f-bader · HCRitter · Sep 26, 2023
diff --git a/tests/AnalyticsRules/AnalyticsRules.Tests.ps1 b/tests/AnalyticsRules/AnalyticsRules.Tests.ps1
@@ -42,13 +42,13 @@ Describe "Analytics Rules" -Tag "AnalyticsRules" {
 
     It "Analytics rule <_> is present" -ForEach @( $AnalyticsRuleIds ) {
         $AnalyticsRuleId = $_
-        $AnalyticsRule = $CurrentItems | Where-Object { $_.id -match $AnalyticsRuleId }
+        $AnalyticsRule = $CurrentItems | Where-Object id -match $AnalyticsRuleId 
         $AnalyticsRule.id | Should -Match $AnalyticsRuleId
     }
 
     It "Analytics rule <_> is enabled" -ForEach @( $AnalyticsRuleIds ) {
         $AnalyticsRuleId = $_
-        $AnalyticsRule = $CurrentItems | Where-Object { $_.id -match $AnalyticsRuleId }
+        $AnalyticsRule = $CurrentItems | Where-Object id -match $AnalyticsRuleId 
         $AnalyticsRule.properties.enabled | Should -Be $true
     }
 }
diff --git a/tests/CICD/AnalyticsRules-CICD.Tests.ps1 b/tests/CICD/AnalyticsRules-CICD.Tests.ps1
@@ -52,23 +52,23 @@ Describe "Analytics Rules" -Tag "AnalyticsRules-CICD" {
     Context "Analytics rule `"<name>`" (<id>)" -ForEach $AnalyticsRulesDefinition {
 
         It "Analytics rule is present" {
-            $Item = $CurrentItems | Where-Object { $_.id -match $id }
+            $Item = $CurrentItems | Where-Objectid -match $id 
             $Item.id | Should -Match $id
         }
 
         It "Analytics rule name is set to <name>" {
-            $Item = $CurrentItems | Where-Object { $_.id -match $id }
+            $Item = $CurrentItems | Where-Objectid -match $id 
             $Item.properties.displayName | Should -Be $name
         }
 
         It "Analytics rule should not be in state `"AUTO DISABLED`"" {
             # https://learn.microsoft.com/en-us/azure/sentinel/detect-threats-custom#issue-a-scheduled-rule-failed-to-execute-or-appears-with-auto-disabled-added-to-the-name
-            $Item = $CurrentItems | Where-Object { $_.id -match $id }
+            $Item = $CurrentItems | Where-Objectid -match $id 
             $Item.properties.displayName  | Should -Not -Match "AUTO DISABLED"
         }
 
         It "Analytics rule is enabled" {
-            $Item = $CurrentItems | Where-Object { $_.id -match $id }
+            $Item = $CurrentItems | Where-Objectid -match $id 
             $Item.properties.enabled | Should -Be $true
         }
 

diff --git a/tests/CICD/AutomationRules-CICD.Tests.ps1 b/tests/CICD/AutomationRules-CICD.Tests.ps1
@@ -46,17 +46,17 @@ BeforeAll {
 Describe "Automation Rules" -Tag "AutomationRules-CICD" {
 
     It "Automation rule <id> is present" -ForEach $AutomationRulesDefinition {
-        $Item = $CurrentItems | Where-Object { $_.name -match $id }
+        $Item = $CurrentItems | Where-Object name -match $id
         $Item.name | Should -Match $id
     }
 
     It "Automation rule <id> order is set to <order>" -ForEach $AutomationRulesDefinition {
-        $Item = $CurrentItems | Where-Object { $_.name -match $id }
+        $Item = $CurrentItems | Where-Object name -match $id
         $Item.properties.order | Should -Be $order
     }
 
     It "Automation rule <id> is <enabled>" -ForEach $AutomationRulesDefinition {
-        $Item = $CurrentItems | Where-Object { $_.name -match $id }
+        $Item = $CurrentItems | Where-Object name -match $id 
         $Item.properties.triggeringLogic.isEnabled | Should -Be $enabled
     }
 }
diff --git a/tests/CICD/Watchlists-CICD.Tests.ps1 b/tests/CICD/Watchlists-CICD.Tests.ps1
@@ -41,7 +41,7 @@ Describe "Watchlists" -Tag "Watchlists-CICD" -ForEach $UsedWatchlists {
     }
 
