-
Notifications
You must be signed in to change notification settings - Fork 5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1133 from JohnDuprey/dev
Bugfixes and Audit Logs functions
- Loading branch information
Showing
11 changed files
with
245 additions
and
76 deletions.
There are no files selected for viewing
File renamed without changes.
29 changes: 24 additions & 5 deletions
29
Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
54 changes: 54 additions & 0 deletions
54
...lic/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ExecAuditLogSearch.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
function Invoke-ExecAuditLogSearch { | ||
<# | ||
.FUNCTIONALITY | ||
Entrypoint | ||
.ROLE | ||
Tenant.Alert.ReadWrite | ||
#> | ||
[CmdletBinding()] | ||
param($Request, $TriggerMetadata) | ||
|
||
$Query = $Request.Body | ||
if (!$Query.TenantFilter) { | ||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::BadRequest | ||
Body = 'TenantFilter is required' | ||
}) | ||
return | ||
} | ||
if (!$Query.StartTime -or !$Query.EndTime) { | ||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::BadRequest | ||
Body = 'StartTime and EndTime are required' | ||
}) | ||
return | ||
} | ||
|
||
$Command = Get-Command New-CippAuditLogSearch | ||
$AvailableParameters = $Command.Parameters.Keys | ||
$BadProps = foreach ($Prop in $Query.PSObject.Properties.Name) { | ||
if ($AvailableParameters -notcontains $Prop) { | ||
$Prop | ||
} | ||
} | ||
if ($BadProps) { | ||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::BadRequest | ||
Body = "Invalid parameters: $($BadProps -join ', ')" | ||
}) | ||
return | ||
} | ||
|
||
try { | ||
$Results = New-CippAuditLogSearch @Query | ||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::OK | ||
Body = $Results | ||
}) | ||
} catch { | ||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::BadRequest | ||
Body = $_.Exception.Message | ||
}) | ||
} | ||
} |
77 changes: 77 additions & 0 deletions
77
...c/Entrypoints/HTTP Functions/Tenant/Administration/Alerts/Invoke-ListAuditLogSearches.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
function Invoke-ListAuditLogSearches { | ||
<# | ||
.FUNCTIONALITY | ||
Entrypoint | ||
.ROLE | ||
Tenant.Alert.Read | ||
#> | ||
Param($Request, $TriggerMetadata) | ||
|
||
if ($Request.Query.TenantFilter) { | ||
switch ($Request.Query.Type) { | ||
'Searches' { | ||
$Results = Get-CippAuditLogSearches -TenantFilter $Request.Query.TenantFilter | ||
$Body = @{ | ||
Results = @($Results) | ||
Metadata = @{ | ||
TenantFilter = $Request.Query.TenantFilter | ||
TotalSearches = $Results.Count | ||
} | ||
} | ConvertTo-Json -Depth 10 -Compress | ||
} | ||
'SearchResults' { | ||
$Results = Get-CippAuditLogSearchResults -TenantFilter $Request.Query.TenantFilter -QueryId $Request.Query.SearchId | ||
$Body = @{ | ||
Results = @($Results) | ||
Metadata = @{ | ||
SearchId = $Request.Query.SearchId | ||
TenantFilter = $Request.Query.TenantFilter | ||
TotalResults = $Results.Count | ||
} | ||
} | ConvertTo-Json -Depth 10 -Compress | ||
} | ||
default { | ||
if ($Request.Query.Days) { | ||
$Days = $Request.Query.Days | ||
} else { | ||
$Days = 1 | ||
} | ||
$StartTime = (Get-Date).AddDays(-$Days).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ') | ||
|
||
$Table = Get-CIPPTable -TableName 'AuditLogSearches' | ||
$Results = Get-CIPPAzDataTableEntity @Table -Filter "StartTime ge datetime'$StartTime'" | ForEach-Object { | ||
$Query = try { $_.Query | ConvertFrom-Json } catch { $_.Query } | ||
$MatchedRules = try { $_.MatchedRules | ConvertFrom-Json } catch { $_.MatchedRules } | ||
[PSCustomObject]@{ | ||
SearchId = $_.RowKey | ||
StartTime = $_.StartTime.DateTime | ||
EndTime = $_.EndTime.DateTime | ||
Query = $Query | ||
MatchedRules = $MatchedRules | ||
TotalLogs = $_.TotalLogs | ||
MatchedLogs = $_.MatchedLogs | ||
CippStatus = $_.CippStatus | ||
} | ||
} | ||
|
||
$Body = @{ | ||
Results = @($Results) | ||
Metadata = @{ | ||
StartTime = $StartTime | ||
TenantFilter = $Request.Query.TenantFilter | ||
} | ||
} | ConvertTo-Json -Depth 10 -Compress | ||
} | ||
} | ||
|
||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::OK | ||
Body = $Body | ||
}) | ||
} else { | ||
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ | ||
StatusCode = [HttpStatusCode]::BadRequest | ||
Body = 'TenantFilter is required' | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,26 +5,92 @@ function Set-CIPPCopyGroupMembers { | |
[string]$UserId, | ||
[string]$CopyFromId, | ||
[string]$TenantFilter, | ||
[string]$APIName = 'Copy User Groups' | ||
[string]$APIName = 'Copy User Groups', | ||
[switch]$ExchangeOnly | ||
) | ||
$MemberIDs = 'https://graph.microsoft.com/v1.0/directoryObjects/' + (New-GraphGetRequest -uri "https://graph.microsoft.com/beta/users/$UserId" -tenantid $TenantFilter).id | ||
