SecurityPermissionsChecker.psm1
|
Set-StrictMode -Version Latest function Start-SecurityPermissionsChecker { [CmdletBinding()] param( [Parameter(Mandatory = $true, HelpMessage = "Path to the HAR file to analyze")] [string]$HarFilePath, [Parameter(Mandatory = $false, HelpMessage = "Output format: Console, JSON, or HTML")] [ValidateSet("Console", "JSON", "HTML")] [string]$OutputFormat = "Console", [Parameter(Mandatory = $false, HelpMessage = "Output file path (for JSON or HTML output)")] [string]$OutputPath, [Parameter(Mandatory = $false, HelpMessage = "Skip interactive prompts and use default locations")] [switch]$NoPrompt ) # Ensure System.Web for HTML encoding when needed try { Add-Type -AssemblyName System.Web -ErrorAction SilentlyContinue } catch {} # --- Utility: decode base64 content if needed --- function Decode-Content { param( [string]$Content, [string]$Encoding ) if ($Encoding -eq "base64") { try { $bytes = [System.Convert]::FromBase64String($Content) return [System.Text.Encoding]::UTF8.GetString($bytes) } catch { Write-Warning "Failed to decode base64 content: $_" return $Content } } return $Content } # --- Known Entra Role Template IDs → Names (add more as needed) --- $EntraRoleTemplateMap = @{ '62e90394-69f5-4237-9190-012177145e10' = 'Global Administrator' # GA # Add more if needed } function Resolve-DirRoleName { param([string]$Role) if ($EntraRoleTemplateMap.ContainsKey($Role)) { return $EntraRoleTemplateMap[$Role] } return $Role } # Capability catalog + mappings # Keep these aligned with: https://learn.microsoft.com/defender-xdr/compare-rbac-roles $PermissionsMappings = @( @{ Id="id-incident.manage"; Display="Incident management" }, @{ Id="id-hunting.query"; Display="Advanced hunting (query)" }, @{ Id="id-hunting.manage"; Display="Advanced hunting (manage settings)" }, @{ Id="id-threat.explorer"; Display="Threat Explorer/Real-time detections (view)" } # Add more mappings here... ) # ---------------------------------------------------------------- # MAIN LOGIC for processing HAR file goes here # ---------------------------------------------------------------- if (-not (Test-Path -LiteralPath $HarFilePath)) { throw "HAR file not found: $HarFilePath" } Write-Host "Processing HAR file: $HarFilePath" -ForegroundColor Cyan # TODO: Add your real HAR parsing + permission checking code here # For demo: Write-Host "Output format: $OutputFormat" if ($OutputFormat -eq "HTML") { Write-Host "Saving HTML output to: $OutputPath" } Write-Host "SecurityPermissionsChecker analysis completed." -ForegroundColor Green } Export-ModuleMember -Function Start-SecurityPermissionsChecker |