move to new class

Checks/check-ORCA140.ps1

@@ -31,37 +31,28 @@ class ORCA140 : ORCACheck
     #>
     GetResults($Config)
     {
-        $Check = "Content Filter Actions"
-
-        $this.Results = @()
 
         ForEach($Policy in $Config["HostedContentFilterPolicy"]) 
         {
+
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.Object=$Policy.Name
+            $ConfigObject.ConfigItem=$($Policy.Name)
+            $ConfigObject.ConfigData=$($Policy.HighConfidenceSpamAction)
 
             # Fail if HighConfidenceSpamAction is not set to Quarantine
 
-            If($Policy.HighConfidenceSpamAction -ne "Quarantine") 
+            If($Policy.HighConfidenceSpamAction -eq "Quarantine") 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Fail"
-                    Check=$Check
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$($Policy.HighConfidenceSpamAction)
-                    Rule="HighConfidenceSpamAction set to $($Policy.HighConfidenceSpamAction)"
-                    Control=$this.Control
-                } 
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
             } 
             else 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Pass"
-                    Check=$Check
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$($Policy.HighConfidenceSpamAction)
-                    Rule="HighConfidenceSpamAction set to $($Policy.HighConfidenceSpamAction)"
-                    Control=$this.Control
-                } 
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
             }
+
+            # Add config to check
+            $this.AddConfig($ConfigObject)
 
         }        
 

Checks/check-ORCA142.ps1

@@ -33,37 +33,28 @@ class ORCA142 : ORCACheck
 
     GetResults($Config)
     {
-        $Check = "Content Filter Actions"
-
-        $this.Results = @()
 
         ForEach($Policy in $Config["HostedContentFilterPolicy"]) 
         {
 
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.Object=$Policy.Name
+            $ConfigObject.ConfigItem=$($Policy.Name)
+            $ConfigObject.ConfigData=$($Policy.PhishSpamAction)
+
             # Fail if PhishSpamAction is not set to Quarantine
 
-            If($Policy.PhishSpamAction -ne "Quarantine") 
+            If($Policy.PhishSpamAction -eq "Quarantine") 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Fail"
-                    Check=$Check
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$($Policy.PhishSpamAction)
-                    Rule="PhishSpamAction set to $($Policy.PhishSpamAction)"
-                    Control=$this.Control
-                } 
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
             } 
             else 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Pass"
-                    Check=$Check
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$($Policy.PhishSpamAction)
-                    Rule="PhishSpamAction set to $($Policy.PhishSpamAction)"
-                    Control=$this.Control
-                } 
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
             }
+
+            # Add config to check
+            $this.AddConfig($ConfigObject)
 
         }        
 

Checks/check-ORCA143.ps1

@@ -29,28 +29,25 @@ class ORCA143 : ORCACheck
         ForEach($Policy in $Config["HostedContentFilterPolicy"]) 
         {
 
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.Object=$Policy.Name
+            $ConfigObject.ConfigItem=$($Policy.Name)
+            $ConfigObject.ConfigData=$($Policy.InlineSafetyTipsEnabled)
+
             # Fail if InlineSafetyTipsEnabled is not set to true
 
-            If($Policy.InlineSafetyTipsEnabled -eq $false) 
+            If($Policy.InlineSafetyTipsEnabled -eq $true) 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Fail"
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$($Policy.InlineSafetyTipsEnabled)
-                    Rule="InlineSafetyTipsEnabled is false - Safety Tips Disabled"
-                    Control=$this.Control
-                } 
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
             } 
             else 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Pass"
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$($Policy.InlineSafetyTipsEnabled)
-                    Rule="InlineSafetyTipsEnabled is true - Safety Tips Enabled"
-                    Control=$this.Control
-                } 
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
             }
+
+            # Add config to check
+            $this.AddConfig($ConfigObject)
+
         }        
 
