Merge branch 'develop'

Author: silverhack

Invoke-Monkey365.ps1

@@ -306,10 +306,7 @@ Function Invoke-Monkey365{
         [Switch]$ForceMSALDesktop,
 
         [Parameter(Mandatory=$false, HelpMessage="List available collectors")]
-        [Switch]$ListCollector,
-
-        [Parameter(Mandatory=$false, HelpMessage="List available rules")]
-        [Switch]$ListRule
+        [Switch]$ListCollector
     )
     dynamicparam{
         # Set available instance class
@@ -520,7 +517,7 @@ Function Invoke-Monkey365{
         #Connect
         Connect-MonkeyCloud
         #Start Watcher
-        if($null -ne (Get-Command -Name "Watch-AccessToken" -ErrorAction ignore)){
+        If($null -ne (Get-Command -Name "Watch-AccessToken" -ErrorAction ignore)){
             Watch-AccessToken
         }
     }
@@ -579,3 +576,4 @@ Function Invoke-Monkey365{
         }
     }
 }
+

build.ps1

@@ -78,3 +78,4 @@ $param = @{
 Write-information @param
 #Start process
 Start-Process docker -ArgumentList $buildArgs -NoNewWindow -Wait
+

collectors/azure/APIM/Get-MonkeyAZAPIM.ps1

@@ -131,3 +131,4 @@ function Get-MonkeyAZAPIM {
 
 
 
+

collectors/azure/alerts/securityalerts/Get-MonkeyAzSecurityAlert.ps1

@@ -138,3 +138,4 @@ function Get-MonkeyAzSecurityAlert {
 
 
 
+

collectors/azure/applicationInsights/Get-MonkeyAZApplicationInsightComponent.ps1

@@ -0,0 +1,129 @@
+# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+function Get-MonkeyAZApplicationInsightComponent {
+<#
+        .SYNOPSIS
+		Azure Collector to get application insight component
+
+        .DESCRIPTION
+		Azure Collector to get application insight component
+
+        .INPUTS
+
+        .OUTPUTS
+
+        .EXAMPLE
+
+        .NOTES
+	        Author		: Juan Garrido
+            Twitter		: @tr1ana
+            File Name	: Get-MonkeyAZApplicationInsightComponent
+            Version     : 1.0
+
+        .LINK
+            https://github.com/silverhack/monkey365
+    #>
+
+	[CmdletBinding()]
+	param(
+		[Parameter(Mandatory = $false,HelpMessage = "Background Collector ID")]
+		[string]$collectorId
+	)
+	Begin {
+		#Collector metadata
+		$monkey_metadata = @{
+			Id = "az000108";
+			Provider = "Azure";
+			Resource = "Subscription";
+			ResourceType = $null;
+			resourceName = $null;
+			collectorName = "Get-MonkeyAZApplicationInsightComponent";
+			ApiType = "resourceManagement";
+			description = "Azure Collector to get application insight component";
+			Group = @(
+				"Subscription"
+			);
+			Tags = @(
+
+			);
+			references = @(
+				"https://silverhack.github.io/monkey365/"
+			);
+			ruleSuffixes = @(
+				"az_insight_component"
+			);
+			dependsOn = @(
+
+			);
+			enabled = $true;
+			supportClientCredential = $true
+		}
+		#Get Config
+		$config = $O365Object.internal_config.ResourceManager | Where-Object { $_.Name -eq "azureInsightsComponent" } | Select-Object -ExpandProperty resource
+		#Get instances
+		$Instances = $O365Object.all_resources.Where({ $_.Id -like '*microsoft.insights/components*' })
+		if (-not $Instances) { continue }
+		$AllInstances = $null
+	}
+	Process {
+		$msg = @{
+			MessageData = ($message.MonkeyGenericTaskMessage -f $collectorId,"Azure Insights Component",$O365Object.current_subscription.displayName);
+			callStack = (Get-PSCallStack | Select-Object -First 1);
+			logLevel = 'info';
+			InformationAction = $InformationAction;
+			Tags = @('AzureInsightsInfo');
+		}
+		Write-Information @msg
+        if ($Instances.Count -gt 0) {
+			$new_arg = @{
+				APIVersion = $config.api_version;
+			}
+			$p = @{
+				ScriptBlock = { Get-MonkeyAzInsightComponentInfo -InputObject $_ };
+				Arguments = $new_arg;
+				Runspacepool = $O365Object.monkey_runspacePool;
+				ReuseRunspacePool = $true;
+				Debug = $O365Object.VerboseOptions.Debug;
+				Verbose = $O365Object.VerboseOptions.Verbose;
+				MaxQueue = $O365Object.nestedRunspaces.MaxQueue;
+				BatchSleep = $O365Object.nestedRunspaces.BatchSleep;
+				BatchSize = $O365Object.nestedRunspaces.BatchSize;
+			}
+			$AllInstances = $Instances | Invoke-MonkeyJob @p
+		}
+	}
+	End {
+		if ($AllInstances) {
+			$AllInstances.PSObject.TypeNames.Insert(0,'Monkey365.Azure.Application.Insights.Components')
+			[pscustomobject]$obj = @{
+				Data = $AllInstances;
+				Metadata = $monkey_metadata;
+			}
+			$returnData.az_insight_component = $obj
+		}
+		else {
+			$msg = @{
+				MessageData = ($message.MonkeyEmptyResponseMessage -f "Azure Insights Component",$O365Object.TenantID);
+				callStack = (Get-PSCallStack | Select-Object -First 1);
+				logLevel = "verbose";
+				InformationAction = $O365Object.InformationAction;
+				Tags = @('AzureInsightsEmptyResponse');
+				Verbose = $O365Object.Verbose;
+			}
+			Write-Verbose @msg
+		}
+	}
+}

