diff --git a/tests/AnalyticsRules/AnalyticsRules.Tests.ps1 b/tests/AnalyticsRules/AnalyticsRules.Tests.ps1 index 49ac1a3..48f54ee 100644 --- a/tests/AnalyticsRules/AnalyticsRules.Tests.ps1 +++ b/tests/AnalyticsRules/AnalyticsRules.Tests.ps1 @@ -42,13 +42,13 @@ Describe "Analytics Rules" -Tag "AnalyticsRules" { It "Analytics rule <_> is present" -ForEach @( $AnalyticsRuleIds ) { $AnalyticsRuleId = $_ - $AnalyticsRule = $CurrentItems | Where-Object { $_.id -match $AnalyticsRuleId } + $AnalyticsRule = $CurrentItems | Where-Object id -match $AnalyticsRuleId $AnalyticsRule.id | Should -Match $AnalyticsRuleId } It "Analytics rule <_> is enabled" -ForEach @( $AnalyticsRuleIds ) { $AnalyticsRuleId = $_ - $AnalyticsRule = $CurrentItems | Where-Object { $_.id -match $AnalyticsRuleId } + $AnalyticsRule = $CurrentItems | Where-Object id -match $AnalyticsRuleId $AnalyticsRule.properties.enabled | Should -Be $true } } \ No newline at end of file diff --git a/tests/CICD/AnalyticsRules-CICD.Tests.ps1 b/tests/CICD/AnalyticsRules-CICD.Tests.ps1 index 27bb3cb..0b150f6 100644 --- a/tests/CICD/AnalyticsRules-CICD.Tests.ps1 +++ b/tests/CICD/AnalyticsRules-CICD.Tests.ps1 @@ -52,23 +52,23 @@ Describe "Analytics Rules" -Tag "AnalyticsRules-CICD" { Context "Analytics rule `"`" ()" -ForEach $AnalyticsRulesDefinition { It "Analytics rule is present" { - $Item = $CurrentItems | Where-Object { $_.id -match $id } + $Item = $CurrentItems | Where-Objectid -match $id $Item.id | Should -Match $id } It "Analytics rule name is set to " { - $Item = $CurrentItems | Where-Object { $_.id -match $id } + $Item = $CurrentItems | Where-Objectid -match $id $Item.properties.displayName | Should -Be $name } It "Analytics rule should not be in state `"AUTO DISABLED`"" { # https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-custom#issue-a-scheduled-rule-failed-to-execute-or-appears-with-auto-disabled-added-to-the-name - $Item = $CurrentItems | Where-Object { $_.id -match $id } + $Item = $CurrentItems | Where-Objectid -match $id $Item.properties.displayName | Should -Not -Match "AUTO DISABLED" } It "Analytics rule is enabled" { - $Item = $CurrentItems | Where-Object { $_.id -match $id } + $Item = $CurrentItems | Where-Objectid -match $id $Item.properties.enabled | Should -Be $true } diff --git a/tests/CICD/AutomationRules-CICD.Tests.ps1 b/tests/CICD/AutomationRules-CICD.Tests.ps1 index 3d02e2d..1f32079 100644 --- a/tests/CICD/AutomationRules-CICD.Tests.ps1 +++ b/tests/CICD/AutomationRules-CICD.Tests.ps1 @@ -46,17 +46,17 @@ BeforeAll { Describe "Automation Rules" -Tag "AutomationRules-CICD" { It "Automation rule is present" -ForEach $AutomationRulesDefinition { - $Item = $CurrentItems | Where-Object { $_.name -match $id } + $Item = $CurrentItems | Where-Object name -match $id $Item.name | Should -Match $id } It "Automation rule order is set to " -ForEach $AutomationRulesDefinition { - $Item = $CurrentItems | Where-Object { $_.name -match $id } + $Item = $CurrentItems | Where-Object name -match $id $Item.properties.order | Should -Be $order } It "Automation rule is " -ForEach $AutomationRulesDefinition { - $Item = $CurrentItems | Where-Object { $_.name -match $id } + $Item = $CurrentItems | Where-Object name -match $id $Item.properties.triggeringLogic.isEnabled | Should -Be $enabled } } diff --git a/tests/CICD/Watchlists-CICD.Tests.ps1 b/tests/CICD/Watchlists-CICD.Tests.ps1 index 3de5759..8bdda42 100644 --- a/tests/CICD/Watchlists-CICD.Tests.ps1 +++ b/tests/CICD/Watchlists-CICD.Tests.ps1 @@ -41,7 +41,7 @@ Describe "Watchlists" -Tag "Watchlists-CICD" -ForEach $UsedWatchlists { } It "Watchlist <_> used by Analytics Rules is deployed" { - $Item = $CurrentItems | Where-Object { $_.name -match $CurrentWatchlist } + $Item = $CurrentItems | Where-Object name -match $CurrentWatchlist $Item.name | Should -Be $CurrentWatchlist } diff --git a/tests/Configuration/SentinelConfiguration.Tests.ps1 b/tests/Configuration/SentinelConfiguration.Tests.ps1 index b08c722..33d7d8e 100644 --- a/tests/Configuration/SentinelConfiguration.Tests.ps1 +++ b/tests/Configuration/SentinelConfiguration.Tests.ps1 @@ -37,19 +37,19 @@ BeforeAll { Describe "Sentinel Configuration" -Tag "Configuration", "Sentinel" { It "UEBA Source <_> is enabled" -ForEach "AuditLogs", "SecurityEvent", "SigninLogs", "AzureActivity" -Tag "UEBA" { - $SentinelSettings | Where-Object { $_.name -eq "Ueba" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty dataSources | Should -Contain $_ + $SentinelSettings | Where-Object name -eq "Ueba" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty dataSources | Should -Contain $_ } It "EntityAnalytics source <_> is enabled" -ForEach "ActiveDirectory", "AzureActiveDirectory" -Tag "EntityAnalytics" { - $SentinelSettings | Where-Object { $_.name -eq "EntityAnalytics" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty entityProviders | Should -Contain $_ + $SentinelSettings | Where-Object name -eq "EntityAnalytics" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty entityProviders | Should -Contain $_ } It "Anomalies is enabled" -Tag "Anomalies" { - $SentinelSettings | Where-Object { $_.name -eq "Anomalies" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true + $SentinelSettings | Where-Object name -eq "Anomalies" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true } It "Microsoft data access is enabled (EyesOn)" -Tag "EyesOn" { - $SentinelSettings | Where-Object { $_.name -eq "EyesOn" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true + $SentinelSettings | Where-Object name -eq "EyesOn" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true } It "Diagnostic settings are send to the same Log Analytics workspace" -Tag "DiagnosticSettings" { @@ -57,7 +57,7 @@ Describe "Sentinel Configuration" -Tag "Configuration", "Sentinel" { } It "All diagnostic settings are enabled" -Tag "DiagnosticSettings" { - $DiagnosticSettings.properties.logs | Where-Object { $_.enabled -eq $false } | Should -BeNullOrEmpty + $DiagnosticSettings.properties.logs | Where-Object enabled -eq $false | Should -BeNullOrEmpty } It "SentinelHealth should have current data (1d)" { diff --git a/tests/Watchlists/Watchlists.Tests.ps1 b/tests/Watchlists/Watchlists.Tests.ps1 index 2438d85..4e82adb 100644 --- a/tests/Watchlists/Watchlists.Tests.ps1 +++ b/tests/Watchlists/Watchlists.Tests.ps1 @@ -39,13 +39,13 @@ Describe "Watchlist" -Tag "Watchlists" { It "Watchlist is present" -ForEach $WatchListConfig { $WatchlistName = $name - $Watchlist = $CurrentItems | Where-Object { $_.name -eq $WatchlistName } + $Watchlist = $CurrentItems | Where-Object name -eq $WatchlistName $Watchlist.name | Should -Match $WatchlistName } It "Watchlist was updated in the last days" -ForEach $WatchListConfig { $WatchlistName = $name - $Watchlist = $CurrentItems | Where-Object { $_.name -eq $WatchlistName } + $Watchlist = $CurrentItems | Where-Object name -eq $WatchlistName $ModifiedTime = New-TimeSpan -Start $watchList.systemData.lastModifiedAt -End (Get-Date) $ModifiedTime.TotalDays | Should -BeLessOrEqual $maxAgeInDays }