$AddMemberBody = "{ `"[email protected]`": $(ConvertTo-Json @($MemberIDs)) }" | ||
|
||
$Requests = @( | ||
@{ | ||
id = 'User' | ||
url = 'users/{0}' -f $UserId | ||
method = 'GET' | ||
} | ||
@{ | ||
id = 'UserMembership' | ||
url = 'users/{0}/memberOf' -f $UserId | ||
method = 'GET' | ||
} | ||
@{ | ||
id = 'CopyFromMembership' | ||
url = 'users/{0}/memberOf' -f $CopyFromId | ||
method = 'GET' | ||
} | ||
) | ||
$Results = New-GraphBulkRequest -Requests $Requests -tenantid $TenantFilter | ||
$User = ($Results | Where-Object { $_.id -eq 'User' }).body | ||
$CurrentMemberships = ($Results | Where-Object { $_.id -eq 'UserMembership' }).body.value | ||
$CopyFromMemberships = ($Results | Where-Object { $_.id -eq 'CopyFromMembership' }).body.value | ||
|
||
Write-Information ($Results | ConvertTo-Json -Depth 10) | ||
|
||
$ODataBind = 'https://graph.microsoft.com/v1.0/directoryObjects/{0}' -f $User.id | ||
$AddMemberBody = @{ | ||
'@odata.id' = $ODataBind | ||
} | ConvertTo-Json -Compress | ||
|
||
$Success = [System.Collections.Generic.List[string]]::new() | ||
$Errors = [System.Collections.Generic.List[string]]::new() | ||
(New-GraphGETRequest -uri "https://graph.microsoft.com/beta/users/$CopyFromId/memberOf" -tenantid $TenantFilter) | Where-Object { $_.GroupTypes -notin 'herohero' } | ForEach-Object { | ||
$Memberships = $CopyFromMemberships | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.group' -and $_.groupTypes -notcontains 'DynamicMembership' -and $_.onPremisesSyncEnabled -ne $true -and $_.visibility -ne 'Public' -and $CurrentMemberships.id -notcontains $_.id } | ||
$ScheduleExchangeGroupTask = $false | ||
foreach ($MailGroup in $Memberships) { | ||
try { | ||
$MailGroup = $_ | ||
if ($PSCmdlet.ShouldProcess($_.displayName, "Add $UserId to group")) { | ||
if ($MailGroup.MailEnabled -and $Mailgroup.ResourceProvisioningOptions -notin 'Team') { | ||
$Params = @{ Identity = $MailGroup.mail; Member = $UserId; BypassSecurityGroupManagerCheck = $true } | ||
$null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true | ||
} else { | ||
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($_.id)" -tenantid $TenantFilter -type patch -body $AddMemberBody -Verbose | ||
if ($PSCmdlet.ShouldProcess($MailGroup.displayName, "Add $UserId to group")) { | ||
if ($MailGroup.MailEnabled -and $Mailgroup.ResourceProvisioningOptions -notcontains 'Team' -and $MailGroup.groupTypes -notcontains 'Unified') { | ||
$Params = @{ Identity = $MailGroup.mailNickname; Member = $UserId; BypassSecurityGroupManagerCheck = $true } | ||
try { | ||
$null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Add-DistributionGroupMember' -cmdParams $params -UseSystemMailbox $true | ||
} catch { | ||
if ($_.Exception.Message -match 'Ex94914C|Microsoft.Exchange.Configuration.Tasks.ManagementObjectNotFoundException') { | ||
if (($User.assignedLicenses | Measure-Object).Count -gt 0 -and !$ExchangeOnly.IsPresent) { | ||
$ScheduleExchangeGroupTask = $true | ||
} else { | ||
throw $_ | ||
} | ||
} else { | ||
throw $_ | ||
} | ||
} | ||
} elseif (!$ExchangeOnly.IsPresent) { | ||
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/groups/$($MailGroup.id)/members/`$ref" -tenantid $TenantFilter -body $AddMemberBody -Verbose | ||
} | ||
} | ||
|
||
if ($ScheduleExchangeGroupTask) { | ||
$TaskBody = [PSCustomObject]@{ | ||
TenantFilter = $TenantFilter | ||
Name = "Copy Exchange Group Membership: $UserId from $CopyFromId" | ||
Command = @{ | ||
value = 'Set-CIPPCopyGroupMembers' | ||
} | ||
Parameters = [PSCustomObject]@{ | ||
UserId = $UserId | ||
CopyFromId = $CopyFromId | ||
TenantFilter = $TenantFilter | ||
ExchangeOnly = $true | ||
} | ||
ScheduledTime = [int64](([datetime]::UtcNow).AddMinutes(5) - (Get-Date '1/1/1970')).TotalSeconds | ||
PostExecution = @{ | ||
Webhook = $false | ||
Email = $false | ||
PSA = $false | ||
} | ||
} | ||
Add-CIPPScheduledTask -Task $TaskBody -hidden $false | ||
$Errors.Add("We've scheduled a task to add $UserId to the Exchange group $($MailGroup.displayName)") | Out-Null | ||
} else { | ||
Write-LogMessage -user $ExecutingUser -API $APIName -message "Added $UserId to group $($MailGroup.displayName)" -Sev 'Info' -tenant $TenantFilter | ||
$Success.Add("Added user to group: $($MailGroup.displayName)") | Out-Null | ||
} | ||
Write-LogMessage -user $ExecutingUser -API $APIName -message "Added $UserId to group $($_.displayName)" -Sev 'Info' -tenant $TenantFilter | ||
$Success.Add("Added group: $($MailGroup.displayName)") | Out-Null | ||
} catch { | ||
$ErrorMessage = Get-CippException -Exception $_ | ||
$Errors.Add("We've failed to add the group $($MailGroup.displayName): $($ErrorMessage.NormalizedError)") | Out-Null | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.