@@ -13,6 +13,8 @@ import data.utils.securitysuite.PartnerDomainConfig
1313import data .utils.securitysuite.PartnerDomainImpersonationCompliant
1414import data .utils.securitysuite.UserImpersonationCompliant
1515import data .utils.securitysuite.UserWarningsCompliant
16+ import data .utils.securitysuite.PresetRecipientsCovered
17+ import data .utils.securitysuite.RuleFieldEmpty
1618import data .utils.securitysuite.PresetPolicyCoversAllRecipients
1719import data .utils.securitysuite.CustomRuleCoversAllRecipients
1820import data .utils.report.ReportDetailsArray
@@ -696,40 +698,136 @@ tests contains {
696698#
697699# MS.SECURITYSUITE.7.1v1
698700# --
701+
702+ # Highest priority corresponds to the lowest priority number
703+ HighestPriorityEnabledRuleCoversAllRecipients := Rule if {
704+ some Rule in input .safe_links_rules
705+ Rule.State == " Enabled"
706+ RuleFieldEmpty (Rule.SentTo)
707+ RuleFieldEmpty (Rule.SentToMemberOf)
708+ RuleFieldEmpty (Rule.RecipientDomainIs)
709+ not LowerPriorityEnabledRuleExists (Rule)
710+ }
711+
712+ LowerPriorityEnabledRuleExists (Rule) if {
713+ some OtherRule in input .safe_links_rules
714+ OtherRule.State == " Enabled"
715+ RuleFieldEmpty (OtherRule.SentTo)
716+ RuleFieldEmpty (OtherRule.SentToMemberOf)
717+ RuleFieldEmpty (OtherRule.RecipientDomainIs)
718+ OtherRule.Priority < Rule.Priority
719+ }
720+
721+ default AppliedPolicy := " Built-In Protection Policy"
722+ AppliedPolicy := HighestPriorityEnabledRuleCoversAllRecipients.SafeLinksPolicy
723+
724+ default CustomPolicySafeLinksEnabled := false
725+ CustomPolicySafeLinksEnabled if {
726+ some Policy in input .safe_links_policies
727+ Policy.Identity == AppliedPolicy
728+ Policy.EnableSafeLinksForEmail == true
729+ Policy.EnableSafeLinksForTeams == true
730+ Policy.EnableSafeLinksForOffice == true
731+ Policy.EnableForInternalSenders == true
732+ }
733+
734+ default ReportDetails7_1 := " URL comparison with a block-list is NOT enabled for URLs in emails, Teams messages, and Office documents."
735+ ReportDetails7_1 := " URL comparison with a block-list is enabled via the standard or strict preset security policies." if {
736+ PresetRecipientsCovered
737+ }
738+
739+ ReportDetails7_1 := concat (" " , [" URL comparison with a block-list is enabled via policy " , AppliedPolicy, " ." ]) if {
740+ not PresetRecipientsCovered
741+ CustomPolicySafeLinksEnabled
742+ }
743+
744+ default SafeLinksCompliant := false
745+ SafeLinksCompliant if {
746+ ReportDetails7_1 != " URL comparison with a block-list is NOT enabled for URLs in emails, Teams messages, and Office documents."
747+ }
748+
699749tests contains {
700750 " PolicyId" : " MS.SECURITYSUITE.7.1v1" ,
701- " Criticality" : " Should/Not-Implemented " ,
702- " Commandlet" : [],
703- " ActualValue" : [] ,
704- " ReportDetails" : NotCheckedDetails ( " MS.SECURITYSUITE.7.1v1 " ) ,
705- " RequirementMet" : false
751+ " Criticality" : " Should" ,
752+ " Commandlet" : [" Get-SafeLinksPolicy " , " Get-SafeLinksRule " , " Get-EOPProtectionPolicyRule " ],
753+ " ActualValue" : { " SafeLinks_Rules " : input .safe_links_rules, " SafeLinks_Policies " : input .safe_links_policies} ,
754+ " ReportDetails" : ReportDetails7_1 ,
755+ " RequirementMet" : SafeLinksCompliant
706756}
707- # --
757+ # --
708758
709759#
710760# MS.SECURITYSUITE.7.2v1
711761# --
762+
763+ default CustomPolicyScanURLsEnabled := false
764+ CustomPolicyScanURLsEnabled := true if {
765+ some Policy in input .safe_links_policies
766+ Policy.Identity == AppliedPolicy
767+ Policy.ScanUrls == true
768+ Policy.DeliverMessageAfterScan == true
769+ }
770+
771+ default ReportDetails7_2 := " Direct download links are NOT scanned for malware."