     It "Watchlist <_> used by Analytics Rules is deployed" {
-        $Item = $CurrentItems | Where-Object { $_.name -match $CurrentWatchlist }
+        $Item = $CurrentItems | Where-Object name -match $CurrentWatchlist
         $Item.name | Should -Be $CurrentWatchlist
     }
 

diff --git a/tests/Configuration/SentinelConfiguration.Tests.ps1 b/tests/Configuration/SentinelConfiguration.Tests.ps1
@@ -37,27 +37,27 @@ BeforeAll {
 Describe "Sentinel Configuration" -Tag "Configuration", "Sentinel" {
 
     It "UEBA Source <_> is enabled" -ForEach "AuditLogs", "SecurityEvent", "SigninLogs", "AzureActivity" -Tag "UEBA" {
-        $SentinelSettings | Where-Object { $_.name -eq "Ueba" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty dataSources | Should -Contain $_
+        $SentinelSettings | Where-Object name -eq "Ueba"  | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty dataSources | Should -Contain $_
     }
 
     It "EntityAnalytics source <_> is enabled" -ForEach "ActiveDirectory", "AzureActiveDirectory" -Tag "EntityAnalytics" {
-        $SentinelSettings | Where-Object { $_.name -eq "EntityAnalytics" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty entityProviders | Should -Contain $_
+        $SentinelSettings | Where-Object name -eq "EntityAnalytics" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty entityProviders | Should -Contain $_
     }
 
     It "Anomalies is enabled" -Tag "Anomalies" {
-        $SentinelSettings | Where-Object { $_.name -eq "Anomalies" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true
+        $SentinelSettings | Where-Object name -eq "Anomalies" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true
     }
 
     It "Microsoft data access is enabled (EyesOn)" -Tag "EyesOn" {
-        $SentinelSettings | Where-Object { $_.name -eq "EyesOn" } | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true
+        $SentinelSettings | Where-Object name -eq "EyesOn" | Select-Object -ExpandProperty properties | Select-Object -ExpandProperty isEnabled | Should -Be $true
     }
 
     It "Diagnostic settings are send to the same Log Analytics workspace" -Tag "DiagnosticSettings" {
         $DiagnosticSettings.id -like "$($DiagnosticSettings.properties.workspaceId)*" | Should -Be $true
     }
 
     It "All diagnostic settings are enabled" -Tag "DiagnosticSettings" {
-        $DiagnosticSettings.properties.logs | Where-Object { $_.enabled -eq $false } | Should -BeNullOrEmpty
+        $DiagnosticSettings.properties.logs | Where-Object enabled -eq $false  | Should -BeNullOrEmpty
     }
 
     It "SentinelHealth should have current data (1d)" {

diff --git a/tests/Watchlists/Watchlists.Tests.ps1 b/tests/Watchlists/Watchlists.Tests.ps1
@@ -39,13 +39,13 @@ Describe "Watchlist" -Tag "Watchlists" {
 
     It "Watchlist <name> is present" -ForEach $WatchListConfig {
         $WatchlistName = $name
-        $Watchlist = $CurrentItems | Where-Object { $_.name -eq $WatchlistName }
+        $Watchlist = $CurrentItems | Where-Object name -eq $WatchlistName 
         $Watchlist.name | Should -Match $WatchlistName
     }
 
     It "Watchlist <name> was updated in the last <maxAgeInDays> days" -ForEach $WatchListConfig {
         $WatchlistName = $name
-        $Watchlist = $CurrentItems | Where-Object { $_.name -eq $WatchlistName }
+        $Watchlist = $CurrentItems | Where-Object name -eq $WatchlistName 
         $ModifiedTime = New-TimeSpan -Start $watchList.systemData.lastModifiedAt -End (Get-Date)
         $ModifiedTime.TotalDays | Should -BeLessOrEqual $maxAgeInDays
     }