Optimized some of the code.
This commit is contained in:
Родитель
f6e836d970
Коммит
512cdfbcb1
|
@ -5,7 +5,7 @@
|
|||
"_generator": {
|
||||
"name": "bicep",
|
||||
"version": "0.13.1.58284",
|
||||
"templateHash": "16170835107442725722"
|
||||
"templateHash": "16350299991353580710"
|
||||
}
|
||||
},
|
||||
"parameters": {
|
||||
|
@ -239,8 +239,8 @@
|
|||
"name": "[parameters('AppServicePlanName')]",
|
||||
"location": "[variables('Location')]",
|
||||
"sku": {
|
||||
"name": "B2",
|
||||
"tier": "Basic"
|
||||
"name": "P1v2",
|
||||
"tier": "PremiumV2"
|
||||
},
|
||||
"kind": "linux",
|
||||
"properties": {
|
||||
|
|
Двоичный файл не отображается.
|
@ -15,7 +15,7 @@ function Get-RequestHeaders {
|
|||
return @{"Authorization" = "Bearer $Token"; "Content-Type" = "application/json" }
|
||||
}
|
||||
|
||||
#Function to get data via REST API.
|
||||
#Function to get data via REST API and send to Azure Monitor.
|
||||
function Import-Data {
|
||||
param ($SourceUri, $SourceToken, $Table, $DataSourceName, $JsonDepth, $RecommendationId, $AzureResources)
|
||||
$count = 1
|
||||
|
@ -48,18 +48,20 @@ function Import-Data {
|
|||
$recommendations += $content
|
||||
}
|
||||
}
|
||||
$configurations = New-Object System.Collections.ArrayList
|
||||
$objectsReceived = $content.Count
|
||||
$totalObjectsReceived += $objectsReceived
|
||||
Write-Host "Objects received in current request:" $content.Count
|
||||
$content | Add-Member -NotePropertyName 'TimeGenerated' -NotePropertyValue $snapshotTime
|
||||
foreach ($item in ($content)) {
|
||||
switch ($DataSourceName) {
|
||||
'MDVM Recommendations' { $item | Add-Member -NotePropertyName recId -NotePropertyValue $item.Id }
|
||||
'MDVM Recommendations Machine References' {
|
||||
$item | Add-Member -NotePropertyName recordId -NotePropertyValue $item.Id
|
||||
$item | Add-Member -NotePropertyName recommendationId -NotePropertyValue $RecommendationId
|
||||
}
|
||||
'MDVM Vulnerabilities by Device' {
|
||||
$item | Add-Member -NotePropertyName vulnId -NotePropertyValue $item.Id
|
||||
$azSearch = $AzureResources | Where-Object deviceName -eq $item.deviceName.Substring(0, $item.deviceName.IndexOf('.')).ToLower()
|
||||
switch ($DataSourceName) {
|
||||
'MDVM Recommendations' { $content | Add-Member -MemberType AliasProperty -Name recId -Value id }
|
||||
'MDVM Recommendations Machine References' {
|
||||
$content | Add-Member -MemberType AliasProperty -Name recordId -Value id
|
||||
$content | Add-Member -NotePropertyName recommendationId -NotePropertyValue $RecommendationId
|
||||
}
|
||||
'MDVM Vulnerabilities by Device' {
|
||||
$content | Add-Member -MemberType AliasProperty -Name vulnId -Value id
|
||||
foreach ($item in $content) {
|
||||
$azSearch = $AzureResources.($item.deviceName.Substring(0, $item.deviceName.IndexOf('.')).ToLower())
|
||||
if ($null -ne $azSearch) {
|
||||
$item | Add-Member -NotePropertyName azResourceId -NotePropertyValue $azSearch.id
|
||||
}
|
||||
|
@ -67,36 +69,35 @@ function Import-Data {
|
|||
$item | Add-Member -NotePropertyName azResourceId -NotePropertyValue ''
|
||||
}
|
||||
}
|
||||
'MDVM CVE KB' { $item | Add-Member -NotePropertyName cveId -NotePropertyValue $item.Id }
|
||||
'NIST CVE KB' {
|
||||
$item | Add-Member -NotePropertyName cveId -NotePropertyValue $item.Id
|
||||
if ($item | Get-Member configurations) {
|
||||
$configuration = New-Object psobject
|
||||
$configurationNumber = 0
|
||||
foreach ($configuration in $item.configurations) {
|
||||
$configurationNumber += 1
|
||||
$nodes = $configuration | Select-Object -ExpandProperty nodes
|
||||
foreach ($node in $nodes) {
|
||||
$cpes = $node | Select-Object -ExpandProperty cpeMatch
|
||||
$cpes | Add-Member -NotePropertyName configurationNumber -NotePropertyValue $configurationNumber
|
||||
$cpes | Add-Member -NotePropertyName configurationOperator -NotePropertyValue $configuration.operator
|
||||
$cpes | Add-Member -NotePropertyName configurationNegate -NotePropertyValue $configuration.negate
|
||||
$cpes | Add-Member -NotePropertyName nodeOperator -NotePropertyValue $node.operator
|
||||
$cpes | Add-Member -NotePropertyName nodeNegate -NotePropertyValue $node.negate
