updated collectors

Author: silverhack

collectors/entraid/entraidportal/authentication/Get-MonkeyADPasswordResetPolicy.ps1

@@ -70,7 +70,7 @@ function Get-MonkeyADPasswordResetPolicy {
 
 			);
 			enabled = $true;
-			supportClientCredential = $true
+			supportClientCredential = $false
 		}
 		#Get Azure Active Directory Auth
 		$AADAuth = $O365Object.auth_tokens.AzurePortal
@@ -80,14 +80,14 @@ function Get-MonkeyADPasswordResetPolicy {
 			MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Microsoft Entra ID password reset policy",$O365Object.TenantID);
 			callStack = (Get-PSCallStack | Select-Object -First 1);
 			logLevel = 'info';
-			InformationAction = $InformationAction;
+			InformationAction = $O365Object.InformationAction;
 			Tags = @('AzurePortalSSPRPolicy');
 		}
 		Write-Information @msg
 		#Query
 		$params = @{
 			Authentication = $AADAuth;
-			Query = 'PasswordReset/PasswordResetPolicies';
+			Query = 'PasswordReset/PasswordResetPolicies?getPasswordResetEnabledGroup=true';
 			Environment = $Environment;
 			ContentType = 'application/json';
 			Method = "GET";

collectors/entraid/msgraph/audit/Get-MonkeyAADAudit.ps1

@@ -52,6 +52,10 @@ function Get-MonkeyAADAudit {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADAudit";
 			ApiType = "MSGraph";
+            objectType = 'EntraAuditLog';
+            immutableProperties = @(
+                'id'
+            );
 			description = "Collector to get audit logs from Microsoft Entra ID";
 			Group = @(
 				"EntraID"

collectors/entraid/msgraph/directoryroles/Get-MonkeyAADDirectoryRole.ps1

@@ -53,6 +53,11 @@ function Get-MonkeyAADDirectoryRole {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADDirectoryRole";
 			ApiType = "MSGraph";
+            objectType = 'EntraDirectoryRole';
+            immutableProperties = @(
+                'id',
+                'displayName'
+            );
 			description = "Collector to get Directoryroles from Microsoft Entra ID";
 			Group = @(
 				"EntraID"

collectors/entraid/msgraph/domain/Get-MonkeyAADDomain.ps1

@@ -52,6 +52,10 @@ function Get-MonkeyAADDomain {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADDomain";
 			ApiType = "MSGraph";
+            objectType = 'EntraDomain';
+            immutableProperties = @(
+                'id'
+            );
 			description = "Collector to get information about domain from Microsoft Entra ID";
 			Group = @(
 				"EntraID"

collectors/entraid/msgraph/externalCollaboration/Get-MonkeyAADExternalCollaboration.ps1

@@ -52,6 +52,11 @@ function Get-MonkeyAADExternalCollaboration {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADExternalCollaboration";
 			ApiType = "MSGraph";
+            objectType = 'EntraExternalCollaborationSettings';
+            immutableProperties = @(
+                'id',
+                'displayName'
+            );
 			description = "Collector to get information about external collaboration from Microsoft Entra ID";
 			Group = @(
 				"EntraID"
@@ -63,7 +68,8 @@ function Get-MonkeyAADExternalCollaboration {
 				"https://silverhack.github.io/monkey365/"
 			);
 			ruleSuffixes = @(
-				"aad_domains"
+				"aad_cross_tenant_accessPolicy",
+                "aad_external_collaboration_settings"
 			);
 			dependsOn = @(
 

