ADD Powershell Scripts

2024-08-12 11:54:06 +02:00 · 2024-08-12 11:54:06 +02:00 · b341ae404d
parent 78a18946da
commit b341ae404d
6 changed files with 471 additions and 3 deletions
--- a/main.md
+++ b/main.md
@ -5,6 +5,4 @@
 Fragen ?
-Wie die Daten der Controller bereitgestllt werden -> Einheitliche Definitionen
+Wie die Daten der Controller bereitgestllt werden -> Einheitliche Definitionen
 12
--- a/controller/Exchange-User-Export.ps1
+++ b/controller/Exchange-User-Export.ps1
@ -0,0 +1,84 @@
 # Definieren Sie den Pfad zur Ergebnisdatei
 $timestamp = (Get-Date).ToString("yyyyMMdd_HHmmss")
 $outputFile = "C:\Scripte\MailboxLastLogins_$timestamp.csv"
 # Definieren Sie den API-Endpoint
 $apiUrl = "http://api.stines.de:8001/report"
 # Your API key
 $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
 $headers.Add("Content-Type", "application/json")
 $headers.Add("access_token", "^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8")
 $ipaddress = Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.InterfaceAlias -like "*Ethernet*" } | Select-Object -ExpandProperty IPAddress
 # Fügen Sie das Exchange-Management-Snap-In hinzu
 if (-not (Get-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010 -ErrorAction SilentlyContinue)) {
    Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
 }
 # Ermitteln Sie alle Benutzerpostfächer
 $mailboxes = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited
 # Initialisieren Sie eine leere Liste für die Ergebnisse
 $results = @()
 # Zeitstempel für eine Stunde zuvor
 $oneHourAgo = (Get-Date).AddHours(-1)
 # Durchlaufen Sie alle Postfächer und sammeln Sie die letzten Login-Informationen
 foreach ($mailbox in $mailboxes) {
    # Überprüfen, ob das Konto deaktiviert ist
    $exchangeUserAccountControl = $mailbox.ExchangeUserAccountControl
    if ($exchangeUserAccountControl -eq "AccountDisabled") {
        continue
    }
    # Filter für Admin- und Journalpostfächer
    if ($mailbox.UserPrincipalName -eq "$" -or
        $mailbox.UserPrincipalName -match "Journal" -or
        $mailbox.UserPrincipalName -match "admin") {
        continue
    }
    $mailboxStats = Get-MailboxStatistics -Identity $mailbox.UserPrincipalName
    $lastLoginTime = $mailboxStats.LastLogonTime
    # Prüfen, ob der letzte Login in der letzten Stunde war
    if ($lastLoginTime -ge $oneHourAgo) {
        $username = $mailbox.UserPrincipalName.Split('@')[0]
        $result = [PSCustomObject]@{
            Mailbox     = $username
            LastLogon   = $lastLoginTime
        }
        $results += $result
        # Daten für die API-Anfrage vorbereiten
        $data = @{
            username = $result.Mailbox
            lastaccess = $result.LastLogon.ToString("yyyy-MM-dd HH:mm:ss")
            ipaddress = $ipaddress
        }
        # POST-Anfrage an den API-Server senden
        $jsonData = ($data | ConvertTo-Json -Depth 3 | Out-String).Trim()
        $utf8Json = [System.Text.Encoding]::UTF8.GetBytes($jsonData)
        $response = Invoke-RestMethod -Uri $apiUrl -Method Post -Body $utf8Json -ContentType "application/json; charset=utf-8" -Headers $headers
        if ($response -eq "True") {
            Write-Output "Successfully sent data for $($result.Mailbox)"
        } else {
            Write-Output "Failed to send data for $($result.Mailbox): $response"
        }
    }
 }
 # Ergebnisse in CSV exportieren
 $results | Export-Csv -Path $outputFile -NoTypeInformation
 # Ergebnisse anzeigen
 $results | Format-Table -AutoSize
--- a/controller/Office_365-Export.py
+++ b/controller/Office_365-Export.py
@ -0,0 +1,117 @@
 import msal
 import requests
 import pandas as pd
 from datetime import datetime
 # Konfigurationsvariablen
 client_id = '90571c9b-d407-4d2a-aadd-4a523ff85296'
 client_secret = 'ryp8Q~qr6LBOUL2G333a.mf-vg5V..ONl7qJTdza'
 tenant_id = '9e449aaa-285c-4572-a132-58db027026d0'
 api_server_endpoint = "http://api.stines.de:8001/office/post"
 # headers = 'access_token':'^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8'
 # Die URL für das Token
 authority = f'https://login.microsoftonline.com/{tenant_id}'
 # Der Scope für die Microsoft Graph API
 scope = ['https://graph.microsoft.com/.default']
 # MSAL-Instanz erstellen
 app = msal.ConfidentialClientApplication(
    client_id,
    authority=authority,
    client_credential=client_secret,
 )
 # Token erhalten
 result = None
 result = app.acquire_token_silent(scope, account=None)
 if not result:
    print("Kein Caching vorhanden, holen Sie ein neues Token.")
