraRoleDefinition.ps1 +++ b/collectors/aad/msgraph/pim/IAM/Get-MonkeyPIMRoleAssignment.ps1 @@ -51,7 +51,7 @@ function Get-MonkeyPIMRoleAssignment { ResourceType = $null; resourceName = $null; collectorName = "Get-MonkeyPIMRoleAssignment"; - ApiType = "PIM"; + ApiType = "MSGraph"; description = "Collector to get information about role assignment from PIM"; Group = @( "EntraID" @@ -84,7 +84,7 @@ function Get-MonkeyPIMRoleAssignment { Verbose = $O365Object.Verbose; Debug = $O365Object.Debug; } - $role_assignment = Invoke-MonkeyPrivilegedIdentityInfo @p + $role_assignment = Get-MonkeyMSGraphPIMRoleAssignment @p } end { if ($null -ne $role_assignment) { diff --git a/collectors/aad/msgraph/security/Get-MonkeyAADSecureScore.ps1 b/collectors/aad/msgraph/security/Get-MonkeyAADSecureScore.ps1 index 2473096a..4ec670d8 100644 --- a/collectors/aad/msgraph/security/Get-MonkeyAADSecureScore.ps1 +++ b/collectors/aad/msgraph/security/Get-MonkeyAADSecureScore.ps1 @@ -1,4 +1,4 @@ -# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido + # Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/collectors/aad/msgraph/security/Get-MonkeyAADSecureScoreControlProfile.ps1 b/collectors/aad/msgraph/security/Get-MonkeyAADSecureScoreControlProfile.ps1 index d017d96f..89b48c52 100644 --- a/collectors/aad/msgraph/security/Get-MonkeyAADSecureScoreControlProfile.ps1 +++ b/collectors/aad/msgraph/security/Get-MonkeyAADSecureScoreControlProfile.ps1 @@ -61,7 +61,7 @@ function Get-MonkeyAADSecureScoreControlProfile { }; Docs = "https://silverhack.github.io/monkey365/"; ruleSuffixes = @( - "aad_conditional_access_policy" + "aad_secureScore_controlProfile" ); dependsOn = @( @@ -101,14 +101,14 @@ function Get-MonkeyAADSecureScoreControlProfile { } $ss_control_profile = Get-MonkeyMSGraphSecureScoreControlProfile @p } - end { + End { if ($null -ne $ss_control_profile) { $ss_control_profile.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.SecureScoreControlProfile') [pscustomobject]$obj = @{ Data = $ss_control_profile; Metadata = $monkey_metadata; } - $returnData.aad_conditional_access_policy = $obj; + $returnData.aad_secureScore_controlProfile = $obj; } else { $msg = @{ diff --git a/collectors/aad/portal/directory_properties/Get-MonkeyADDirectoryProperty.ps1 b/collectors/aad/portal/directory_properties/Get-MonkeyADDirectoryProperty.ps1 index 32239bb7..512251b6 100644 --- a/collectors/aad/portal/directory_properties/Get-MonkeyADDirectoryProperty.ps1 +++ b/collectors/aad/portal/directory_properties/Get-MonkeyADDirectoryProperty.ps1 @@ -106,6 +106,15 @@ function Get-MonkeyADDirectoryProperty { #Get Azure B2B directory policy $params.Query = "B2B/b2bPolicy" $azure_ad_b2b_directory_policies = Get-MonkeyAzurePortalObject @params + #Mock b2b directory policy if not exists + if($null -eq $azure_ad_b2b_directory_policies){ + $azure_ad_b2b_directory_policies = [PsCustomObject]@{ + targetedDomains = @(); + hasListEntries = $false; + adminConsentedForUsersIntoTenantIds = @(); + noAADConsentForUsersFromTenantsIds = @(); + } + } } end { #Return directory properties diff --git a/collectors/aad/portal/managed_applications/Get-MonkeyADManagedApplicationUserConfiguration.ps1 b/collectors/aad/portal/managed_applications/Get-MonkeyADManagedApplicationUserConfiguration - Copy.ps1 similarity index 100% rename from collectors/aad/portal/managed_applications/Get-MonkeyADManagedApplicationUserConfiguration.ps1 rename to collectors/aad/portal/managed_applications/Get-MonkeyADManagedApplicationUserConfiguration - Copy.ps1 diff --git a/collectors/aad/portal/managed_applications/Get-MonkeyEntraIDPortalAdminConsentSetting.ps1 b/collectors/aad/portal/managed_applications/Get-MonkeyEntraIDPortalAdminConsentSetting.ps1 new file mode 100644 index 00000000..8926c657 --- /dev/null +++ b/collectors/aad/portal/managed_applications/Get-MonkeyEntraIDPortalAdminConsentSetting.ps1 @@ -0,0 +1,135 @@ +# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +function Get-MonkeyEntraIDPortalAdminConsentSetting { +<# + .SYNOPSIS + Collector to get admin consent settings from Microsoft Entra ID Portal + + .DESCRIPTION + Collector to get admin consent settings from Microsoft Entra ID Portal + + .INPUTS + + .OUTPUTS + + .EXAMPLE + + .NOTES + Author : Juan Garrido + Twitter : @tr1ana + File Name : Get-MonkeyEntraIDPortalAdminConsentSetting + Version : 1.0 + + .LINK + https://github.com/silverhack/monkey365 + #> + + [CmdletBinding()] + param( + [Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")] + [string]$collectorId + ) + begin { + $Environment = $O365Object.Environment + #Collector metadata + $monkey_metadata = @{ + Id = "aad0037"; + Provider = "EntraID"; + Resource = "EntraIDPortal"; + ResourceType = $null; + resourceName = $null; + collectorName = "Get-MonkeyEntraIDPortalAdminConsentSetting"; + ApiType = "EntraIDPortal"; + description = "Collector to get admin consent settings from Microsoft Entra ID Portal"; + Group = @( + "EntraIDPortal" + ); + Tags = @{ + "enabled" = $true + }; + Docs = "https://silverhack.github.io/monkey365/"; + ruleSuffixes = @( + "aad_managed_app_admin_consent_setting" + ); + dependsOn = @( + + ); + } + #Get Azure Active Directory Auth + $AADAuth = $O365Object.auth_tokens.AzurePortal + } + process { + $msg = @{ + MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Microsoft Entra ID enterprise applications admin consent settings",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = 'info'; + InformationAction = $O365Object.InformationAction; + Tags = @('AzurePortalManagedAppAdminConsentSettings'); + } + Write-Information @msg + #Get Enterprise applications admin consent settings + $p = @{ + Authentication = $AADAuth; + Query = "RequestApprovals/V2/PolicyTemplates?type=AdminConsentFlow"; + Environment = $Environment; + ContentType = 'application/json'; + Method = "GET"; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Debug = $O365Object.Debug; + } + $adminConsentSettings = Get-MonkeyAzurePortalObject @p + if($null -eq $adminConsentSettings){ + $adminConsentSettings = [PsCustomObject]@{ + adminConsentEnabled = $false; + requestExpiresInDays = $false; + notificationsEnabled = $false; + remindersEnabled = $false + } + } + Else{ + $adminConsentSettings | Add-Member -MemberType NoteProperty -Name adminConsentEnabled -Value $true -Force + } + } + end { + if ($adminConsentSettings) { + $adminConsentSettings.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.managed.applications.admin_consent_settings') + [pscustomobject]$obj = @{ + Data = $adminConsentSettings; + Metadata = $monkey_metadata; + } + $returnData.aad_managed_app_admin_consent_setting = $obj + } + else { + $msg = @{ + MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Entra ID enterprise applications admin consent settings",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = "verbose"; + InformationAction = $O365Object.InformationAction; + Tags = @('AzurePortalManagedAppAdminConsentSettings'); + Verbose = $O365Object.Verbose; + } + Write-Verbose @msg + } + } +} + + + + + + + diff --git a/collectors/azure/general/Get-MonkeyCopilotForAzurePolicy.ps1 b/collectors/azure/general/Get-MonkeyCopilotForAzurePolicy.ps1 new file mode 100644 index 00000000..27546529 --- /dev/null +++ b/collectors/azure/general/Get-MonkeyCopilotForAzurePolicy.ps1 @@ -0,0 +1,119 @@ +# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +function Get-MonkeyCopilotForAzurePolicy { +<# + .SYNOPSIS + Collector to get information about Copilot for Azure + + .DESCRIPTION + Collector to get information about Copilot for Azure + + .INPUTS + + .OUTPUTS + + .EXAMPLE + + .NOTES + Author : Juan Garrido + Twitter : @tr1ana + File Name : Get-MonkeyCopilotForAzurePolicy + Version : 1.0 + + .LINK + https://github.com/silverhack/monkey365 + #> + + [CmdletBinding()] + param( + [Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")] + [string]$collectorId + ) + begin { + #Collector metadata + $monkey_metadata = @{ + Id = "az00043"; + Provider = "Azure"; + Resource = "Copilot"; + ResourceType = $null; + resourceName = $null; + collectorName = "Get-MonkeyCopilotForAzurePolicy"; + ApiType = "resourceManagement"; + description = "Collector to get information about Copilot for Azure"; + Group = @( + "Subscription"; + "General" + ); + Tags = @{ + "enabled" = $true + }; + Docs = "https://silverhack.github.io/monkey365/"; + ruleSuffixes = @( + "az_copilot_for_azure" + ); + dependsOn = @( + + ); + } + } + process { + $msg = @{ + MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Copilot for Azure",$O365Object.current_subscription.displayName); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = 'info'; + InformationAction = $O365Object.InformationAction; + Tags = @('AzureSubscriptionCopilotInfo'); + } + Write-Information @msg + #Get Copilot For Azure + $p = @{ + Id = 'providers/Microsoft.PortalServices/copilotSettings/default'; + ApiVersion = '2024-04-01-preview'; + Verbose = $O365Object.verbose; + Debug = $O365Object.debug; + InformationAction = $O365Object.InformationAction; + } + $copilotInfo = Get-MonkeyAzObjectById @p + } + end { + if ($copilotInfo) { + $copilotInfo.PSObject.TypeNames.Insert(0,'Monkey365.Azure.Copilot') + [pscustomobject]$obj = @{ + Data = $copilotInfo; + Metadata = $monkey_metadata; + } + $returnData.az_copilot_for_azure = $obj + } + else { + $msg = @{ + MessageData = ($message.MonkeyEmptyResponseMessage -f "Copilot for Azure",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = "verbose"; + InformationAction = $O365Object.InformationAction; + Tags = @('AzureSubscriptionCopilotEmptyResponse'); + Verbose = $O365Object.Verbose; + } + Write-Verbose @msg + } + } +} + + + + + + + diff --git a/collectors/m365/ExchangeOnline/ATP/Get-MonkeyEXOATPBuiltInProtectionRule.ps1 b/collectors/m365/ExchangeOnline/ATP/Get-MonkeyEXOATPBuiltInProtectionRule.ps1 new file mode 100644 index 00000000..d1657cd0 --- /dev/null +++ b/collectors/m365/ExchangeOnline/ATP/Get-MonkeyEXOATPBuiltInProtectionRule.ps1 @@ -0,0 +1,118 @@ +# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +function Get-MonkeyEXOATPBuiltInProtectionRule { +<# + .SYNOPSIS + Collector to get information about the rule for the Built-in protection preset security policy in Exchange Online + + .DESCRIPTION + Collector to get information about the rule for the Built-in protection preset security policy in Exchange Online + + .INPUTS + + .OUTPUTS + + .EXAMPLE + + .NOTES + Author : Juan Garrido + Twitter : @tr1ana + File Name : Get-MonkeyEXOATPBuiltInProtectionRule + Version : 1.0 + + .LINK + https://github.com/silverhack/monkey365 + #> + + [CmdletBinding()] + param( + [Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")] + [string]$collectorId + ) + begin { + $exo_policy_config = $null; + #Collector metadata + $monkey_metadata = @{ + Id = "exo0033"; + Provider = "Microsoft365"; + Resource = "ExchangeOnline"; + ResourceType = $null; + resourceName = $null; + collectorName = "Get-MonkeyEXOATPBuiltInProtectionRule"; + ApiType = "ExoApi"; + description = "Collector to get information about the rule for the Built-in protection preset security policy in Exchange Online"; + Group = @( + "ExchangeOnline" + ); + Tags = @{ + "enabled" = $true + }; + Docs = "https://silverhack.github.io/monkey365/"; + ruleSuffixes = @( + "o365_exo_atp_builtin_protection_rule" + ); + dependsOn = @( + + ); + } + #Get instance + $Environment = $O365Object.Environment + #Get Exchange Online Auth token + $ExoAuth = $O365Object.auth_tokens.ExchangeOnline + } + process { + $msg = @{ + MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Exchange Online Built-in protection preset security policy",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = 'info'; + InformationAction = $O365Object.InformationAction; + Tags = @('ExoBuiltinProtectionInfo'); + } + Write-Information @msg + $p = @{ + Authentication = $ExoAuth; + Environment = $Environment; + ResponseFormat = 'clixml'; + Command = 