Merge pull request #429 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearches.ps1

@@ -13,27 +13,31 @@ function Get-CippAuditLogSearches {
         [Parameter()]
         [switch]$ReadyToProcess
     )
-
+    $AuditLogSearchesTable = Get-CippTable -TableName 'AuditLogSearches'
     if ($ReadyToProcess.IsPresent) {
-        $AuditLogSearchesTable = Get-CippTable -TableName 'AuditLogSearches'
         $15MinutesAgo = (Get-Date).AddMinutes(-15).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
         $1DayAgo = (Get-Date).AddDays(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
-        $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "Tenant eq '$TenantFilter' and (CippStatus eq 'Pending' or (CippStatus eq 'Processing' and Timestamp le datetime'$15MinutesAgo')) and Timestamp ge datetime'$1DayAgo'" | Sort-Object Timestamp
+        $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "PartitionKey eq 'Search' and Tenant eq '$TenantFilter' and (CippStatus eq 'Pending' or (CippStatus eq 'Processing' and Timestamp le datetime'$15MinutesAgo')) and Timestamp ge datetime'$1DayAgo'" | Sort-Object Timestamp
+    } else {
+        $7DaysAgo = (Get-Date).AddDays(-7).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+        $PendingQueries = Get-CIPPAzDataTableEntity @AuditLogSearchesTable -Filter "Tenant eq '$TenantFilter' and Timestamp ge datetime'$7DaysAgo'"
+    }
 
-        $BulkRequests = foreach ($PendingQuery in $PendingQueries) {
-            @{
-                id     = $PendingQuery.RowKey
-                url    = 'security/auditLog/queries/' + $PendingQuery.RowKey
-                method = 'GET'
-            }
+    $BulkRequests = foreach ($PendingQuery in $PendingQueries) {
+        @{
+            id     = $PendingQuery.RowKey
+            url    = 'security/auditLog/queries/' + $PendingQuery.RowKey
+            method = 'GET'
         }
-        if ($BulkRequests.Count -eq 0) {
-            return @()
-        }
-        $Queries = New-GraphBulkRequest -Requests @($BulkRequests) -AsApp $true -TenantId $TenantFilter | Select-Object -ExpandProperty body
+    }
+    if ($BulkRequests.Count -eq 0) {
+        return @()
+    }
+    $Queries = New-GraphBulkRequest -Requests @($BulkRequests) -AsApp $true -TenantId $TenantFilter | Select-Object -ExpandProperty body
+
+    if ($ReadyToProcess.IsPresent) {
         $Queries = $Queries | Where-Object { $PendingQueries.RowKey -contains $_.id -and $_.status -eq 'succeeded' }
-    } else {
-        $Queries = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/security/auditLog/queries' -AsApp $true -tenantid $TenantFilter
     }
+
     return $Queries
 }

Modules/CIPPCore/Public/AuditLogs/New-CippAuditLogSearch.ps1

@@ -157,20 +157,26 @@ function New-CippAuditLogSearch {
     if ($PSCmdlet.ShouldProcess('Create a new audit log search for tenant ' + $TenantFilter)) {
         $Query = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/security/auditLog/queries' -body ($SearchParams | ConvertTo-Json -Compress) -tenantid $TenantFilter -AsApp $true
 
+
         if ($ProcessLogs.IsPresent -and $Query.id) {
-            $Entity = [PSCustomObject]@{
-                PartitionKey = [string]'Search'
-                RowKey       = [string]$Query.id
-                Tenant       = [string]$TenantFilter
-                DisplayName  = [string]$DisplayName
-                StartTime    = [datetime]$StartTime.ToUniversalTime()
-                EndTime      = [datetime]$EndTime.ToUniversalTime()
-                Query        = [string]($Query | ConvertTo-Json -Compress)
-                CippStatus   = [string]'Pending'
-            }
-            $Table = Get-CIPPTable -TableName 'AuditLogSearches'
-            Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+            $CippStatus = 'Pending'
+        } else {
+            $CippStatus = 'N/A'
+        }
+
+        $Entity = [PSCustomObject]@{
+            PartitionKey = [string]'Search'
+            RowKey       = [string]$Query.id
+            Tenant       = [string]$TenantFilter
+            DisplayName  = [string]$DisplayName
+            StartTime    = [datetime]$StartTime.ToUniversalTime()
+            EndTime      = [datetime]$EndTime.ToUniversalTime()
+            Query        = [string]($Query | ConvertTo-Json -Compress)
+            CippStatus   = [string]$CippStatus
         }
+        $Table = Get-CIPPTable -TableName 'AuditLogSearches'
+        Add-CIPPAzDataTableEntity @Table -Entity $Entity -Force | Out-Null
+
         return $Query
     }
 }

Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1

@@ -12,13 +12,22 @@ function Invoke-ListCippQueue {
         Write-LogMessage -headers $Request.Headers -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     }
 
+    $QueueId = $Request.Query.QueueId
+
     $CippQueue = Get-CippTable -TableName 'CippQueue'
     $CippQueueTasks = Get-CippTable -TableName 'CippQueueTasks'
     $3HoursAgo = (Get-Date).ToUniversalTime().AddHours(-3).ToString('yyyy-MM-ddTHH:mm:ssZ')
-    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue -Filter "PartitionKey eq 'CippQueue' and Timestamp ge datetime'$3HoursAgo'" | Sort-Object -Property Timestamp -Descending
+
+    if ($QueueId) {
+        $Filter = "PartitionKey eq 'CippQueue' and RowKey eq '$QueueId'"
+    } else {
+        $Filter = "PartitionKey eq 'CippQueue' and Timestamp ge datetime'$3HoursAgo'"
+    }
+
+    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue -Filter $Filter | Sort-Object -Property Timestamp -Descending
 
     $QueueData = foreach ($Queue in $CippQueueData) {
-        $Tasks = Get-CIPPAzDataTableEntity @CippQueueTasks -Filter "PartitionKey eq 'Task' and QueueId eq '$($Queue.RowKey)'" | Where-Object { $_.Name } | Select-Object @{n = 'Timestamp'; exp = { $_.Timestamp.DateTime.ToUniversalTime() } }, Name, Status
+        $Tasks = Get-CIPPAzDataTableEntity @CippQueueTasks -Filter "PartitionKey eq 'Task' and QueueId eq '$($Queue.RowKey)'" | Where-Object { $_.Name } | Select-Object @{n = 'Timestamp'; exp = { $_.Timestamp } }, Name, Status
         $TaskStatus = @{}
         $Tasks | Group-Object -Property Status | ForEach-Object {
             $TaskStatus.$($_.Name) = $_.Count
@@ -54,9 +63,9 @@ function Invoke-ListCippQueue {
             PercentComplete = [math]::Round(((($TotalCompleted + $TotalFailed) / $Queue.TotalTasks) * 100), 1)
             PercentFailed   = [math]::Round((($TotalFailed / $Queue.TotalTasks) * 100), 1)
             PercentRunning  = [math]::Round((($TotalRunning / $Queue.TotalTasks) * 100), 1)
-            Tasks           = @($Tasks)
+            Tasks           = @($Tasks | Sort-Object -Descending Timestamp)
             Status          = $Queue.Status
-            Timestamp       = $Queue.Timestamp.DateTime.ToUniversalTime()
+            Timestamp       = $Queue.Timestamp
         }
 
     }

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Graph Requests/Push-ListGraphRequestQueue.ps1

@@ -35,6 +35,7 @@ function Push-ListGraphRequestQueue {
             ReverseTenantLookupProperty = $Item.ReverseTenantLookupProperty
             ReverseTenantLookup         = $Item.ReverseTenantLookup
             AsApp                       = $Item.AsApp ?? $false
+            Caller                      = 'Push-ListGraphRequestQueue'
             SkipCache                   = $true
         }
 

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ListGraphRequest.ps1

@@ -81,7 +81,7 @@ function Invoke-ListGraphRequest {
     }
 
     if ($Request.Query.manualPagination) {
-        $GraphRequestParams.NoPagination = [System.Boolean]$Request.Query.manualPagination
+        $GraphRequestParams.ManualPagination = [System.Boolean]$Request.Query.manualPagination
     }
 
     if ($Request.Query.nextLink) {
@@ -139,7 +139,7 @@ function Invoke-ListGraphRequest {
             if ($Results.Queued -eq $true) {
                 $Metadata.Queued = $Results.Queued
                 $Metadata.QueueMessage = $Results.QueueMessage
-                $Metadata.QueuedId = $Results.QueueId
+                $Metadata.QueueId = $Results.QueueId
                 $Results = @()
             }
         }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Administration/Invoke-ListMailboxRules.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ListMailboxRules {
+function Invoke-ListMailboxRules {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -28,18 +28,15 @@ Function Invoke-ListMailboxRules {
 
