Skip to content

Commit

Permalink
change to write warning to be able to read logs better in insights
Browse files Browse the repository at this point in the history
  • Loading branch information
KelvinTegelaar committed Oct 4, 2024
1 parent 249e06a commit 028fd67
Showing 1 changed file with 13 additions and 13 deletions.
26 changes: 13 additions & 13 deletions Modules/CIPPCore/Public/Webhooks/Test-CIPPAuditLogRules.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ function Test-CIPPAuditLogRules {
LogType = $_.Type
}
}
Write-Information 'Getting audit records from Graph API'
write-warning 'Getting audit records from Graph API'
$SearchResults = Get-CippAuditLogSearchResults -TenantFilter $TenantFilter -QueryId $SearchId
$LogCount = ($SearchResults | Measure-Object).Count
Write-Information "Logs to process: $LogCount"
write-warning "Logs to process: $LogCount"
$Results.TotalLogs = $LogCount
if ($LogCount -gt 0) {
$LocationTable = Get-CIPPTable -TableName 'knownlocationdb'
Expand All @@ -49,7 +49,7 @@ function Test-CIPPAuditLogRules {
$Data.CIPPExtendedProperties = ($Data.ExtendedProperties | ConvertTo-Json)
$Data.ExtendedProperties | ForEach-Object {
if ($_.Value -in $ExtendedPropertiesIgnoreList) {
Write-Information "No need to process this operation as its in our ignore list. Some extended information: $($data.operation) - $($TenantFilter)"
write-warning "No need to process this operation as its in our ignore list. Some extended information: $($data.operation) - $($TenantFilter)"
continue
}
$Data | Add-Member -NotePropertyName $_.Name -NotePropertyValue $_.Value -Force -ErrorAction SilentlyContinue
Expand All @@ -68,12 +68,12 @@ function Test-CIPPAuditLogRules {
try {
$Data.ModifiedProperties | ForEach-Object { $Data | Add-Member -NotePropertyName "$($_.Name)" -NotePropertyValue "$($_.NewValue)" -Force -ErrorAction SilentlyContinue }
} catch {
#Write-Information ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
#write-warning ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
}
try {
$Data.ModifiedProperties | ForEach-Object { $Data | Add-Member -NotePropertyName $("Previous_Value_$($_.Name)") -NotePropertyValue "$($_.OldValue)" -Force -ErrorAction SilentlyContinue }
} catch {
#Write-Information ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
#write-warning ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
}
}

Expand All @@ -84,7 +84,7 @@ function Test-CIPPAuditLogRules {
# Check if IP is on trusted IP list
$TrustedIP = Get-CIPPAzDataTableEntity @TrustedIPTable -Filter "PartitionKey eq '$TenantFilter' and RowKey eq '$($Data.clientip)' and state eq 'Trusted'"
if ($TrustedIP) {
Write-Information "IP $($Data.clientip) is trusted"
write-warning "IP $($Data.clientip) is trusted"
$Trusted = $true
}
if (!$Trusted) {
Expand All @@ -99,7 +99,7 @@ function Test-CIPPAuditLogRules {
try {
$Location = Get-CIPPGeoIPLocation -IP $Data.clientip
} catch {
Write-Information "Unable to get IP location for $($Data.clientip): $($_.Exception.Message)"
write-warning "Unable to get IP location for $($Data.clientip): $($_.Exception.Message)"
}
$Country = if ($Location.CountryCode) { $Location.CountryCode } else { 'Unknown' }
$City = if ($Location.City) { $Location.City } else { 'Unknown' }
Expand All @@ -120,7 +120,7 @@ function Test-CIPPAuditLogRules {
try {
$null = Add-CIPPAzDataTableEntity @LocationTable -Entity $LocationInfo -Force
} catch {
Write-Information "Failed to add location info for $($Data.clientip) to cache: $($_.Exception.Message)"
write-warning "Failed to add location info for $($Data.clientip) to cache: $($_.Exception.Message)"

}
}
Expand All @@ -134,12 +134,12 @@ function Test-CIPPAuditLogRules {
}
$Data | Select-Object * -ExcludeProperty ExtendedProperties, DeviceProperties, parameters
} catch {
Write-Information "Audit log: Error processing data: $($_.Exception.Message)`r`n$($_.InvocationInfo.PositionMessage)"
write-warning "Audit log: Error processing data: $($_.Exception.Message)`r`n$($_.InvocationInfo.PositionMessage)"
Write-LogMessage -API 'Webhooks' -message 'Error Processing Audit Log Data' -LogData (Get-CippException -Exception $_) -sev Error -tenant $TenantFilter
}
}
Write-Host "Processed Data: $(($ProcessedData | Measure-Object).Count) - This should be higher than 0 in many cases, because the where object has not run yet."
Write-Information "Creating filters - $($data.operation) - $($TenantFilter)"
write-warning "Creating filters - $($ProcessedData.operation -join ',') - $($TenantFilter)"

$Where = $Configuration | ForEach-Object {
$conditions = $_.Conditions | ConvertFrom-Json | Where-Object { $_.Input.value -ne '' }
Expand Down Expand Up @@ -169,11 +169,11 @@ function Test-CIPPAuditLogRules {

$MatchedRules = [System.Collections.Generic.List[string]]::new()
$DataToProcess = foreach ($clause in $Where) {
Write-Information "Webhook: Processing clause: $($clause.clause)"
Write-Information "Webhook: If this clause would be true, the action would be: $($clause.expectedAction)"
write-warning "Webhook: Processing clause: $($clause.clause)"
write-warning "Webhook: If this clause would be true, the action would be: $($clause.expectedAction)"
$ReturnedData = $ProcessedData | Where-Object { Invoke-Expression $clause.clause }
if ($ReturnedData) {
Write-Information "Webhook: There is matching data: $(($ReturnedData.operation | Select-Object -Unique) -join ', ')"
write-warning "Webhook: There is matching data: $(($ReturnedData.operation | Select-Object -Unique) -join ', ')"
$ReturnedData = foreach ($item in $ReturnedData) {
$item.CIPPAction = $clause.expectedAction
$item.CIPPClause = $clause.CIPPClause -join ' and '
Expand Down

0 comments on commit 028fd67

Please sign in to comment.