'Get-ATPBuiltInProtectionRule'; + Method = "POST"; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Debug = $O365Object.Debug; + } + $exo_builtin_protection_policy = Get-PSExoAdminApiObject @p + } + End { + if ($null -ne $exo_builtin_protection_policy) { + $exo_builtin_protection_policy.PSObject.TypeNames.Insert(0,'Monkey365.ExchangeOnline.BuiltIn.Protection.Rule') + [pscustomobject]$obj = @{ + Data = $exo_builtin_protection_policy; + Metadata = $monkey_metadata; + } + $returnData.o365_exo_atp_builtin_protection_rule = $obj + } + else { + $msg = @{ + MessageData = ($message.MonkeyEmptyResponseMessage -f "Exchange Online Built-in protection preset security policy",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = "verbose"; + InformationAction = $O365Object.InformationAction; + Tags = @('ExoBuiltinProtectionEmptyResponse'); + Verbose = $O365Object.Verbose; + } + Write-Verbose @msg + } + } +} \ No newline at end of file diff --git a/collectors/m365/ExchangeOnline/Organisation/Get-MonkeyEXOEmailTenantSetting.ps1 b/collectors/m365/ExchangeOnline/Organisation/Get-MonkeyEXOEmailTenantSetting.ps1 new file mode 100644 index 00000000..02d866b6 --- /dev/null +++ b/collectors/m365/ExchangeOnline/Organisation/Get-MonkeyEXOEmailTenantSetting.ps1 @@ -0,0 +1,125 @@ +# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +function Get-MonkeyEXOEmailTenantSetting { +<# + .SYNOPSIS + Collector to get information about email tenant settings in Exchange Online + + .DESCRIPTION + Collector to get information about email tenant settings in Exchange Online + + .INPUTS + + .OUTPUTS + + .EXAMPLE + + .NOTES + Author : Juan Garrido + Twitter : @tr1ana + File Name : Get-MonkeyEXOEmailTenantSetting + Version : 1.0 + + .LINK + https://github.com/silverhack/monkey365 + #> + + [CmdletBinding()] + param( + [Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")] + [string]$collectorId + ) + begin { + $exo_policy_config = $null; + #Collector metadata + $monkey_metadata = @{ + Id = "exo0032"; + Provider = "Microsoft365"; + Resource = "ExchangeOnline"; + ResourceType = $null; + resourceName = $null; + collectorName = "Get-MonkeyEXOEmailTenantSetting"; + ApiType = "ExoApi"; + description = "Collector to get information about email tenant settings in Exchange Online"; + Group = @( + "ExchangeOnline" + ); + Tags = @{ + "enabled" = $true + }; + Docs = "https://silverhack.github.io/monkey365/"; + ruleSuffixes = @( + "o365_exo_email_tenant_settings" + ); + dependsOn = @( + + ); + } + #Get instance + $Environment = $O365Object.Environment + #Get Exchange Online Auth token + $ExoAuth = $O365Object.auth_tokens.ExchangeOnline + } + process { + $msg = @{ + MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Exchange Online email tenant settings",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = 'info'; + InformationAction = $O365Object.InformationAction; + Tags = @('ExoEmailTenantInfo'); + } + Write-Information @msg + $p = @{ + Authentication = $ExoAuth; + Environment = $Environment; + ResponseFormat = 'clixml'; + Command = 'Get-EmailTenantSettings'; + Method = "POST"; + InformationAction = $O365Object.InformationAction; + Verbose = $O365Object.Verbose; + Debug = $O365Object.Debug; + } + $exo_email_tenant_info = Get-PSExoAdminApiObject @p + } + end { + if ($null -ne $exo_email_tenant_info) { + $exo_email_tenant_info.PSObject.TypeNames.Insert(0,'Monkey365.ExchangeOnline.EmailTenantSettings') + [pscustomobject]$obj = @{ + Data = $exo_email_tenant_info; + Metadata = $monkey_metadata; + } + $returnData.o365_exo_email_tenant_settings = $obj + } + else { + $msg = @{ + MessageData = ($message.MonkeyEmptyResponseMessage -f "Exchange Online email tenant settings",$O365Object.TenantID); + callStack = (Get-PSCallStack | Select-Object -First 1); + logLevel = "verbose"; + InformationAction = $O365Object.InformationAction; + Tags = @('ExoEmailTenantEmptyResponse'); + Verbose = $O365Object.Verbose; + } + Write-Verbose @msg + } + } +} + + + + + + +