     $Metadata = @{}
     # If a queue is running, we will not start a new one
-    if ($RunningQueue) {
+    if ($RunningQueue -and !$Rows) {
         $Metadata = [PSCustomObject]@{
             QueueMessage = "Still loading data for $TenantFilter. Please check back in a few more minutes"
+            QueueId      = $RunningQueue.RowKey
         }
         [PSCustomObject]@{
             Waiting = $true
         }
     } elseif ((!$Rows -and !$RunningQueue) -or ($TenantFilter -eq 'AllTenants' -and ($Rows | Measure-Object).Count -eq 1)) {
-        # If no rows are found and no queue is running, we will start a new one
-        $Metadata = [PSCustomObject]@{
-            QueueMessage = "Loading data for $TenantFilter. Please check back in 1 minute"
-        }
 
         if ($TenantFilter -eq 'AllTenants') {
             $Tenants = Get-Tenants -IncludeErrors | Select-Object defaultDomainName
@@ -49,6 +46,12 @@ Function Invoke-ListMailboxRules {
             $Type = $TenantFilter
         }
         $Queue = New-CippQueueEntry -Name "Mailbox Rules ($Type)" -Reference $QueueReference -TotalTasks ($Tenants | Measure-Object).Count
+        # If no rows are found and no queue is running, we will start a new one
+        $Metadata = [PSCustomObject]@{
+            QueueMessage = "Loading data for $TenantFilter. Please check back in 1 minute"
+            QueueId      = $Queue.RowKey
+        }
+
         $Batch = $Tenants | Select-Object defaultDomainName, @{Name = 'FunctionName'; Expression = { 'ListMailboxRulesQueue' } }, @{Name = 'QueueName'; Expression = { $_.defaultDomainName } }, @{Name = 'QueueId'; Expression = { $Queue.RowKey } }
         if (($Batch | Measure-Object).Count -gt 0) {
             $InputObject = [PSCustomObject]@{
@@ -66,6 +69,9 @@ Function Invoke-ListMailboxRules {
             $Rows = $Rows | Where-Object -Property Tenant -EQ $TenantFilter
             $Rows = $Rows
         }
+        $Metadata = [PSCustomObject]@{
+            QueueId = $RunningQueue.RowKey ?? $null
+        }
         $GraphRequest = $Rows | ForEach-Object {
             $NewObj = $_.Rules | ConvertFrom-Json -ErrorAction SilentlyContinue
             $NewObj | Add-Member -NotePropertyName 'Tenant' -NotePropertyValue $_.Tenant -Force

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Spamfilter/Invoke-ListMailQuarantine.ps1

@@ -29,6 +29,7 @@ function Invoke-ListMailQuarantine {
             if ($RunningQueue) {
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Still loading data for all tenants. Please check back in a few more minutes'
+                    QueueId      = $RunningQueue.RowKey
                 }
                 [PSCustomObject]@{
                     Waiting = $true
@@ -39,6 +40,7 @@ function Invoke-ListMailQuarantine {
                 $Queue = New-CippQueueEntry -Name 'Mail Quarantine - All Tenants' -Reference $QueueReference -TotalTasks ($TenantList | Measure-Object).Count
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Loading data for all tenants. Please check back in a few minutes'
+                    QueueId      = $Queue.RowKey
                 }
                 $InputObject = [PSCustomObject]@{
                     OrchestratorName = 'MailQuarantineOrchestrator'
@@ -57,6 +59,9 @@ function Invoke-ListMailQuarantine {
                     Waiting = $true
                 }
             } else {
+                $Metadata = [PSCustomObject]@{
+                    QueueId = $RunningQueue.RowKey ?? $null
+                }
                 $messages = $Rows
                 foreach ($message in $messages) {
                     $messageObj = $message.QuarantineMessage | ConvertFrom-Json