collectors/azure/appservices/Get-MonkeyAzAppServiceInfo.ps1

@@ -137,3 +137,4 @@ function Get-MonkeyAzAppServiceInfo {
 
 
 
+

collectors/azure/botchannels/Get-MonkeyAzBotChannel.ps1

@@ -139,3 +139,4 @@ function Get-MonkeyAzBotChannel {
 
 
 
+

collectors/azure/classicvm/virtualmachines/Get-MonkeyAzClassicDisk.ps1

@@ -132,3 +132,4 @@ function Get-MonkeyAzClassicDisk {
 
 
 
+

collectors/azure/classicvm/virtualmachines/Get-MonkeyAzClassicVM.ps1

@@ -171,3 +171,4 @@ function Get-MonkeyAzClassicVM {
 
 
 
+

collectors/azure/cognitive/Get-MonkeyAzCognitiveService.ps1

@@ -48,7 +48,7 @@ function Get-MonkeyAzCognitiveService {
 	begin {
 		#Collector metadata
 		$monkey_metadata = @{
-			Id = "az00006";
+			Id = "az00162";
 			Provider = "Azure";
 			Resource = "CognitiveServices";
 			ResourceType = $null;
@@ -77,9 +77,9 @@ function Get-MonkeyAzCognitiveService {
 		#Get Config
 		$CognitiveAPI = $O365Object.internal_config.ResourceManager | Where-Object { $_.Name -eq "azureCognitive" } | Select-Object -ExpandProperty resource
 		#Get Cognitive Services accounts
-		$cognitive_services = $O365Object.all_resources | Where-Object { $_.type -like 'Microsoft.CognitiveServices/accounts' }
+		$cognitive_services = $O365Object.all_resources.Where({ $_.type -like '*Microsoft.CognitiveServices/accounts*'})
 		if (-not $cognitive_services) { continue }
-		$all_cognitive_services = @();
+		$all_cognitive_services = $null;
 	}
 	process {
 		$msg = @{
@@ -91,29 +91,22 @@ function Get-MonkeyAzCognitiveService {
 		}
 		Write-Information @msg
 		#Get All Cognitive accounts
-		if ($cognitive_services) {
-			foreach ($cognitive_service in $cognitive_services) {
-				#Set query
-				$p = @{
-					Id = $cognitive_service.Id;
-					APIVersion = $CognitiveAPI.api_version;
-					Verbose = $O365Object.Verbose;
-					Debug = $O365Object.Debug;
-					InformationAction = $O365Object.InformationAction;
-				}
-				$my_cognitive_account = Get-MonkeyAzObjectById @p
-				if ($my_cognitive_account) {
-					#Get Network properties
-					if (-not $my_cognitive_account.Properties.NetworkRuleSet) {
-						$my_cognitive_account | Add-Member -Type NoteProperty -Name allowAccessFromAllNetworks -Value $true
-					}
-					else {
-						$my_cognitive_account | Add-Member -Type NoteProperty -Name allowAccessFromAllNetworks -Value $false
-					}
-					#Add cognitive account to array
-					$all_cognitive_services += $my_cognitive_account
-				}
+		if ($cognitive_services.Count -gt 0) {
+			$new_arg = @{
+				APIVersion = $CognitiveAPI.api_version;
 			}
+			$p = @{
+				ScriptBlock = { Get-MonkeyAIHubCognitiveAccountInfo -InputObject $_ };
+				Arguments = $new_arg;
+				Runspacepool = $O365Object.monkey_runspacePool;
+				ReuseRunspacePool = $true;
+				Debug = $O365Object.VerboseOptions.Debug;
+				Verbose = $O365Object.VerboseOptions.Verbose;
+				MaxQueue = $O365Object.nestedRunspaces.MaxQueue;
+				BatchSleep = $O365Object.nestedRunspaces.BatchSleep;
+				BatchSize = $O365Object.nestedRunspaces.BatchSize;
+			}
+			$all_cognitive_services = $cognitive_services | Invoke-MonkeyJob @p
 		}
 	}
 	end {
@@ -147,3 +140,4 @@ function Get-MonkeyAzCognitiveService {
 
 
 
+