    result = app.acquire_token_for_client(scopes=scope)
    print(result)
 if "access_token" in result:
    # Token erfolgreich erhalten
    access_token = result['access_token']
    print(access_token)
    # API-Endpunkt für aktive Office-Pakete
    endpoint = "https://graph.microsoft.com/v1.0/users?$select=userPrincipalName,assignedLicenses,signInActivity"
    headers = {
        'Authorization': f'Bearer {access_token}',
        'Content-Type': 'application/json'
    }
    response = requests.get(endpoint, headers=headers)
    if response.status_code == 200:
        # Die Antwort als JSON behandeln
        data = response.json()
        # Extrahieren der Benutzerdaten aus dem JSON
        users = data.get('value', [])
        # Die `skuId` und `lastNonInteractiveSignInDateTime` extrahieren und hinzufügen
        user_list = []
        for user in users:
            if 'assignedLicenses' in user:
                for license in user['assignedLicenses']:
                    if 'skuId' in license:
                        user_copy = user.copy()
                        user_copy['skuId'] = license['skuId']
                        if user_copy.get('signInActivity'):
                            sign_in_time = user_copy['signInActivity'].get('lastNonInteractiveSignInDateTime')
                            if sign_in_time:
                                user_copy['lastNonInteractiveSignInDateTime'] = datetime.strptime(sign_in_time,'%Y-%m-%dT%H:%M:%SZ').strftime('%Y-%m-%d %H:%M:%S')
                            else:
                                user_copy['lastNonInteractiveSignInDateTime'] = None
                        else:
                            user_copy['lastNonInteractiveSignInDateTime'] = None
                        user_list.append(user_copy)
        # Filtern der Benutzer, die eine `skuId` haben
        users_with_skuId = [user for user in user_list if user['skuId']]
        # Konvertieren der Benutzerdaten in ein DataFrame
        df = pd.DataFrame(users_with_skuId)
        # Pandas Anzeigeoptionen anpassen
        pd.set_option('display.max_columns', None)
        pd.set_option('display.max_rows', None)
        pd.set_option('display.max_colwidth', None)
        pd.set_option('display.width', 1000)
        # Alles nach dem @ im "User Principal Name" entfernen
        if 'userPrincipalName' in df.columns:
            df['userPrincipalName'] = df['userPrincipalName'].str.split('@').str[0]
        # Nur die gewünschten Spalten auswählen und an die API-Server übergeben
        selected_columns = df[["userPrincipalName", "skuId", "lastNonInteractiveSignInDateTime"]]
        reporting_date = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        for index, row in selected_columns.iterrows():
            payload = {
                "itemkey": row["skuId"],
                "username": row["userPrincipalName"],
                "reportingdate": reporting_date,
                "lastaccess": row["lastNonInteractiveSignInDateTime"]
            }
            api_response = requests.post(api_server_endpoint, json=payload, headers= {'access_token':'^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8'})
            if api_response.status_code == 200:
                print(f"Erfolgreich gesendet: {payload}")
            else:
                print(f"Fehler beim Senden von {payload}: {api_response.status_code} - {api_response.text}")
    else:
        print(f"Fehler beim Abrufen der Daten: {response.status_code}")
        print(f"Antwort: {response.text}")
 else:
    print("Fehler beim Abrufen des Tokens")
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))
--- a/controller/RDS-User-Export.ps1
+++ b/controller/RDS-User-Export.ps1
@ -0,0 +1,88 @@
 # Define the time range for the last 1 day
 $startTime = (Get-Date).AddHours(-1)
 $endTime = Get-Date
 # Define the filter hashtable with the time range
 $filterHashTable = @{
    LogName = 'Security'
    Id = 4624
    StartTime = $startTime
    EndTime = $endTime
 }