collectors/entraid/msgraph/general/Get-MonkeyAADAppAndService.ps1

@@ -0,0 +1,127 @@
+# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+function Get-MonkeyAADAppAndService {
+<#
+        .SYNOPSIS
+		Collector to get properties and relationships of a adminAppsAndServices object
+
+        .DESCRIPTION
+		Collector to get properties and relationships of a adminAppsAndServices object
+
+        .INPUTS
+
+        .OUTPUTS
+
+        .EXAMPLE
+
+        .NOTES
+	        Author		: Juan Garrido
+            Twitter		: @tr1ana
+            File Name	: Get-MonkeyAADAppAndService
+            Version     : 1.0
+
+        .LINK
+            https://github.com/silverhack/monkey365
+    #>
+
+	[CmdletBinding()]
+	param(
+		[Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")]
+		[string]$collectorId
+	)
+	begin {
+		#Collector metadata
+		$monkey_metadata = @{
+			Id = "aad0046";
+			Provider = "EntraID";
+			Resource = "EntraID";
+			ResourceType = $null;
+			resourceName = $null;
+			collectorName = "Get-MonkeyAADAppAndService";
+			ApiType = "MSGraph";
+            objectType = 'EntraAppAndService';
+            immutableProperties = @(
+                '@odata.context'
+            );
+			description = "Collector to get properties and relationships of a adminAppsAndServices object";
+			Group = @(
+				"EntraID"
+			);
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
+			ruleSuffixes = @(
+				"aad_app_and_services"
+			);
+			dependsOn = @(
+
+			);
+			enabled = $true;
+			supportClientCredential = $true
+		}
+		$settings = $null
+	}
+	process {
+		$msg = @{
+			MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Microsoft Entra ID App And Services",$O365Object.TenantID);
+			callStack = (Get-PSCallStack | Select-Object -First 1);
+			logLevel = 'info';
+			InformationAction = $O365Object.InformationAction;
+			Tags = @('EntraIDInfo');
+		}
+		Write-Information @msg
+		$p = @{
+			APIVersion = 'beta';
+			InformationAction = $O365Object.InformationAction;
+			Verbose = $O365Object.Verbose;
+			Debug = $O365Object.Debug;
+		}
+		$settings = Get-MonkeyMSGraphAppAndService @p
+	}
+	End {
+		If ($null -ne $settings) {
+			$settings.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.AppServices')
+			[pscustomobject]$obj = @{
+				Data = $settings;
+				Metadata = $monkey_metadata;
+			}
+			$returnData.aad_app_and_services = $obj;
+		}
+		Else {
+			$msg = @{
+				MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Entra ID App And Services",$O365Object.TenantID);
+				callStack = (Get-PSCallStack | Select-Object -First 1);
+				logLevel = "verbose";
+				InformationAction = $O365Object.InformationAction;
+				Verbose = $O365Object.Verbose;
+				Tags = @('EntraIDEmptyResponse')
+			}
+			Write-Verbose @msg
+		}
+	}
+}
+
+
+
+
+
+
+
+
+

collectors/entraid/msgraph/general/Get-MonkeyAADSetting.ps1

@@ -52,6 +52,11 @@ function Get-MonkeyAADSetting {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADSetting";
 			ApiType = "MSGraph";
+            objectType = 'EntraSettings';
+            immutableProperties = @(
+                'id',
+                'displayName'
+            );
 			description = "Collector to get settings from Microsoft Entra ID";
 			Group = @(
 				"EntraID"

collectors/entraid/msgraph/groups/Get-MonkeyAADGroup.ps1

@@ -52,6 +52,10 @@ function Get-MonkeyAADGroup {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADGroup";
 			ApiType = "MSGraph";
+            objectType = 'EntraGroup';
+            immutableProperties = @(
+                'id'
+            );
 			description = "Collector to get information about groups from Microsoft Entra ID";
 			Group = @(
 				"EntraID"