     }

Checks/check-ORCA156.ps1

@@ -39,53 +39,44 @@ class ORCA156 : ORCACheck
     GetResults($Config)
     {
 
+        # Global ATP Policy
+        $ConfigObject = [ORCACheckConfig]::new()
+        $ConfigObject.Object=$($Config["AtpPolicy"].Name)
+        $ConfigObject.ConfigItem="TrackClicks"
+        $ConfigObject.ConfigData=$($Config["AtpPolicy"].TrackClicks)
+
         If($Config["AtpPolicy"].TrackClicks -eq $False -and $($Config["AtpPolicy"].EnableSafeLinksForClients -eq $True -or $Config["AtpPolicy"].EnableSafeLinksForWebAccessCompanion -eq $True -or $Config["AtpPolicy"].EnableSafeLinksForO365Clients -eq $True))
         {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Fail"
-                Object=$($Config["AtpPolicy"].Name)
-                ConfigItem="TrackClicks"
-                ConfigData=$($Config["AtpPolicy"].TrackClicks)
-                Rule="TrackClicks off and EnableSafeLinksForClients or EnableSafeLinksForWebAccessCompanion or EnableSafeLinksForO365Clients enabled"
-                Control=$this.Control
-            }
+            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
         }
         ElseIf ($Config["AtpPolicy"].TrackClicks -eq $True)
         {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Pass"
-                Object=$($Config["AtpPolicy"].Name)
-                ConfigItem="TrackClicks"
-                ConfigData=$($Config["AtpPolicy"].TrackClicks)
-                Rule="TrackClicks in Office 365 Apps, Office for iOS and Android in ATP Policy"
-                Control=$this.Control
-            }            
+            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")     
         }
 
+        $this.AddConfig($ConfigObject)
+
         ForEach($Policy in $Config["SafeLinksPolicy"]) 
         {
+
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.Object=$($Policy.Name)
+            $ConfigObject.ConfigItem="DoNotTrackUserClicks"
+            $ConfigObject.ConfigData=$($Policy.DoNotTrackUserClicks)
+
             # Determine if ATP link tracking is on for this safelinks policy
-            If($Policy.DoNotTrackUserClicks -eq $false) {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Pass"
-                    Object=$($Policy.Name)
-                    ConfigItem="DoNotTrackUserClicks"
-                    ConfigData=$($Policy.DoNotTrackUserClicks)
-                    Rule="SafeLinks URL Tracking Enabled"
-                    Control=$this.Control
-                }
+            If($Policy.DoNotTrackUserClicks -eq $false)
+            {
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
             } 
             else 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Fail"
-                    Object=$($Policy.Name)
-                    ConfigItem="DoNotTrackUserClicks"
-                    ConfigData=$($Policy.DoNotTrackUserClicks)
-                    Rule="SafeLinks URL Tracking Enabled"
-                    Control=$this.Control
-                }
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
             }
+
+            # Add config to check
+            $this.AddConfig($ConfigObject)
+
         }        
 
     }

Checks/check-ORCA158.ps1

@@ -22,8 +22,7 @@ class ORCA158 : ORCACheck
         $this.Name="Safe Attachments SharePoint and Teams"
         $this.PassText="Safe Attachments is enabled for SharePoint and Teams"
         $this.FailRecommendation="Enable Safe Attachments for SharePoint and Teams"
-        $this.Importance="Safe Attachments assists scanning for zero day malware by using behavioural analysis and sandboxing, supplimenting signature definitions."
-        $this.CheckType = [CheckType]::ObjectPropertyValue
+        $this.Importance="Safe Attachments can assist by scanning for zero day malware by using behavioural analysis and sandboxing techniques. These checks suppliment signature definitions."
     }
 
     <#
@@ -36,26 +35,15 @@ class ORCA158 : ORCACheck
     {
 
         # Determine if ATP is enabled or not
-        If($Config["AtpPolicy"].EnableATPForSPOTeamsODB -eq $true) 
+        If($Config["AtpPolicy"].EnableATPForSPOTeamsODB -eq $false) 
         {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Pass"
-                Object="Global Policy"
-                ConfigItem="EnableATPForSPOTeamsODB"
-                ConfigData=$Config["AtpPolicy"].EnableATPForSPOTeamsODB
-                Control=$this.Control
-            }
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.ConfigItem="EnableATPForSPOTeamsODB"
+            $ConfigObject.ConfigData=$Config["AtpPolicy"].EnableATPForSPOTeamsODB
+            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
+            $this.AddConfig($ConfigObject)
+
         } 
-        else 
-        {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Fail"
-                Object="Global Policy"
-                ConfigItem="EnableATPForSPOTeamsODB"
-                ConfigData=$Config["AtpPolicy"].EnableATPForSPOTeamsODB
-                Control=$this.Control
-            }
-        }      
 