 # Get all events with ID 4624 from the Security log within the defined time range
 $events = Get-WinEvent -FilterHashtable $filterHashTable
 # Create a hash table to store the last login event for each user
 $userLogins = @{}
 # Loop through each event
 foreach ($event in $events) {
    $eventDetails = [xml]$event.ToXml()
    # Extract relevant information
    $timeCreated = $event.TimeCreated
    $username = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'TargetUserName' } | Select-Object -ExpandProperty '#text'
    $ipaddress = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias Ethernet | Select-Object -ExpandProperty IPAddress
    $logonType = $eventDetails.Event.EventData.Data | Where-Object { $_.Name -eq 'LogonType' } | Select-Object -ExpandProperty '#text'
    # Exclude events not related to remote logins and HealthMailbox
    if ($logonType -ne "10" -or $username -like "DWM*" -or $username -like "*UMFD*") {
        continue
    }
    $formattedTimeCreated = $timeCreated.ToString("yyyy-MM-dd HH:mm:ss")
    # Store the event if it's the latest one for the user
    if (-not $userLogins.ContainsKey($username) -or $userLogins[$username].TimeCreated -lt $timeCreated) {
        $userLogins[$username] = [PSCustomObject]@{
            lastaccess = $formattedTimeCreated
            username = $username
            ipaddress = $ipaddress
            LogonType = $logonType
        }
    }
 }
 # Define the JSON file path with current date and hour
 $dateString = (Get-Date).ToString("yyyyMMdd_HH-mm")
 $jsonPath = "C:\Scripte\LastLogins_$dateString.json"
 # Output the last login event for each user to the JSON file
 $userLoginsArray = $userLogins.GetEnumerator() | ForEach-Object {
    $_.Value
 }
 $userLoginsArray | ConvertTo-Json | Set-Content -Path $jsonPath -Encoding UTF8
 Write-Output "JSON file created at $jsonPath"
 # API endpoint URL
 $apiUrl = "http://api.stines.de:8001/report"
 # Your API key
 $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
 $headers.Add("Content-Type", "application/json")
 $headers.Add("access_token", "^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8")
 # Loop through the collected user logins and send each as a JSON payload to the API
 foreach ($userLogin in $userLoginsArray) {
    $userLoginObject = $userLogin | Select-Object username, lastaccess, ipaddress
    # Convert the user login object to JSON
    $jsonPayload = $userLoginObject | ConvertTo-Json -Depth 3
    # Encode JSON payload in UTF-8
    $utf8JsonPayload = [System.Text.Encoding]::UTF8.GetBytes($jsonPayload)
    # Send the JSON payload to the API
    try {
        $response = Invoke-RestMethod -Uri $apiUrl -Method Post -Body $utf8JsonPayload -ContentType 'application/json' -Headers $headers
        Write-Output "Sent login data for user $($userLoginObject.Username) to the API. Response: $response"
    } catch {
        Write-Error "Failed to send login data for user $($userLoginObject.Username). Error: $_"
    }
 }
 Write-Output "Finished sending login data to the API"
--- a/controller/office_365.py
+++ b/controller/office_365.py
@ -0,0 +1,117 @@
 import msal
 import requests
 import pandas as pd
 from datetime import datetime
 # Konfigurationsvariablen
 client_id = '90571c9b-d407-4d2a-aadd-4a523ff85296'
 client_secret = 'ryp8Q~qr6LBOUL2G333a.mf-vg5V..ONl7qJTdza'
 tenant_id = '9e449aaa-285c-4572-a132-58db027026d0'
 api_server_endpoint = "http://api.stines.de:8001/office/post"
 # headers = 'access_token':'^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8'
 # Die URL für das Token
 authority = f'https://login.microsoftonline.com/{tenant_id}'
 # Der Scope für die Microsoft Graph API
 scope = ['https://graph.microsoft.com/.default']
 # MSAL-Instanz erstellen
 app = msal.ConfidentialClientApplication(
    client_id,
    authority=authority,
    client_credential=client_secret,
 )
 # Token erhalten
 result = None
 result = app.acquire_token_silent(scope, account=None)
 if not result:
    print("Kein Caching vorhanden, holen Sie ein neues Token.")