|
||||
$cpes | Add-Member -NotePropertyName cveId -NotePropertyValue $item.id
|
||||
$cpes | Add-Member -NotePropertyName TimeGenerated -NotePropertyValue $snapshotTime
|
||||
$configurations.Add($cpes) | Out-Null
|
||||
}
|
||||
}
|
||||
'MDVM CVE KB' { $content | Add-Member -NotePropertyName cveId -NotePropertyValue id }
|
||||
'NIST CVE KB' {
|
||||
$content | Add-Member -MemberType AliasProperty -Name cveId -Value id
|
||||
$configurations = New-Object System.Collections.ArrayList
|
||||
foreach ($item in $content | Where-Object configurations -ne $null) {
|
||||
$configuration = New-Object psobject
|
||||
$configurationNumber = 0
|
||||
foreach ($configuration in $item.configurations) {
|
||||
$configurationNumber += 1
|
||||
$nodes = $configuration | Select-Object -ExpandProperty nodes
|
||||
foreach ($node in $nodes) {
|
||||
$cpes = $node | Select-Object -ExpandProperty cpeMatch
|
||||
$cpes | Add-Member -NotePropertyMembers @{
|
||||
configurationNumber = $configurationNumber
|
||||
configurationOperator = $configuration.operator
|
||||
configurationNegate = $configuration.negate
|
||||
nodeOperator = $node.operator
|
||||
nodeNegate = $node.negate
|
||||
cveId = $item.cveId
|
||||
TimeGenerated = $snapshotTime
|
||||
} -PassThru | Out-Null
|
||||
$configurations.Add($cpes) | Out-Null
|
||||
}
|
||||
$item.PSObject.Properties.Remove('configurations')
|
||||
}
|
||||
$item.PSObject.Properties.Remove('configurations')
|
||||
}
|
||||
}
|
||||
if ($null -ne $item.id) { $item.PSObject.Properties.Remove('id') }
|
||||
}
|
||||
$objectsReceived = $content.Count
|
||||
$totalObjectsReceived += $objectsReceived
|
||||
Write-Host "Objects received in current request:" $content.Count
|
||||
if ($objectsReceived -eq 0) { return }
|
||||
$logIngestionClient.UploadAsync($dcrImmutableId, "Custom-$Table", ($content | ConvertTo-Json -Depth $JsonDepth -AsArray)) | Out-Null
|
||||
if ($configurations.Count -ne 0) {
|
||||
|
@ -176,12 +177,11 @@ resources
|
|||
| extend deviceName = iif(deviceName == '', name, deviceName)
|
||||
| project id = tolower(id), deviceName = tolower(deviceName)"
|
||||
|
||||
$azResources = $null
|
||||
$response = $null
|
||||
do {
|
||||
$response = Search-AzGraph -Query $azureVMsQuery -SkipToken $response.SkipToken -First 1000
|
||||
$azResources += $response
|
||||
} until ($null -eq $response.SkipToken)
|
||||
$azResources = $azResources | Group-Object -AsHashTable -Property deviceName
|
||||
|
||||
#Ingest Vulnerabilities by Device.
|
||||
$defenderUri = "https://api.securitycenter.windows.com/api/machines/SoftwareVulnerabilitiesByMachine"
|
||||
|
@ -239,8 +239,8 @@ else {
|
|||
Import-Data -SourceUri $nistUri -DataSourceName 'NIST CVE KB' -JsonDepth 8 -Table 'MDVMNISTCVEKB_CL'
|
||||
|
||||
#Validate data was written to Azure Monitor.
|
||||
Write-Host "Wating 3 minutes to allow for all data to get written to Azure Monitor before checking for any mismatches..."
|
||||
Start-Sleep -Seconds 180
|
||||
Write-Host "Wating 1 minute to allow for all data to get written to Azure Monitor before checking for any mismatches..."
|
||||
Start-Sleep -Seconds 60
|
||||
$lawQuery = "union withsource=MDVMTableName MDVM*
|
||||
| where TimeGenerated == todatetime('$snapshotTime')
|
||||
| summarize Count = count() by MDVMTableName, TimeGenerated"
|
||||
|
@ -257,4 +257,4 @@ if ($tableStats | Where-Object Mismatch -eq $true) {
|
|||
}
|
||||
else {
|
||||
Write-Host ("All data has been successfully written to Azure Monitor. Per table details are below: `n" + $report)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -7,5 +7,5 @@
|
|||
"id": "Microsoft.Azure.Functions.ExtensionBundle",
|
||||
"version": "[3.*, 4.0.0)"
|
||||
},
|
||||
"functionTimeout": "02:00:00"
|
||||
"functionTimeout": "04:00:00"
|
||||
}
|
|
@ -164,8 +164,8 @@ resource hostingPlan 'Microsoft.Web/serverfarms@2021-03-01' = {
|
|||
name: AppServicePlanName
|
||||
location: Location
|
||||
sku: {
|
||||
name: 'B2'
|
||||
tier: 'Basic'
|
||||
name: 'P1v2'
|
||||
tier: 'PremiumV2'
|
||||
}
|
||||
kind: 'linux'
|
||||
properties: {
|
||||
|
|
Загрузка…
Ссылка в новой задаче