     }
 

Checks/check-ORCA169.ps1

@@ -26,7 +26,6 @@ class ORCA169 : ORCACheck
         $this.PassText="Safe Links is enabled for Office ProPlus, Office for iOS and Android"
         $this.FailRecommendation="Enable Safe Links for Office ProPlus, Office for iOS and Android"
         $this.Importance="Phishing attacks are not limited to email messages. Malicious URLs can be delivered using Office documents as well. Configuring Office 365 ATP Safe Links for Office ProPlus,  Office for iOS and Android can help combat against these attacks via providing time-of-click verification of web addresses (URLs) in Office documents."
-        $this.CheckType = [CheckType]::ObjectPropertyValue
     }
 
     <#
@@ -38,28 +37,17 @@ class ORCA169 : ORCACheck
     GetResults($Config)
     {
 
-        If($Config["AtpPolicy"].EnableSafeLinksForClients -eq $true)
+        If($Config["AtpPolicy"].EnableSafeLinksForClients -eq $false)
         {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Pass"
-                Object="Global Policy"
-                ConfigItem="EnableSafeLinksForClients"
-                ConfigData=$Config["AtpPolicy"].EnableSafeLinksForClients
-                Rule="SafeLinks URL Tracking Enabled for Office Clients"
-                Control=$this.Control
-            }
-        } 
-        Else 
-        {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Fail"
-                Object="Global Policy"
-                ConfigItem="EnableSafeLinksForClients"
-                ConfigData=$Config["AtpPolicy"].EnableSafeLinksForClients
-                Rule="SafeLinks URL Tracking Enabled for Office Clients"
-                Control=$this.Control
-            }
-        }        
+
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.ConfigItem="EnableSafeLinksForClients"
+            $ConfigObject.ConfigData=$Config["AtpPolicy"].EnableSafeLinksForClients
+            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
+
+            $this.AddConfig($ConfigObject)
+
+        }     
 
     }
 

Checks/check-ORCA179.ps1

@@ -25,7 +25,10 @@ class ORCA179 : ORCACheck
         $this.Name="Intra-organization Safe Links"
         $this.PassText="Safe Links is enabled intra-organization"
         $this.FailRecommendation="Enable Safe Links between internal users"
+        $this.ExpandResults=$True
         $this.Importance="Phishing attacks are not limited from external users. Commonly, when one user is compromised, that user can be used in a process of lateral movement between different accounts in your organization. Configuring Safe Links so that internal messages are also re-written can assist with lateral movement using phishing."
+        $this.ItemName="SafeLinks Policy"
+        $this.DataType="Enabled for Internal"
     }
 
     <#
@@ -37,39 +40,40 @@ class ORCA179 : ORCACheck
     GetResults($Config)
     {
 
+        $Enabled = $False
+
         ForEach($Policy in $Config["SafeLinksPolicy"]) 
         {
+            # Check objects
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.ConfigItem=$($Policy.Name)
+            $ConfigObject.ConfigData=$Policy.EnableForInternalSenders
+
             # Determine if ATP link tracking is on for this safelinks policy
             If($Policy.EnableForInternalSenders -eq $true) 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Pass"
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$Policy.EnableForInternalSenders
-                    Rule="SafeLinks Enabled for Internal Senders"
-                    Control=$this.Control
-                }
+                $Enabled = $True
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Pass")
             } 
             Else 
             {
-                $this.Results += New-Object -TypeName psobject -Property @{
-                    Result="Fail"
-                    ConfigItem=$($Policy.Name)
-                    ConfigData=$Policy.EnableForInternalSenders
-                    Rule="SafeLinks Disabled for Internal Senders"
-                    Control=$this.Control
-                }
+                $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
             }
+
+            $this.AddConfig($ConfigObject)
         }
 
-        If($this.Results.Count -eq 0)
+        If($Enabled -eq $False)
         {
-            $this.Results += New-Object -TypeName psobject -Property @{
-                Result="Fail"
-                ConfigItem="All"
-                ConfigData="Enabled False"
-                Control=$this.Control
-            }
+
+            # No policy enabling
+            $ConfigObject = [ORCACheckConfig]::new()
+            $ConfigObject.ConfigItem="All"
+            $ConfigObject.ConfigData="Enabled False"
+            $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
+
+            $this.AddConfig($ConfigObject)
+
         }    
 
     }