collectors/entraid/msgraph/groups/Get-MonkeyAADGroupSetting.ps1

@@ -0,0 +1,144 @@
+# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+function Get-MonkeyAADGroupSetting {
+<#
+        .SYNOPSIS
+		Collector to get information about group settings from Microsoft Entra ID
+
+        .DESCRIPTION
+		Collector to get information about group settings from Microsoft Entra ID
+
+        .INPUTS
+
+        .OUTPUTS
+
+        .EXAMPLE
+
+        .NOTES
+	        Author		: Juan Garrido
+            Twitter		: @tr1ana
+            File Name	: Get-MonkeyAADGroupSetting
+            Version     : 1.0
+
+        .LINK
+            https://github.com/silverhack/monkey365
+    #>
+
+	[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments","",Scope = "Function")]
+	[CmdletBinding()]
+	param(
+		[Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")]
+		[string]$collectorId
+	)
+	begin {
+		#Collector metadata
+		$monkey_metadata = @{
+			Id = "aad0003";
+			Provider = "EntraID";
+			Resource = "EntraID";
+			ResourceType = $null;
+			resourceName = $null;
+			collectorName = "Get-MonkeyAADGroupSetting";
+			ApiType = "MSGraph";
+            objectType = 'EntraGroup';
+            immutableProperties = @(
+                'id'
+            );
+			description = "Collector to get information about group settings from Microsoft Entra ID";
+			Group = @(
+				"EntraID"
+			);
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
+			ruleSuffixes = @(
+				"aad_group_settings"
+			);
+			dependsOn = @(
+
+			);
+			enabled = $true;
+			supportClientCredential = $true
+		}
+		#Get Config
+		try {
+			$aadConf = $O365Object.internal_config.entraId.Provider.msgraph
+		}
+		catch {
+			$msg = @{
+				MessageData = ($message.MonkeyInternalConfigError);
+				callStack = (Get-PSCallStack | Select-Object -First 1);
+				logLevel = 'verbose';
+				InformationAction = $O365Object.InformationAction;
+				Tags = @('Monkey365ConfigError');
+			}
+			Write-Verbose @msg
+			break
+		}
+		$group_settings = $null
+	}
+	process {
+		$msg = @{
+			MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Microsoft Entra ID Group settings",$O365Object.TenantID);
+			callStack = (Get-PSCallStack | Select-Object -First 1);
+			logLevel = 'info';
+			InformationAction = $O365Object.InformationAction;
+			Tags = @('EntraIDGroupSettings');
+		}
+		Write-Information @msg
+        # Resource is not found in beta version
+		$p = @{
+			APIVersion = 'v1.0';
+			InformationAction = $O365Object.InformationAction;
+			Verbose = $O365Object.Verbose;
+			Debug = $O365Object.Debug;
+		}
+		$group_settings = Get-MonkeyMSGraphGroupSetting @p
+	}
+	end {
+		if ($null -ne $group_settings) {
+			$group_settings.PSObject.TypeNames.Insert(0,'Monkey365.EntraID.GroupSettings')
+			[pscustomobject]$obj = @{
+				Data = $group_settings;
+				Metadata = $monkey_metadata;
+			}
+			$returnData.aad_group_settings = $obj;
+		}
+		else {
+			$msg = @{
+				MessageData = ($message.MonkeyEmptyResponseMessage -f "Microsoft Entra ID Group settings",$O365Object.TenantID);
+				callStack = (Get-PSCallStack | Select-Object -First 1);
+				logLevel = "verbose";
+				InformationAction = $O365Object.InformationAction;
+				Verbose = $O365Object.Verbose;
+				Tags = @('EntraIDGroupSettingsEmptyResponse')
+			}
+			Write-Verbose @msg
+		}
+	}
+}
+
+
+
+
+
+
+
+
+

collectors/entraid/msgraph/identity/Get-MonkeyAADIdentityProtectionNotification.ps1

@@ -52,6 +52,10 @@ function Get-MonkeyAADIdentityProtectionNotification {
 			resourceName = $null;
 			collectorName = "Get-MonkeyAADIdentityProtectionNotification";
 			ApiType = "MSGraph";
+            objectType = 'EntraIdentityProtectionNotification';
+            immutableProperties = @(
+                '@odata.context'
+            );
 			description = "Collector to get notification settings for Entra ID Identity Protection";
 			Group = @(
 				"EntraID"