@@ -34,10 +34,11 @@ function Test-CIPPAuditLogRules {
3434 LogType = $_.Type
3535 }
3636 }
37- Write-Warning ' Getting audit records from Graph API'
37+ # write-warning 'Getting audit records from Graph API'
3838 $SearchResults = Get-CippAuditLogSearchResults - TenantFilter $TenantFilter - QueryId $SearchId
3939 $LogCount = ($SearchResults | Measure-Object ).Count
40- Write-Warning " Logs to process: $LogCount "
40+ $RunGuid = New-Guid
41+ Write-Warning " Logs to process: $LogCount - RunGuid: $ ( $RunGuid ) - $ ( $TenantFilter ) "
4142 $Results.TotalLogs = $LogCount
4243 if ($LogCount -gt 0 ) {
4344 $LocationTable = Get-CIPPTable - TableName ' knownlocationdb'
@@ -49,7 +50,7 @@ function Test-CIPPAuditLogRules {
4950 $Data.CIPPExtendedProperties = ($Data.ExtendedProperties | ConvertTo-Json )
5051 $Data.ExtendedProperties | ForEach-Object {
5152 if ($_.Value -in $ExtendedPropertiesIgnoreList ) {
52- Write-Warning " No need to process this operation as its in our ignore list. Some extended information: $ ( $data.operation ) :$ ( $_.Value ) - $ ( $TenantFilter ) "
53+ # write-warning "No need to process this operation as its in our ignore list. Some extended information: $($data.operation):$($_.Value) - $($TenantFilter)"
5354 continue
5455 }
5556 $Data | Add-Member - NotePropertyName $_.Name - NotePropertyValue $_.Value - Force - ErrorAction SilentlyContinue
@@ -68,12 +69,12 @@ function Test-CIPPAuditLogRules {
6869 try {
6970 $Data.ModifiedProperties | ForEach-Object { $Data | Add-Member - NotePropertyName " $ ( $_.Name ) " - NotePropertyValue " $ ( $_.NewValue ) " - Force - ErrorAction SilentlyContinue }
7071 } catch {
71- # write-warning ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
72+ # # write-warning ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
7273 }
7374 try {
7475 $Data.ModifiedProperties | ForEach-Object { $Data | Add-Member - NotePropertyName $ (" Previous_Value_$ ( $_.Name ) " - NotePropertyValue " $ ( $_.OldValue ) " - Force - ErrorAction SilentlyContinue }
7576 } catch {
76- # write-warning ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
77+ # # write-warning ($Data.ModifiedProperties | ConvertTo-Json -Depth 10)
7778 }
7879 }
7980
@@ -84,7 +85,7 @@ function Test-CIPPAuditLogRules {
8485 # Check if IP is on trusted IP list
8586 $TrustedIP = Get-CIPPAzDataTableEntity @TrustedIPTable - Filter " PartitionKey eq '$TenantFilter ' and RowKey eq '$ ( $Data.clientip ) ' and state eq 'Trusted'"
8687 if ($TrustedIP ) {
87- Write-Warning " IP $ ( $Data.clientip ) is trusted"
88+ # write-warning "IP $($Data.clientip) is trusted"
8889 $Trusted = $true
8990 }
9091 if (! $Trusted ) {
@@ -99,7 +100,7 @@ function Test-CIPPAuditLogRules {
99100 try {
100101 $Location = Get-CIPPGeoIPLocation - IP $Data.clientip
101102 } catch {
102- Write-Warning " Unable to get IP location for $ ( $Data.clientip ) : $ ( $_.Exception.Message ) "
103+ # write-warning "Unable to get IP location for $($Data.clientip): $($_.Exception.Message)"
103104 }
104105 $Country = if ($Location.CountryCode ) { $Location.CountryCode } else { ' Unknown'
105106 $City = if ($Location.City ) { $Location.City } else { ' Unknown'
@@ -120,7 +121,7 @@ function Test-CIPPAuditLogRules {
120121 try {
121122 $null = Add-CIPPAzDataTableEntity @LocationTable - Entity $LocationInfo - Force
122123 } catch {
123- Write-Warning " Failed to add location info for $ ( $Data.clientip ) to cache: $ ( $_.Exception.Message ) "
124+ # write-warning "Failed to add location info for $($Data.clientip) to cache: $($_.Exception.Message)"
124125
125126 }
126127 }
@@ -134,12 +135,12 @@ function Test-CIPPAuditLogRules {
134135 }
135136 $Data | Select-Object * - ExcludeProperty ExtendedProperties, DeviceProperties, parameters
136137 } catch {
137- Write-Warning " Audit log: Error processing data: $ ( $_.Exception.Message ) `r`n $ ( $_.InvocationInfo.PositionMessage ) "
138+ # write-warning "Audit log: Error processing data: $($_.Exception.Message)`r`n$($_.InvocationInfo.PositionMessage)"
138139 Write-LogMessage - API ' Webhooks' - message ' Error Processing Audit Log Data' - LogData (Get-CippException - Exception $_ ) - sev Error - tenant $TenantFilter
139140 }
140141 }
141- Write-Warning " Processed Data: $ ( ($ProcessedData | Measure-Object ).Count) - This should be higher than 0 in many cases, because the where object has not run yet."
142- Write-Warning " Creating filters - $ ( ($ProcessedData.operation | Sort-Object - Unique) -join ' ,' ) - $ ( $TenantFilter ) "
142+ # write-warning "Processed Data: $(($ProcessedData | Measure-Object).Count) - This should be higher than 0 in many cases, because the where object has not run yet."
143+ # write-warning "Creating filters - $(($ProcessedData.operation | Sort-Object -Unique) -join ',') - $($TenantFilter)"
143144
144145 $Where = $Configuration | ForEach-Object {
145146 $conditions = $_.Conditions | ConvertFrom-Json | Where-Object { $_.Input.value -ne ' '
@@ -169,10 +170,10 @@ function Test-CIPPAuditLogRules {
169170
170171 $MatchedRules = [System.Collections.Generic.List [string ]]::new()
171172 $DataToProcess = foreach ($clause in $Where ) {
172- Write-Warning " Webhook: Processing clause: $ ( $clause.clause ) "
173+ # write-warning "Webhook: Processing clause: $($clause.clause)"
173174 $ReturnedData = $ProcessedData | Where-Object { Invoke-Expression $clause.clause }
174175 if ($ReturnedData ) {
175- Write-Warning " Webhook: There is matching data: $ ( ($ReturnedData.operation | Select-Object - Unique) -join ' , ' ) "
176+ # write-warning "Webhook: There is matching data: $(($ReturnedData.operation | Select-Object -Unique) -join ', ')"
176177 $ReturnedData = foreach ($item in $ReturnedData ) {
177178 $item.CIPPAction = $clause.expectedAction
178179 $item.CIPPClause = $clause.CIPPClause -join ' and '
@@ -186,5 +187,6 @@ function Test-CIPPAuditLogRules {
186187 $Results.MatchedLogs = ($DataToProcess | Measure-Object ).Count
187188 $Results.DataToProcess = $DataToProcess
188189 }
190+ Write-Warning " Finished - RunGuid: $ ( $RunGuid ) - $ ( $TenantFilter ) "
189191 $Results
190192}
0 commit comments