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1

@@ -75,13 +75,15 @@ function Invoke-ExecJITAdmin {
             if ($RunningQueue) {
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Still loading JIT Admin data for all tenants. Please check back in a few more minutes.'
+                    QueueId      = $RunningQueue.RowKey
                 }
             } elseif (!$Rows -and !$RunningQueue) {
                 $TenantList = Get-Tenants -IncludeErrors
                 $Queue = New-CippQueueEntry -Name 'JIT Admin List - All Tenants' -Link '/identity/administration/jit-admin?tenantFilter=AllTenants' -Reference $QueueReference -TotalTasks ($TenantList | Measure-Object).Count
 
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Loading JIT Admin data for all tenants. Please check back in a few minutes.'
+                    QueueId      = $Queue.RowKey
                 }
                 $InputObject = [PSCustomObject]@{
                     OrchestratorName = 'JITAdminOrchestrator'
@@ -97,6 +99,9 @@ function Invoke-ExecJITAdmin {
                 }
                 Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
             } else {
+                $Metadata = [PSCustomObject]@{
+                    QueueId = $RunningQueue.RowKey ?? $null
+                }
                 # There is data in the cache, so we will use that
                 Write-Information "Found $($Rows.Count) rows in the cache"
                 foreach ($row in $Rows) {

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecAlertsList.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecAlertsList {
+function Invoke-ExecAlertsList {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -68,6 +68,7 @@ Function Invoke-ExecAlertsList {
             if ($RunningQueue) {
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Still loading data for all tenants. Please check back in a few more minutes'
+                    QueueId      = $RunningQueue.RowKey
                 }
                 [PSCustomObject]@{
                     Waiting = $true
@@ -78,6 +79,7 @@ Function Invoke-ExecAlertsList {
                 $Queue = New-CippQueueEntry -Name 'Alerts List - All Tenants' -Reference $QueueReference -TotalTasks ($TenantList | Measure-Object).Count
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Loading data for all tenants. Please check back in a few minutes'
+                    QueueId      = $Queue.RowKey
                 }
                 $InputObject = [PSCustomObject]@{
                     OrchestratorName = 'AlertsOrchestrator'
@@ -97,6 +99,10 @@ Function Invoke-ExecAlertsList {
                     InstanceId = $InstanceId
                 }
             } else {
+                $Metadata = [PSCustomObject]@{
+                    QueueId = $RunningQueue.RowKey ?? $null
+                }
+
                 $Alerts = $Rows
                 $AlertsObj = foreach ($Alert in $Alerts) {
                     $AlertInfo = $Alert.Alert | ConvertFrom-Json

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Security/Invoke-ExecIncidentsList.ps1

@@ -1,6 +1,6 @@
 using namespace System.Net
 
-Function Invoke-ExecIncidentsList {
+function Invoke-ExecIncidentsList {
     <#
     .FUNCTIONALITY
         Entrypoint
@@ -52,13 +52,15 @@ Function Invoke-ExecIncidentsList {
             if ($RunningQueue) {
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Still loading data for all tenants. Please check back in a few more minutes'
+                    QueueId      = $RunningQueue.RowKey
                 }
             } elseif (!$Rows -and !$RunningQueue) {
                 # If no rows are found and no queue is running, we will start a new one
                 $TenantList = Get-Tenants -IncludeErrors
                 $Queue = New-CippQueueEntry -Name 'Incidents - All Tenants' -Link '/security/reports/incident-report?customerId=AllTenants' -Reference $QueueReference -TotalTasks ($TenantList | Measure-Object).Count
                 $Metadata = [PSCustomObject]@{
                     QueueMessage = 'Loading data for all tenants. Please check back in a few minutes'
+                    QueueId      = $Queue.RowKey
                 }
                 $InputObject = [PSCustomObject]@{
                     OrchestratorName = 'IncidentOrchestrator'
@@ -74,6 +76,9 @@ Function Invoke-ExecIncidentsList {
                 }
                 Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress) | Out-Null
             } else {
+                $Metadata = [PSCustomObject]@{
+                    QueueId = $RunningQueue.RowKey ?? $null
+                }
                 $Incidents = $Rows
                 foreach ($incident in $Incidents) {
                     $IncidentObj = $incident.Incident | ConvertFrom-Json