772+ ReportDetails7_2 := " Direct download links are scanned for malware via the standard or strict preset security policies." if {
773+ PresetRecipientsCovered
774+ }
775+
776+ ReportDetails7_2 := concat (" " , [" Direct download links are scanned for malware via policy " , AppliedPolicy, " ." ]) if {
777+ not PresetRecipientsCovered
778+ CustomPolicyScanURLsEnabled
779+ }
780+
781+ default ScanURLsCompliant := false
782+ ScanURLsCompliant if {
783+ ReportDetails7_2 != " Direct download links are NOT scanned for malware."
784+ }
785+
712786tests contains {
713787 " PolicyId" : " MS.SECURITYSUITE.7.2v1" ,
714- " Criticality" : " Should/Not-Implemented " ,
715- " Commandlet" : [],
716- " ActualValue" : [] ,
717- " ReportDetails" : NotCheckedDetails ( " MS.SECURITYSUITE.7.2v1 " ) ,
718- " RequirementMet" : false
788+ " Criticality" : " Should" ,
789+ " Commandlet" : [" Get-SafeLinksPolicy " , " Get-SafeLinksRule " , " Get-EOPProtectionPolicyRule " ],
790+ " ActualValue" : { " SafeLinks_Rules " : input .safe_links_rules, " SafeLinks_Policies " : input .safe_links_policies} ,
791+ " ReportDetails" : ReportDetails7_2 ,
792+ " RequirementMet" : ScanURLsCompliant
719793}
720794# --
721795
722796#
723797# MS.SECURITYSUITE.7.3v1
724798# --
799+
800+ default CustomPolicyTrackClicksEnabled := false
801+ CustomPolicyTrackClicksEnabled := true if {
802+ some Policy in input .safe_links_policies
803+ Policy.Identity == AppliedPolicy
804+ Policy.TrackClicks == true
805+ }
806+
807+ default ReportDetails7_3 := " User click tracking is NOT enabled."
808+ ReportDetails7_3 := " User click tracking is enabled via the standard or strict preset security policies." if {
809+ PresetRecipientsCovered
810+ }
811+
812+ ReportDetails7_3 := concat (" " , [" User click tracking is enabled via policy " , AppliedPolicy, " ." ]) if {
813+ not PresetRecipientsCovered
814+ CustomPolicyTrackClicksEnabled
815+ }
816+
817+ default TrackClicksCompliant := false
818+ TrackClicksCompliant if {
819+ ReportDetails7_3 != " User click tracking is NOT enabled."
820+ }
821+
725822tests contains {
726823 " PolicyId" : " MS.SECURITYSUITE.7.3v1" ,
727- " Criticality" : " Should/Not-Implemented " ,
728- " Commandlet" : [],
729- " ActualValue" : [] ,
730- " ReportDetails" : NotCheckedDetails ( " MS.SECURITYSUITE.7.3v1 " ) ,
731- " RequirementMet" : false
824+ " Criticality" : " Should" ,
825+ " Commandlet" : [" Get-SafeLinksPolicy " , " Get-SafeLinksRule " , " Get-EOPProtectionPolicyRule " ],
826+ " ActualValue" : { " SafeLinks_Rules " : input .safe_links_rules, " SafeLinks_Policies " : input .safe_links_policies} ,
827+ " ReportDetails" : ReportDetails7_3 ,
828+ " RequirementMet" : TrackClicksCompliant
732829}
830+
733831# --
734832
735833
0 commit comments