    result = app.acquire_token_for_client(scopes=scope)
    print(result)
 if "access_token" in result:
    # Token erfolgreich erhalten
    access_token = result['access_token']
    print(access_token)
    # API-Endpunkt für aktive Office-Pakete
    endpoint = "https://graph.microsoft.com/v1.0/users?$select=userPrincipalName,assignedLicenses,signInActivity"
    headers = {
        'Authorization': f'Bearer {access_token}',
        'Content-Type': 'application/json'
    }
    response = requests.get(endpoint, headers=headers)
    if response.status_code == 200:
        # Die Antwort als JSON behandeln
        data = response.json()
        # Extrahieren der Benutzerdaten aus dem JSON
        users = data.get('value', [])
        # Die `skuId` und `lastNonInteractiveSignInDateTime` extrahieren und hinzufügen
        user_list = []
        for user in users:
            if 'assignedLicenses' in user:
                for license in user['assignedLicenses']:
                    if 'skuId' in license:
                        user_copy = user.copy()
                        user_copy['skuId'] = license['skuId']
                        if user_copy.get('signInActivity'):
                            sign_in_time = user_copy['signInActivity'].get('lastNonInteractiveSignInDateTime')
                            if sign_in_time:
                                user_copy['lastNonInteractiveSignInDateTime'] = datetime.strptime(sign_in_time,'%Y-%m-%dT%H:%M:%SZ').strftime('%Y-%m-%d %H:%M:%S')
                            else:
                                user_copy['lastNonInteractiveSignInDateTime'] = None
                        else:
                            user_copy['lastNonInteractiveSignInDateTime'] = None
                        user_list.append(user_copy)
        # Filtern der Benutzer, die eine `skuId` haben
        users_with_skuId = [user for user in user_list if user['skuId']]
        # Konvertieren der Benutzerdaten in ein DataFrame
        df = pd.DataFrame(users_with_skuId)
        # Pandas Anzeigeoptionen anpassen
        pd.set_option('display.max_columns', None)
        pd.set_option('display.max_rows', None)
        pd.set_option('display.max_colwidth', None)
        pd.set_option('display.width', 1000)
        # Alles nach dem @ im "User Principal Name" entfernen
        if 'userPrincipalName' in df.columns:
            df['userPrincipalName'] = df['userPrincipalName'].str.split('@').str[0]
        # Nur die gewünschten Spalten auswählen und an die API-Server übergeben
        selected_columns = df[["userPrincipalName", "skuId", "lastNonInteractiveSignInDateTime"]]
        reporting_date = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        for index, row in selected_columns.iterrows():
            payload = {
                "itemkey": row["skuId"],
                "username": row["userPrincipalName"],
                "reportingdate": reporting_date,
                "lastaccess": row["lastNonInteractiveSignInDateTime"]
            }
            api_response = requests.post(api_server_endpoint, json=payload, headers= {'access_token':'^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8'})
            if api_response.status_code == 200:
                print(f"Erfolgreich gesendet: {payload}")
            else:
                print(f"Fehler beim Senden von {payload}: {api_response.status_code} - {api_response.text}")
    else:
        print(f"Fehler beim Abrufen der Daten: {response.status_code}")
        print(f"Antwort: {response.text}")
 else:
    print("Fehler beim Abrufen des Tokens")
    print(result.get("error"))
    print(result.get("error_description"))
    print(result.get("correlation_id"))
--- a/controller/sogo.py
+++ b/controller/sogo.py
@ -0,0 +1,64 @@
 import datetime
 import requests
 import re
 import socket
 def get_local_ip():
    try:
        # Ein temporärer Socket erstellen, um die lokale IP-Adresse zu ermitteln
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        # Verbindung zu einem öffentlichen DNS-Server herstellen
        s.connect(("8.8.8.8", 80))
        # Die lokale IP-Adresse aus dem Socket abrufen
        local_ip = s.getsockname()[0]
        s.close()
        return local_ip
    except Exception as e:
        print(f"Fehler beim Ermitteln der lokalen IP-Adresse: {e}")
        return None
 # URL des API-Servers
 sogo_server = "http://172.19.1.4/api/v1/get/logs/sogo/1000"
 sogo_headers = {"x-api-key":"6A039F-CED4C3-D69E9E-A6C713-7EBB6A"}
 api_server = "http://api.stines.de:8001/report"
 api_headers = {"access_token":"^YWUbG7yX*V!tV^KBSd*2c&vdN3wV9a2i7f3hfGFMBYFxi6#mMiJGiaA5KEHE%B*miK%qb7rQ67gmcYP@gqmux8"}
 def extract_email_username(log_entry):
    # Regex für das Finden der E-Mail-Adresse in der Log-Zeile
    match = re.search(r"for user '([^']+)'", log_entry)
    if match:
        email = match.group(1)
        # Entfernen des '@' Zeichens aus der E-Mail-Adresse
        username = email.split('@')[0]
        return username
    else:
        return None
 # Funktion zum Abrufen von Daten vom API-Server
 def fetch_data_from_api(url):
    response = requests.get(url,headers=sogo_headers)
    if response.status_code == 200:
        return response.json()
    else:
        print(f"Fehler beim Abrufen der Daten: {response.status_code}")
        return None
 # Abrufen der Daten
 data = fetch_data_from_api(sogo_server)
 if data:
    for entry in data:
        log_line = entry.get('message')
        if log_line and "successful login" in log_line:
            username = extract_email_username(log_line)
            if username:
                payload ={
                    "ipaddress": "172.19.1.4",
                    "username": username,
                    "lastaccess": datetime.datetime.fromtimestamp(int(entry.get('time'))).strftime('%Y-%m-%d %H:%M:%S')
                }
                api_response = requests.post(api_server, json=payload, headers=api_headers)
                print(api_response.status_code)
                print(f"Extrahierter Benutzername: {payload}")
 else:
    print("Keine Daten gefunden.")
`@ -5,6 +5,4 @@`

	`Fragen ?`	`Fragen ?`

	`Wie die Daten der Controller bereitgestllt werden -> Einheitliche Definitionen`	`Wie die Daten der Controller bereitgestllt werden -> Einheitliche Definitionen`

	`12`